Validating forwarded and App Service RPC requests (#2837)

* Created validate param and seperate function for Validating RPC SmartObject

* Moved validate rpc smart object function to rpc handler interface

* Addressed review comments

* Addressed review comments

4 files changed, 73 insertions, 13 deletions

diff --git a/src/components/application_manager/include/application_manager/rpc_handler_impl.h b/src/components/application_manager/include/application_manager/rpc_handler_impl.h
index b7e74c5ab3..489bcd21fd 100644
--- a/src/components/application_manager/include/application_manager/rpc_handler_impl.h
+++ b/src/components/application_manager/include/application_manager/rpc_handler_impl.h
@@ -154,12 +154,18 @@ class RPCHandlerImpl : public RPCHandler,
       ns_smart_device_link::ns_smart_objects::SmartObject& output,
       utils::SemanticVersion& message_version);
 
+  bool ValidateRpcSO(smart_objects::SmartObject* message,
+                     utils::SemanticVersion& msg_version,
+                     rpc::ValidationReport& report_out,
+                     bool remove_unknown_params) OVERRIDE;
+
  private:
   void ProcessMessageFromMobile(const std::shared_ptr<Message> message);
   void ProcessMessageFromHMI(const std::shared_ptr<Message> message);
   bool ConvertMessageToSO(const Message& message,
                           smart_objects::SmartObject& output,
-                          const bool remove_unknown_parameters = true);
+                          const bool remove_unknown_parameters = true,
+                          const bool validate_params = true);
   std::shared_ptr<Message> ConvertRawMsgToMessage(
       const ::protocol_handler::RawMessagePtr message);
   hmi_apis::HMI_API& hmi_so_factory();
diff --git a/src/components/application_manager/src/rpc_handler_impl.cc b/src/components/application_manager/src/rpc_handler_impl.cc
index 6374e2a955..65d5d713e8 100644
--- a/src/components/application_manager/src/rpc_handler_impl.cc
+++ b/src/components/application_manager/src/rpc_handler_impl.cc
@@ -85,7 +85,7 @@ void RPCHandlerImpl::ProcessMessageFromMobile(
   }
 
   if (!ConvertMessageToSO(
-          *message, *so_from_mobile, remove_unknown_parameters)) {
+          *message, *so_from_mobile, remove_unknown_parameters, !rpc_passing)) {
     LOG4CXX_ERROR(logger_, "Cannot create smart object from message");
     return;
   }
@@ -106,7 +106,7 @@ void RPCHandlerImpl::ProcessMessageFromMobile(
                                           commands::Command::SOURCE_MOBILE,
                                           message_type)) {
       // Since PassThrough failed, refiltering the message
-      if (!ConvertMessageToSO(*message, *so_from_mobile, true)) {
+      if (!ConvertMessageToSO(*message, *so_from_mobile, true, true)) {
         LOG4CXX_ERROR(logger_, "Cannot create smart object from message");
         return;
       }
@@ -283,7 +283,8 @@ void RPCHandlerImpl::GetMessageVersion(
 bool RPCHandlerImpl::ConvertMessageToSO(
     const Message& message,
     ns_smart_device_link::ns_smart_objects::SmartObject& output,
-    const bool remove_unknown_parameters) {
+    const bool remove_unknown_parameters,
+    const bool validate_params) {
   LOG4CXX_AUTO_TRACE(logger_);
   LOG4CXX_DEBUG(logger_,
                 "\t\t\tMessage to convert: protocol "
@@ -303,6 +304,7 @@ bool RPCHandlerImpl::ConvertMessageToSO(
               message.type(),
               message.correlation_id());
 
+      smart_objects::SmartObject* so_ptr = (conversion_result) ? &output : NULL;
       rpc::ValidationReport report("RPC");
 
       // Attach RPC version to SmartObject if it does not exist yet.
@@ -316,12 +318,9 @@ bool RPCHandlerImpl::ConvertMessageToSO(
         GetMessageVersion(output, msg_version);
       }
 
-      if (!conversion_result ||
-          !mobile_so_factory().attachSchema(
-              output, remove_unknown_parameters, msg_version) ||
-          ((output.validate(&report, msg_version) !=
-                smart_objects::errors::OK &&
-            remove_unknown_parameters))) {
+      if (validate_params &&
+          !ValidateRpcSO(
+              so_ptr, msg_version, report, remove_unknown_parameters)) {
         LOG4CXX_WARN(logger_,
                      "Failed to parse string to smart object with API version "
                          << msg_version.toString() << " : "
@@ -338,8 +337,10 @@ bool RPCHandlerImpl::ConvertMessageToSO(
             rpc::PrettyFormat(report);
         app_manager_.GetRPCService().ManageMobileCommand(
             response, commands::Command::SOURCE_SDL);
+
         return false;
       }
+
       LOG4CXX_DEBUG(logger_,
                     "Convertion result for sdl object is true function_id "
                         << output[jhs::S_PARAMS][jhs::S_FUNCTION_ID].asInt());
@@ -388,7 +389,8 @@ bool RPCHandlerImpl::ConvertMessageToSO(
 
       rpc::ValidationReport report("RPC");
 
