public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
35dd260d6a7d7be44a7c19bd08da72a135f92f94
grafana/pkg/macaron/binding.go
Dimitris Sotirakis f42d0b9beb [v8.3.x] Sync security changes (#45067) 
* "Release: Updated versions in package to 8.3.5"

* [v8.3.x] Fix for CVE-2022-21702 (#225)

Fix for CVE-2022-21702

* Update yarn.lock for 8.3.5

* resolve conflicts

(cherry picked from commit bb38cfcba4b4f824060ff385d858c63f50b72d74)

* csrf checks for v8.3.5 (#234)

* Fix lint

* Cherry pick e2e test server changes

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
2022-02-08 15:35:38 +01:00

85 lines
2.1 KiB
Go
Raw Blame History

package macaron
import (
"encoding/json"
"errors"
"fmt"
"io"
"mime"
"net/http"
"reflect"
)
// Bind deserializes JSON payload from the request
func Bind(req *http.Request, v interface{}) error {
if req.Body != nil {
m, _, err := mime.ParseMediaType(req.Header.Get("Content-type"))
if err != nil {
return err
}
if m != "application/json" {
return errors.New("bad content type")
}
defer func() { _ = req.Body.Close() }()
err = json.NewDecoder(req.Body).Decode(v)
if err != nil && !errors.Is(err, io.EOF) {
return err
}
}
return validate(v)
}
type Validator interface {
Validate() error
}
func validate(obj interface{}) error {
// If type has a Validate() method - use that
if validator, ok := obj.(Validator); ok {
return validator.Validate()
}
// Otherwise, use reflection to match `binding:"Required"` struct field tags.
// Resolve all pointers and interfaces, until we get a concrete type.
t := reflect.TypeOf(obj)
v := reflect.ValueOf(obj)
for v.Kind() == reflect.Interface || v.Kind() == reflect.Ptr {
t = t.Elem()
v = v.Elem()
}
switch v.Kind() {
// For arrays and slices - iterate over each element and validate it recursively
case reflect.Slice, reflect.Array:
for i := 0; i < v.Len(); i++ {
e := v.Index(i).Interface()
if err := validate(e); err != nil {
return err
}
}
// For structs - iterate over each field, check for the "Required" constraint (Macaron legacy), then validate it recursively
case reflect.Struct:
for i := 0; i < v.NumField(); i++ {
field := t.Field(i)
value := v.Field(i)
rule := field.Tag.Get("binding")
if !value.CanInterface() {
continue
}
if rule == "Required" {
zero := reflect.Zero(field.Type).Interface()
if value.Kind() == reflect.Slice {
if value.Len() == 0 {
return fmt.Errorf("required slice %s must not be empty", field.Name)
}
} else if reflect.DeepEqual(zero, value.Interface()) {
return fmt.Errorf("required value %s must not be empty", field.Name)
}
}
if err := validate(value.Interface()); err != nil {
return err
}
}
default: // ignore
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink