Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RestAPI: Reject forcemerge requests with a body #30792

Merged
merged 4 commits into from
Jun 18, 2018
Merged

RestAPI: Reject forcemerge requests with a body #30792

merged 4 commits into from
Jun 18, 2018

Conversation

rjernst
Copy link
Member

@rjernst rjernst commented May 22, 2018

This commit adds validation to forcemerge rest requests which contain a
body. All parameters to force merge must be part of http params.

closes #29584

@rjernst
RestAPI: Reject forcemerge requests with a body
4ffa286 
This commit adds validation to forcemerge rest requests which contain a
body. All parameters to force merge must be part of http params.

closes elastic#29584
@rjernst rjernst added >bug :Core/Infra/REST API REST infrastructure and utilities v7.0.0 v6.4.0 labels May 22, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra

jasontedor
jasontedor approved these changes May 23, 2018
View reviewed changes
Copy link
Member

@jasontedor jasontedor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left some comments about the exception message. The overall change and test look good but I think we can work the message a little bit?

server/src/main/java/org/elasticsearch/rest/action/admin/indices/RestForceMergeAction.java Outdated
@@ -47,6 +47,9 @@ public String getName() {

@Override
public RestChannelConsumer prepareRequest(final RestRequest request, final NodeClient client) throws IOException {
if (request.hasContent()) {
throw new IllegalArgumentException("forcemerge takes arguments in http params, not as http body");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are "query parameters" (there are many different kinds of "parameters" in the HTTP specification, not only query parameters). I think we should say "request body" instead of "http body" (and let us capitalize "HTTP" if we keep it in the message.

@rjernst rjernst merged commit 340313b into elastic:master Jun 18, 2018
@rjernst rjernst deleted the forcemerge_validation branch June 18, 2018 17:03
rjernst added a commit that referenced this pull request Jun 18, 2018
@rjernst
RestAPI: Reject forcemerge requests with a body (#30792)
8393554 
This commit adds validation to forcemerge rest requests which contain a
body. All parameters to force merge must be part of http params.

closes #29584
dnhatn added a commit that referenced this pull request Jun 19, 2018
@dnhatn
Merge branch '6.x' into ccr-6.x
35243f2 
* 6.x:
  Add get stored script and delete stored script to high level REST API
  Increasing skip version for failing test on 6.x
  Skip get_alias tests for 5.x (#31397)
  Fix defaults in GeoShapeFieldMapper output (#31302)
  Test: better error message on failure
  Mute DefaultShardsIT#testDefaultShards test
  Fix reference to XContentBuilder.string() (#31337)
  [DOCS] Adds monitoring breaking change (#31369)
  [DOCS] Adds security breaking change (#31375)
  [DOCS] Backports breaking change (#31373)
  RestAPI: Reject forcemerge requests with a body (#30792)
  Docs: Use the default distribution to test docs (#31251)
  Use system context for cluster state update tasks (#31241)
  [DOCS] Adds testing for security APIs (#31345)
  [DOCS] Removes ML item from release highlights
  [DOCS] Removes breaking change (#31376)
  REST high-level client: add validate query API (#31077)
  Move language analyzers from server to analysis-common module. (#31300)
  Expose lucene's RemoveDuplicatesTokenFilter (#31275)
  [Test] Fix :example-plugins:rest-handler on Windows
  Delete typos in SAML docs (#31199)
  Ensure we don't use a remote profile if cluster name matches (#31331)
  Test: Skip alias tests that failed all weekend
  [DOCS] Fix version in SQL JDBC Maven template
  [DOCS] Improve install and setup section for SQL JDBC
  Add ingest-attachment support for per document `indexed_chars` limit (#31352)
  SQL: Fix rest endpoint names in node stats (#31371)
  [DOCS] Fixes small issue in release notes
  Support for remote path in reindex api Closes #22913
  [ML] Put ML filter API response should contain the filter (#31362)
  Remove trial status info from start trial doc (#31365)
  [DOCS] Added links in breaking changes pages
  [DOCS] Adds links to release notes and highlights
  Docs: Document changes in rest client
  QA: Fix tribe tests to use node selector
  REST Client: NodeSelector for node attributes (#31296)
  LLClient: Fix assertion on windows
  LLClient: Support host selection (#30523)
  Add QA project and fixture based test for discovery-ec2 plugin (#31107)
  [ML] Hold ML filter items in sorted set (#31338)
  [ML] Add description to ML filters (#31330)
dnhatn added a commit that referenced this pull request Jun 19, 2018
@dnhatn
Merge branch 'master' into ccr
ec04366 
* master:
  Add get stored script and delete stored script to high level REST API - post backport fix
  Add get stored script and delete stored script to high level REST API (#31355)
  Core: Combine Action and GenericAction (#31405)
  Fix reference to XContentBuilder.string() (#31337)
  Avoid sending duplicate remote failed shard requests (#31313)
  Fix defaults in GeoShapeFieldMapper output (#31302)
  RestAPI: Reject forcemerge requests with a body (#30792)
  Packaging: Remove windows bin files from the tar distribution (#30596)
  Docs: Use the default distribution to test docs (#31251)
  [DOCS] Adds testing for security APIs (#31345)
  Clarify that IP range data can be specified in CIDR notation. (#31374)
  Use system context for cluster state update tasks (#31241)
  Percentile/Ranks should return null instead of NaN when empty (#30460)
  REST high-level client: add validate query API (#31077)
  Move language analyzers from server to analysis-common module. (#31300)
  [Test] Fix :example-plugins:rest-handler on Windows
  Expose lucene's RemoveDuplicatesTokenFilter (#31275)
  Reload secure settings for plugins (#31383)
  Remove some cases in FieldTypeLookupTests that are no longer relevant. (#31381)
  Ensure we don't use a remote profile if cluster name matches (#31331)
  [TEST] Double write alias fault (#30942)
  [DOCS] Fix version in SQL JDBC Maven template
  [DOCS] Improve install and setup section for SQL JDBC
  SQL: Fix rest endpoint names in node stats (#31371)
  Support for remote path in reindex api - post backport fix Closes #22913
  [ML] Put ML filter API response should contain the filter (#31362)
  Support for remote path in reindex api (#31290)
  Add byte array pooling to nio http transport (#31349)
  Remove trial status info from start trial doc (#31365)
  [DOCS] Adds links to release notes and highlights
  add is-write-index flag to aliases (#30942)
  Add rollover-creation-date setting to rolled over index (#31144)
  [ML] Hold ML filter items in sorted set (#31338)
  [Tests] Fix edge case in ScriptedMetricAggregatorTests (#31357)
@Mpdreamz Mpdreamz mentioned this pull request Sep 25, 2018
Closed
89 tasks
@krzotr krzotr mentioned this pull request Nov 22, 2018
Open
@jasontedor jasontedor mentioned this pull request Jan 15, 2019
Merged
@jakelandis jakelandis mentioned this pull request Nov 18, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasontedor jasontedor jasontedor approved these changes

Assignees
No one assigned
Labels
>bug :Core/Infra/REST API REST infrastructure and utilities v6.4.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

_forcemerge API erroneously accepts JSON payloads and returns ambiguously positive response
4 participants
@rjernst @elasticmachine @jasontedor @colings86