From 317658aceae207624e46a19318e2c39781d4e7ae Mon Sep 17 00:00:00 2001 From: Prateek Sachan <42961174+prateek2211@users.noreply.github.com> Date: Sat, 11 Apr 2020 22:17:05 +0530 Subject: [PATCH] Added checks for JSON body in accounts_data endpoint (#863) Signed-off-by: Prateek Sachan --- clientapi/routing/account_data.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/clientapi/routing/account_data.go b/clientapi/routing/account_data.go index 24db41f5..a5d53c32 100644 --- a/clientapi/routing/account_data.go +++ b/clientapi/routing/account_data.go @@ -15,6 +15,7 @@ package routing import ( + "encoding/json" "io/ioutil" "net/http" @@ -80,12 +81,26 @@ func SaveAccountData( defer req.Body.Close() // nolint: errcheck + if req.Body == http.NoBody { + return util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.NotJSON("Content not JSON"), + } + } + body, err := ioutil.ReadAll(req.Body) if err != nil { util.GetLogger(req.Context()).WithError(err).Error("ioutil.ReadAll failed") return jsonerror.InternalServerError() } + if !json.Valid(body) { + return util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.BadJSON("Bad JSON content"), + } + } + if err := accountDB.SaveAccountData( req.Context(), localpart, roomID, dataType, string(body), ); err != nil {