Insufficient parameter validation in job_status method

[marc-vanderwal]

When prodding around the JSON RPC API manually with curl, no clear error message is returned when the job_status method is called with a missing test_id parameter.

$ curl -s -H "Content-Type: application/json" -X POST \
    -d '{"jsonrpc": "2.0", "method": "test_progress", "params": {}, "id": "'`uuidgen`'"}' \
    http://localhost:5000/ | jq

{
  "result": null,
  "jsonrpc": "2.0",
  "id": "9c644caa-0a3c-45d9-8d25-e863c7cb4c44"
}

When a correct test/job ID is supplied, the behavior is correct:

$ curl -s -H "Content-Type: application/json" -X POST \
    -d '{"jsonrpc": "2.0", "method": "job_status", "params": {"test_id": "de1ccfc8308d05ec"}, "id": "'`uuidgen`'"}' \
    http://localhost:5000/ | jq

{
  "result": {
    "progress": 100
  },
  "id": "e83160e1-db7f-4027-9b43-7bb4024f1309",
  "jsonrpc": "2.0"
}

But no error is returned if the test_id parameter does not reference a valid job/test:

$ curl -s -H "Content-Type: application/json" -X POST \
    -d '{"jsonrpc": "2.0", "method": "job_status", "params": {"test_id": "definitelynonexistent"}, "id": "'`uuidgen`'"}' \
    http://localhost:5000/ | jq

{
  "result": {
    "progress": null
  },
  "jsonrpc": "2.0",
  "id": "77ae1f00-3e7e-4a9e-9541-4da69aff9505"
}

[matsduf]

What is the expected behavior? Is the bug in the documentation or in the implementation?

[marc-vanderwal]

If the test_id is missing in the RPCAPI call, I expect a response along the lines of:

{
  "jsonrpc": "2.0",
  "id": "9c644caa-0a3c-45d9-8d25-e863c7cb4c44",
  "error": {
    "data": [
      {
        "message": "Missing property",
        "path": "/test_id"
      }
    ],
    "message": "Invalid method parameter(s).",
    "code": "-32602"
  }
}

And when the test_id does not refer to a valid job/test ID, I also expect an error to be raised; something like:

{
  "jsonrpc": "2.0",
  "id": "77ae1f00-3e7e-4a9e-9541-4da69aff9505",
  "error": {
    "data": [
      {
        "message": "No such job/test exists with the given test_id",
        "path": "/test_id"
      }
    ],
    "message": "Invalid method parameter(s).",
    "code": "-32602"
  },
  "jsonrpc": "2.0",
  "id": "77ae1f00-3e7e-4a9e-9541-4da69aff9505"
}

There is no problem with the specification; just an oversight in the implementation.

I've tested it on develop (commit ed394a7) and I can't reproduce.

$ curl -s -H "Content-Type: application/json" -X POST \
    -d '{"jsonrpc": "2.0", "method": "job_status", "params": {}, "id": "'`uuidgen`'"}' \
    http://localhost:5000/ | jq
{
  "jsonrpc": "2.0",
  "error": {
    "code": "-32602",
    "message": "Invalid method parameter(s).",
    "data": [
      {
        "message": "Missing property",
        "path": "/test_id"
      }
    ]
  },
  "id": "da654e66-36c7-4853-af46-cfd205d9d0ec"
}

$ curl -s -H "Content-Type: application/json" -X POST \
    -d '{"jsonrpc": "2.0", "method": "job_status", "params": {"test_id": "definitelynonexistent"}, "id": "'`uuidgen`'"}' \
    http://localhost:5000/ | jq
{
  "id": "5f6bf177-e41c-4dc2-9e2d-17a52828f16b",
  "error": {
    "data": [
      {
        "message": "String does not match (?^u:^[0-9a-f]{16}$).",
        "path": "/test_id"
      }
    ],
    "message": "Invalid method parameter(s).",
    "code": "-32602"
  },
  "jsonrpc": "2.0"
}

[marc-vanderwal]

That’s odd. I was at commit ff5cf1c on my end. I’ll try again.

[marc-vanderwal]

I can still reproduce the problem on commit ff5cf1c on my setup. I might be doing something wrong, or there might be differences in the versions of library dependencies that may explain this discrepancy.

[marc-vanderwal]

@PNAX After further investigation, I think I found the root cause of the problem.

Just out of curiosity, which version of JSON::Validator do you have on your system? On mine, it’s 5.14, which is the latest version.

Just out of curiosity, which version of JSON::Validator do you have on your system?

I have the libjson-validator-perl package installed, version: 4.14.

I'm looking into my setup as well.

[marc-vanderwal]

What happens if you run the following script on the command line?

perl -MZonemaster::Backend::RPCAPI -MData::Dumper \
    -E 'my $s = $Zonemaster::Backend::RPCAPI::json_schemas{"job_status"}; say Data::Dumper->Dump([$s, $s->compile], [qw(raw compiled)])'

On my machine, I get the following output:

$raw = bless( {
                'strict' => 1,
                'type' => 'object',
                'properties' => {
                                  'test_id' => {
                                                 'type' => 'string',
                                                 'pattern' => qr/^[0-9a-f]{16}$/u
                                               }
                                },
                'required_props' => [
                                      'test_id'
                                    ]
              }, 'JSON::Validator::Joi' );
$compiled = {
              'type' => 'object',
              'additionalProperties' => bless( do{\(my $o = 0)}, 'JSON::PP::Boolean' ),
              'required' => $raw->{'required_props'},
              'properties' => $raw->{'properties'}
            };

In particular, does $raw have a required property or is is called required_props like here?