-      if (output.validate(&report) != smart_objects::errors::OK) {
+      if (validate_params &&
+          output.validate(&report) != smart_objects::errors::OK) {
         LOG4CXX_ERROR(logger_,
                       "Incorrect parameter from HMI"
                           << rpc::PrettyFormat(report));
@@ -449,6 +451,21 @@ bool RPCHandlerImpl::ConvertMessageToSO(
   return true;
 }
 
+bool RPCHandlerImpl::ValidateRpcSO(smart_objects::SmartObject* message,
+                                   utils::SemanticVersion& msg_version,
+                                   rpc::ValidationReport& report_out,
+                                   bool remove_unknown_params) {
+  if (!message ||
+      !mobile_so_factory().attachSchema(
+          *message, remove_unknown_params, msg_version) ||
+      (message->validate(&report_out, msg_version) !=
+       smart_objects::errors::OK)) {
+    LOG4CXX_WARN(logger_, "Failed to parse string to smart object");
+    return false;
+  }
+  return true;
+}
+
 std::shared_ptr<Message> RPCHandlerImpl::ConvertRawMsgToMessage(
     const protocol_handler::RawMessagePtr message) {
   LOG4CXX_AUTO_TRACE(logger_);
diff --git a/src/components/application_manager/src/rpc_passing_handler.cc b/src/components/application_manager/src/rpc_passing_handler.cc
index 560418e910..165b1f43ba 100644
--- a/src/components/application_manager/src/rpc_passing_handler.cc
+++ b/src/components/application_manager/src/rpc_passing_handler.cc
@@ -38,6 +38,7 @@
 #include "application_manager/application.h"
 #include "application_manager/application_manager.h"
 #include "application_manager/rpc_passing_handler.h"
+#include "application_manager/rpc_handler.h"
 #include "application_manager/commands/command_impl.h"
 #include "application_manager/message_helper.h"
 #include "application_manager/smart_object_keys.h"
@@ -145,8 +146,12 @@ bool RPCPassingHandler::RPCPassThrough(smart_objects::SmartObject rpc_message) {
       }
       rpc_request_queue_lock_.Release();
       RemoveRequestTimer(correlation_id);
-      auto result_code = static_cast<mobile_apis::Result::eType>(
-          rpc_message[strings::msg_params][strings::result_code].asInt());
+
+      mobile_apis::Result::eType result_code;
+      smart_objects::EnumConversionHelper<mobile_apis::Result::eType>::
+          StringToEnum(
+              rpc_message[strings::msg_params][strings::result_code].asString(),
+              &result_code);
 
       if (result_code == mobile_apis::Result::UNSUPPORTED_REQUEST) {
         LOG4CXX_DEBUG(logger_, "Service sent UNSUPPORTED_REQUEST");
@@ -228,6 +233,33 @@ void RPCPassingHandler::ForwardRequestToCore(uint32_t correlation_id) {
       std::make_shared<smart_objects::SmartObject>(message);
   rpc_request_queue.erase(correlation_id);
   rpc_request_queue_lock_.Release();
+
+  // Validate rpc message before forwarding to core
+  rpc::ValidationReport report("RPC");
+  uint32_t connection_key =
+      message[strings::params][strings::connection_key].asUInt();
+  int32_t function_id = message[strings::params][strings::function_id].asInt();
+  auto app_ptr = app_manager_.application(connection_key);
+  utils::SemanticVersion msg_version(0, 0, 0);
+  if (app_ptr) {
+    msg_version = app_ptr->msg_version();
+  }
+
+  if (!app_manager_.GetRPCHandler().ValidateRpcSO(
+          &message, msg_version, report, true)) {
+    std::shared_ptr<smart_objects::SmartObject> response(
+        MessageHelper::CreateNegativeResponse(
+            connection_key,
+            function_id,
+            correlation_id,
+            mobile_apis::Result::INVALID_DATA));
+
+    (*response)[strings::msg_params][strings::info] = rpc::PrettyFormat(report);
+    app_manager_.GetRPCService().ManageMobileCommand(
+        response, commands::Command::SOURCE_SDL);
+    return;
+  }
+
   app_manager_.GetRPCService().ManageMobileCommand(
       result, commands::Command::SOURCE_MOBILE);
 }
diff --git a/src/components/include/application_manager/rpc_handler.h b/src/components/include/application_manager/rpc_handler.h
index 9b6428f32d..a64ef44dfb 100644
--- a/src/components/include/application_manager/rpc_handler.h
+++ b/src/components/include/application_manager/rpc_handler.h
@@ -52,6 +52,11 @@ class RPCHandler
 #endif  // TELEMETRY_MONITOR
       {
  public:
+  virtual bool ValidateRpcSO(smart_objects::SmartObject* message,
+                             utils::SemanticVersion& msg_version,
+                             rpc::ValidationReport& report_out,
+                             bool remove_unknown_params) = 0;
+
   virtual ~RPCHandler() {}
 };