diff options
| author | iilyak <iilyak@users.noreply.github.com> | 2019-10-23 11:33:03 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-23 11:33:03 -0700 |
| commit | be2364d9c5993259e353bc13bfa89c754246eea9 (patch) | |
| tree | fbb4c237e9bd52844e9b18f4f801ce629d5c37b8 | |
| parent | 79cfc1df5e5e8e0d495bc58187306e8f7bfe06dc (diff) | |
| parent | a47f0fa8dde5f3b8d5c06649d8d896778c708f7e (diff) | |
| download | couchdb-be2364d9c5993259e353bc13bfa89c754246eea9.tar.gz | |
Merge pull request #2270 from bessbd/changes-feed-input-validation
Make changes feed return bad request for invalid heartbeat values
| -rw-r--r-- | src/chttpd/src/chttpd_db.erl | 9 | ||||
| -rw-r--r-- | test/elixir/test/changes_test.exs | 43 |
2 files changed, 51 insertions, 1 deletions
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl index aba1bd22f..970495f0a 100644 --- a/src/chttpd/src/chttpd_db.erl +++ b/src/chttpd/src/chttpd_db.erl @@ -1816,7 +1816,14 @@ parse_changes_query(Req) -> {"heartbeat", "true"} -> Args#changes_args{heartbeat=true}; {"heartbeat", _} -> - Args#changes_args{heartbeat=list_to_integer(Value)}; + try list_to_integer(Value) of + HeartbeatInteger when HeartbeatInteger > 0 -> + Args#changes_args{heartbeat=HeartbeatInteger}; + _ -> + throw({bad_request, <<"The heartbeat value should be a positive integer (in milliseconds).">>}) + catch error:badarg -> + throw({bad_request, <<"Invalid heartbeat value. Expecting a positive integer value (in milliseconds).">>}) + end; {"timeout", _} -> Args#changes_args{timeout=list_to_integer(Value)}; {"include_docs", "true"} -> diff --git a/test/elixir/test/changes_test.exs b/test/elixir/test/changes_test.exs new file mode 100644 index 000000000..b5545087b --- /dev/null +++ b/test/elixir/test/changes_test.exs @@ -0,0 +1,43 @@ +defmodule ChangesTest do + use CouchTestCase + + @moduletag :changes + + @moduledoc """ + Test CouchDB /{db}/_changes + """ + + @tag :with_db + test "Changes feed negative heartbeat", context do + db_name = context[:db_name] + + resp = Couch.get( + "/#{db_name}/_changes", + query: %{ + :feed => "continuous", + :heartbeat => -1000 + } + ) + + assert resp.status_code == 400 + assert resp.body["error"] == "bad_request" + assert resp.body["reason"] == "The heartbeat value should be a positive integer (in milliseconds)." + end + + @tag :with_db + test "Changes feed non-integer heartbeat", context do + db_name = context[:db_name] + + resp = Couch.get( + "/#{db_name}/_changes", + query: %{ + :feed => "continuous", + :heartbeat => "a1000" + } + ) + + assert resp.status_code == 400 + assert resp.body["error"] == "bad_request" + assert resp.body["reason"] == "Invalid heartbeat value. Expecting a positive integer value (in milliseconds)." + end +end |