fix: add silent=True and validation to /epoch/enroll JSON parsing#4817
fix: add silent=True and validation to /epoch/enroll JSON parsing#4817BossChaos wants to merge 1 commit into
Conversation
SECURITY: The /epoch/enroll endpoint used request.get_json() without silent=True, causing a 400 BadRequest on non-JSON Content-Type headers. Additionally, there was no isinstance check to validate the parsed data is a dict before calling .get() on it. Impact: - Sending Content-Type: text/plain with POST /epoch/enroll causes 400 - Sending a JSON array [] crashes with AttributeError on .get() Fix: - Added silent=True to request.get_json() - Added isinstance(data, dict) check with proper 400 response
github-actions
Bot
added
BCOS-L1
saim256
left a comment
saim256
left a comment
There was a problem hiding this comment.
Approved current head 7206822.
This is a narrow, correct hardening for /epoch/enroll: the route now uses request.get_json(silent=True) and rejects non-dict payloads before calling .get(), so malformed/non-object JSON no longer reaches the field-access path.
Validation performed locally:
- git diff --check origin/main...HEAD -- node/rustchain_v2_integrated_v2.2.1_rip200.py
- python -m py_compile node\rustchain_v2_integrated_v2.2.1_rip200.py
- python tools\bcos_spdx_check.py --base-ref origin/main
- manual line/diff review around
/epoch/enroll
Caveats:
- This overlaps with open PR #4808, which applies the same pattern to
/epoch/enrollplus several other JSON parsing routes, so maintainers should merge only one compatible version of this change. python -m ruff check node\rustchain_v2_integrated_v2.2.1_rip200.py --select E9,F821,F811 --output-format=concisestill reports pre-existing issues already present on origin/main in this large integrated file (json/send_fileredefinitions plus undefinedlog,miners, andstatus). This PR does not introduce those findings.
No production node or external endpoint was exercised.
strongkeep-debug
left a comment
strongkeep-debug
left a comment
There was a problem hiding this comment.
Approved current head 7206822.
I checked the changed /epoch/enroll path with a Flask test client. The new silent=True plus dict guard returns the intended 400 {"error": "Invalid JSON body"} for wrong content type, JSON arrays, and malformed JSON before the later enrollment, signature, or attestation-gate logic runs. The touched hunk is narrow and leaves valid dict payload handling on the existing path.
Validation run locally:
python -m py_compile node\rustchain_v2_integrated_v2.2.1_rip200.pygit diff --check origin/main...HEAD -- node\rustchain_v2_integrated_v2.2.1_rip200.pypython tools\bcos_spdx_check.py --base-ref origin/main- Flask test-client smoke for
text/plain, JSON array[], and malformed JSON bodies; all returned the same 400 JSON body. uv run --no-project --with ruff python -m ruff check node\rustchain_v2_integrated_v2.2.1_rip200.py --select E9,F821,F811 --output-format=concisestill reports the pre-existing large-file issues outside this diff (json/send_fileredefinitions and undefinedlog/miners/status).
Caveat: this overlaps with #4808, so maintainers should merge only one compatible JSON-hardening version. No live node or external endpoint was exercised.
godd-ctrl
left a comment
godd-ctrl
left a comment
There was a problem hiding this comment.
Approved current head 7206822 after reviewing the /epoch/enroll JSON parsing hardening. The route now calls request.get_json(silent=True) and rejects non-dict payloads before any .get() calls, so malformed JSON, wrong content types, and JSON arrays stay on a controlled 400 Invalid JSON body path instead of reaching enrollment logic. Validation: python -m py_compile node\rustchain_v2_integrated_v2.2.1_rip200.py -> passed; git diff --check origin/main...HEAD -- node\rustchain_v2_integrated_v2.2.1_rip200.py -> passed; python tools\bcos_spdx_check.py --base-ref origin/main -> OK. Targeted Ruff E9/F821/F811 still reports the same pre-existing integrated-file findings outside this one-line route change. Caveat: this overlaps with #4808, so maintainers should merge only one compatible JSON-hardening version. No live node, wallet, or production endpoint was exercised.
loganoe
left a comment
loganoe
left a comment
There was a problem hiding this comment.
Approved. The endpoint now uses request.get_json(silent=True) and rejects non-dict parsed bodies before calling .get(), so both invalid content types and JSON arrays return controlled 400 responses instead of Flask/parser exceptions or AttributeError.
Validation performed: git diff --check origin/main...HEAD, python3 -m py_compile node/rustchain_v2_integrated_v2.2.1_rip200.py, python3 tools/bcos_spdx_check.py --base-ref origin/main, and a Flask test-client smoke test for text/plain, JSON array, and empty-object /epoch/enroll requests.
508704820
left a comment
508704820
left a comment
There was a problem hiding this comment.
Code Review: Add silent=True and Validation to /epoch/enroll JSON Parsing
Adds silent=True to prevent HTTP 500 on malformed JSON, and isinstance(data, dict) validation to reject non-object payloads.
Approve — consistent with #4871 pattern.
shuibui
left a comment
shuibui
left a comment
There was a problem hiding this comment.
Code Review: Approve
Good fix.
**Verdict: Approve.
TJCurnutte
left a comment
TJCurnutte
left a comment
There was a problem hiding this comment.
Approved. The endpoint now handles malformed or non-object JSON explicitly instead of relying on Flask's default parse exception or crashing on .get().
Validation performed:
- Reviewed the focused change in
/epoch/enroll. - Confirmed
request.get_json(silent=True)is used and a non-dict body now returns400 {"error": "Invalid JSON body"}before any.get()calls. - Ran
git diff --check origin/main...HEADon the PR branch: passed. - Ran
python3 -m py_compile node/rustchain_v2_integrated_v2.2.1_rip200.py: passed.
This is a reasonable fail-closed input-validation fix for the enroll route.
8 participants
Security Fix
The
/epoch/enrollendpoint usedrequest.get_json()withoutsilent=True, causing a400 BadRequeston non-JSON Content-Type headers.Additionally, there was no
isinstancecheck to validate the parsed data is a dict before calling.get()on it.Impact
Content-Type: text/plainwithPOST /epoch/enrollcauses 400[]crashes withAttributeErroron.get()Fix
silent=Truetorequest.get_json()isinstance(data, dict)check with proper 400 responseTesting
Verified that the endpoint now returns a proper 400 error for invalid Content-Types and JSON arrays instead of raising unhandled exceptions.
RTC Wallet:
RTC6d1f27d28961279f1034d9561c2403697eb55602