honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Security] Handle no-content gracefully (elastic/x-pack-elasticsearch#2610) 

A number of REST requests require a body but did not explicitly validate for it.
This would typically cause a NPE if they were called with no body.

Original commit: elastic/x-pack-elasticsearch@863ac89429
This commit is contained in:
Tim Vernum 2017-10-04 18:45:40 +11:00 committed by GitHub
parent f5864c7291
commit 8980357a29
5 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java
View File

@ -44,7 +44,7 @@ public class RestPutRoleAction extends SecurityBaseRestHandler {
@Override
public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException {
PutRoleRequestBuilder requestBuilder = new SecurityClient(client)
.preparePutRole(request.param("name"), request.content(), request.getXContentType())
.preparePutRole(request.param("name"), request.requiredContent(), request.getXContentType())
.setRefreshPolicy(request.param("refresh"));
return channel -> requestBuilder.execute(new RestBuilderListener<PutRoleResponse>(channel) {
@Override

2
plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java
View File

@ -47,7 +47,7 @@ public class RestPutRoleMappingAction extends SecurityBaseRestHandler {
public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException {
final String name = request.param("name");
PutRoleMappingRequestBuilder requestBuilder = new SecurityClient(client)
.preparePutRoleMapping(name, request.content(), request.getXContentType())
.preparePutRoleMapping(name, request.requiredContent(), request.getXContentType())
.setRefreshPolicy(request.param("refresh"));
return channel -> requestBuilder.execute(
new RestBuilderListener<PutRoleMappingResponse>(channel) {

2
plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java
View File

@ -61,7 +61,7 @@ public class RestChangePasswordAction extends SecurityBaseRestHandler implements
final String refresh = request.param("refresh");
return channel ->
new SecurityClient(client)
.prepareChangePassword(username, request.content(), request.getXContentType())
.prepareChangePassword(username, request.requiredContent(), request.getXContentType())
.setRefreshPolicy(refresh)
.execute(new RestBuilderListener<ChangePasswordResponse>(channel) {
@Override

2
plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java
View File

@ -54,7 +54,7 @@ public class RestHasPrivilegesAction extends SecurityBaseRestHandler {
public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException {
final String username = getUsername(request);
HasPrivilegesRequestBuilder requestBuilder = new SecurityClient(client)
.prepareHasPrivileges(username, request.content(), request.getXContentType());
.prepareHasPrivileges(username, request.requiredContent(), request.getXContentType());
return channel -> requestBuilder.execute(new HasPrivilegesRestResponseBuilder(username, channel));
}

2
plugin/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java
View File

@ -48,7 +48,7 @@ public class RestPutUserAction extends SecurityBaseRestHandler implements RestRe
@Override
public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException {
PutUserRequestBuilder requestBuilder = new SecurityClient(client)
.preparePutUser(request.param("username"), request.content(), request.getXContentType())
.preparePutUser(request.param("username"), request.requiredContent(), request.getXContentType())
.setRefreshPolicy(request.param("refresh"));
return channel -> requestBuilder.execute(new RestBuilderListener<PutUserResponse>(channel) {