Disallow unknown fields when unmarshaling requests in the handler

AdamSLevy · Oct 19, 2018 · 9e4c091 · 9e4c091
1 parent 59d3d2d
commit 9e4c091
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/Handler.go b/Handler.go
@@ -6,6 +6,7 @@
 package jsonrpc2
 
 import (
+	"bytes"
 	"encoding/json"
 	"io/ioutil"
 	"net/http"
@@ -65,9 +66,9 @@ func HTTPRequestHandlerFunc(w http.ResponseWriter, req *http.Request) {
 			Request
 			Params json.RawMessage `json:"params,omitempty"`
 		}{}
-
 		var res *Response
-		if err = json.Unmarshal(rawReq, &req); err != nil || !req.IsValid() {
+
+		if err = unmarshalStrict(rawReq, &req); err != nil || !req.IsValid() {
 			res = newErrorResponse(nil, InvalidRequest)
 		} else {
 			if req.IsValid() {
@@ -102,6 +103,13 @@ func HTTPRequestHandlerFunc(w http.ResponseWriter, req *http.Request) {
 	}
 }
 
+func unmarshalStrict(data []byte, v interface{}) error {
+	b := bytes.NewBuffer(data)
+	d := json.NewDecoder(b)
+	d.DisallowUnknownFields()
+	return d.Decode(v)
+}
+
 func respondError(w http.ResponseWriter, e Error) {
 	res := newErrorResponse(nil, e)
 	respond(w, res)