From 8980357a290f1bd3eed952028051c6978f653e1a Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Wed, 4 Oct 2017 18:45:40 +1100 Subject: [PATCH] [Security] Handle no-content gracefully (elastic/x-pack-elasticsearch#2610) A number of REST requests require a body but did not explicitly validate for it. This would typically cause a NPE if they were called with no body. Original commit: elastic/x-pack-elasticsearch@863ac89429f0a4dec3a1e56f18566d315fc1b91f --- .../xpack/security/rest/action/role/RestPutRoleAction.java | 2 +- .../rest/action/rolemapping/RestPutRoleMappingAction.java | 2 +- .../security/rest/action/user/RestChangePasswordAction.java | 2 +- .../security/rest/action/user/RestHasPrivilegesAction.java | 2 +- .../xpack/security/rest/action/user/RestPutUserAction.java | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java index 782bb30122a..0ac2b9fc43b 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java @@ -44,7 +44,7 @@ public class RestPutRoleAction extends SecurityBaseRestHandler { @Override public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException { PutRoleRequestBuilder requestBuilder = new SecurityClient(client) - .preparePutRole(request.param("name"), request.content(), request.getXContentType()) + .preparePutRole(request.param("name"), request.requiredContent(), request.getXContentType()) .setRefreshPolicy(request.param("refresh")); return channel -> requestBuilder.execute(new RestBuilderListener(channel) { @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java index b4497622519..dc60e6f16ff 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java @@ -47,7 +47,7 @@ public class RestPutRoleMappingAction extends SecurityBaseRestHandler { public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException { final String name = request.param("name"); PutRoleMappingRequestBuilder requestBuilder = new SecurityClient(client) - .preparePutRoleMapping(name, request.content(), request.getXContentType()) + .preparePutRoleMapping(name, request.requiredContent(), request.getXContentType()) .setRefreshPolicy(request.param("refresh")); return channel -> requestBuilder.execute( new RestBuilderListener(channel) { diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java index 47c3e8c1c14..f514b5d8a7a 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java @@ -61,7 +61,7 @@ public class RestChangePasswordAction extends SecurityBaseRestHandler implements final String refresh = request.param("refresh"); return channel -> new SecurityClient(client) - .prepareChangePassword(username, request.content(), request.getXContentType()) + .prepareChangePassword(username, request.requiredContent(), request.getXContentType()) .setRefreshPolicy(refresh) .execute(new RestBuilderListener(channel) { @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java index 4a37c7e5051..9c6a41a6da8 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java @@ -54,7 +54,7 @@ public class RestHasPrivilegesAction extends SecurityBaseRestHandler { public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException { final String username = getUsername(request); HasPrivilegesRequestBuilder requestBuilder = new SecurityClient(client) - .prepareHasPrivileges(username, request.content(), request.getXContentType()); + .prepareHasPrivileges(username, request.requiredContent(), request.getXContentType()); return channel -> requestBuilder.execute(new HasPrivilegesRestResponseBuilder(username, channel)); } diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java index f70494e913e..dddb78accc0 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java @@ -48,7 +48,7 @@ public class RestPutUserAction extends SecurityBaseRestHandler implements RestRe @Override public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException { PutUserRequestBuilder requestBuilder = new SecurityClient(client) - .preparePutUser(request.param("username"), request.content(), request.getXContentType()) + .preparePutUser(request.param("username"), request.requiredContent(), request.getXContentType()) .setRefreshPolicy(request.param("refresh")); return channel -> requestBuilder.execute(new RestBuilderListener(channel) {