From 8076a31ac1778d02fc0200076764b23281cd4dc0 Mon Sep 17 00:00:00 2001 From: Britta Weber Date: Mon, 27 Jan 2014 14:51:43 +0100 Subject: [PATCH] Throw exception if an additional field was placed inside the "query" body Currently the parser accepts queries like ``` "query" : { "any_query": { ... }, "any_field_name":... } ``` The "any_field_name" is silently ignored. However, this also causes the parser not to move to the next closing bracket which in turn can lead to additional query paremters being ignored such as "fields", "highlight",... This was the case in issue #4895 closes issue #4895 --- rest-api-spec/test/search/issue4895.yaml | 36 +++++++++++++++++++ .../elasticsearch/search/SearchService.java | 12 +++++-- 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 rest-api-spec/test/search/issue4895.yaml diff --git a/rest-api-spec/test/search/issue4895.yaml b/rest-api-spec/test/search/issue4895.yaml new file mode 100644 index 00000000000..df7322f12c8 --- /dev/null +++ b/rest-api-spec/test/search/issue4895.yaml @@ -0,0 +1,36 @@ +--- +setup: + - do: + indices.create: + index: test + + - do: + index: + index: test + type: test + id: 1 + body: + user : foo + amount : 35 + data : some + + - do: + indices.refresh: + index: [test] + +--- +"Test with _local preference placed in query body - should fail": + + - do: + catch: request + search: + index: test + type: test + body: + query: + term: + data: some + preference: _local + fields: [user,amount] + + diff --git a/src/main/java/org/elasticsearch/search/SearchService.java b/src/main/java/org/elasticsearch/search/SearchService.java index 7616a228957..6b3ecc3f2de 100644 --- a/src/main/java/org/elasticsearch/search/SearchService.java +++ b/src/main/java/org/elasticsearch/search/SearchService.java @@ -617,6 +617,10 @@ public class SearchService extends AbstractLifecycleComponent { try { parser = XContentFactory.xContent(source).createParser(source); XContentParser.Token token; + token = parser.nextToken(); + if (token != XContentParser.Token.START_OBJECT) { + throw new ElasticsearchParseException("Expected START_OBJECT but got " + token.name() + " " + parser.currentName()); + } while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) { if (token == XContentParser.Token.FIELD_NAME) { String fieldName = parser.currentName(); @@ -626,8 +630,12 @@ public class SearchService extends AbstractLifecycleComponent { throw new SearchParseException(context, "No parser for element [" + fieldName + "]"); } element.parse(parser, context); - } else if (token == null) { - break; + } else { + if (token == null) { + throw new ElasticsearchParseException("End of query source reached but query is not complete."); + } else { + throw new ElasticsearchParseException("Expected field name but got " + token.name() + " \"" + parser.currentName() + "\""); + } } } } catch (Throwable e) {