Fix internal server error on invalid header in curl command (#3931)

* Fix internal server error on invalid header in curl command * Add tests for invalid header/method
appsmithorg · Apr 14, 2021 · a259dd0 · a259dd0
1 parent 5b48a9c
commit a259dd0
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/exceptions/AppsmithError.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/exceptions/AppsmithError.java
@@ -81,9 +81,10 @@ public enum AppsmithError {
     FAIL_UPDATE_USER_IN_SESSION(500, 5008, "Unable to update user in session.", AppsmithErrorAction.LOG_EXTERNALLY, null),
     APPLICATION_FORKING_NOT_ALLOWED(403, 4034, "Forking this application is not permitted at this time.", AppsmithErrorAction.DEFAULT, null),
     GOOGLE_RECAPTCHA_TIMEOUT(504, 5042, "Google recaptcha verification timeout. Please try again.", AppsmithErrorAction.DEFAULT, null),
-    GOOGLE_RECAPTCHA_FAILED(401, 4034, "Google recaptcha verification failed. Please try again.", AppsmithErrorAction.DEFAULT, null),
+    GOOGLE_RECAPTCHA_FAILED(401, 4035, "Google recaptcha verification failed. Please try again.", AppsmithErrorAction.DEFAULT, null),
     UNKNOWN_ACTION_RESULT_DATA_TYPE(500, 5009, "Appsmith has encountered an unknown action result data type: {0}. " +
             "Please contact Appsmith customer support to resolve this.", AppsmithErrorAction.LOG_EXTERNALLY, null),
+    INVALID_CURL_HEADER(400, 4036, "Invalid header in cURL command: {0}.", AppsmithErrorAction.DEFAULT, null),
     ;
 
 

diff --git a/...erver/appsmith-server/src/main/java/com/appsmith/server/services/CurlImporterService.java b/...erver/appsmith-server/src/main/java/com/appsmith/server/services/CurlImporterService.java
@@ -290,6 +290,9 @@ public ActionDTO parse(List<String> tokens) throws AppsmithException {
             } else if (ARG_HEADER.equals(state)) {
                 // The `token` is next to `--header`.
                 final String[] parts = token.split(":\\s*", 2);
+                if (parts.length != 2) {
+                    throw new AppsmithException(AppsmithError.INVALID_CURL_HEADER, token);
+                }
                 if ("content-type".equalsIgnoreCase(parts[0])) {
                     contentType = parts[1];
                 }

diff --git a/...r/appsmith-server/src/test/java/com/appsmith/server/services/CurlImporterServiceTest.java b/...r/appsmith-server/src/test/java/com/appsmith/server/services/CurlImporterServiceTest.java
@@ -30,6 +30,7 @@
 import java.util.List;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 @RunWith(SpringRunner.class)
 @SpringBootTest
@@ -677,6 +678,24 @@ public void dontEatBackslashesInSingleQuotes() throws AppsmithException {
         );
     }
 
+    @Test
+    public void importInvalidMethod() {
+        assertThatThrownBy(() -> {
+            curlImporterService.curlToAction("curl -X invalid-method http://httpbin.org/get");
+        })
+                .isInstanceOf(AppsmithException.class)
+                .matches(err -> ((AppsmithException) err).getError() == AppsmithError.INVALID_CURL_METHOD);
+    }
+
+    @Test
+    public void importInvalidHeader() {
+        assertThatThrownBy(() -> {
+            curlImporterService.curlToAction("curl -H x-custom http://httpbin.org/headers");
+        })
+                .isInstanceOf(AppsmithException.class)
+                .matches(err -> ((AppsmithException) err).getError() == AppsmithError.INVALID_CURL_HEADER);
+    }
+
     @Test
     @WithUserDetails(value = "api_user")
     public void importInvalidCurlCommand() {