Bug 867772 - Invalid or empty POST data for action URIs cause unhandled exceptions
Invalid or empty POST data for action URIs cause unhandled exceptions
Status: CLOSED CANTFIX
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-restapi (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: Ori Liel
Oded Ramraz
infra
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-18 05:28 EDT by David Jaša
Modified: 2016-02-10 14:12 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-16 05:54:28 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2012-10-18 05:28:21 EDT
Description of problem:
Invalid or empty POST data for action URIs cause unhandled exceptions

Version-Release number of selected component (if applicable):
si19.1 / 3.1.0-18

How reproducible:
always

Steps to Reproduce:
1. issue curl ... -X POST https://rhevm.example.org/vms/<vm_uuid>/ticket
2. issue curl ... -X POST -d "g>arb<--age<>>>" <rhevm_action_uri>
3.
  
Actual results:
in both cases, exceptions are returned back to client and noted in server.log:
2012-10-18 11:15:43,111 WARN  [org.jboss.resteasy.core.SynchronousDispatcher] (ajp-/127.0.0.1:8009-2) Failed executing POST /vms/ad5f7497-120d-40da-9093-c9c4b8919e50/ticket: org.jboss.resteasy.plugins.providers.jaxb.JAXBUnmarshalExceptio
n: javax.xml.bind.UnmarshalException
 - with linked exception:
[org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.]
        at ...
<snip>
Caused by: javax.xml.bind.UnmarshalException
 - with linked exception:
[org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.]
        at ...
<snip>
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
        at ...

Expected results:
The exception are caught and "400 Bad Request" error is presented to the API user.

Additional info:
Comment 1 Michael Pasternak 2012-10-18 05:55:52 EDT
not sure we can work this, exception thrown from resteasy before we 
gain control over your request.
Comment 2 Ori Liel 2012-12-03 05:27:17 EST
rest-easy provides interception points, but none of them is before the jaxb unmarshalling is activated, so they don't help us. I've posted a question on the rest-easy developers list: 

http://sourceforge.net/mailarchive/forum.php?thread_name=347661430.1276939.1351515960408.JavaMail.root%40redhat.com&forum_name=resteasy-developers

Note You need to log in before you can comment on or make changes to this bug.