graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Unexpected behaviour when required (non-string) param is missing

Open jrunu opened this issue 6 years ago • 2 comments

Having /api/search/universal/relative as example. The range parameter contains an integer specifiying the relative range as seconds. This parameter is required. While the API browser complains about it missing, the API it self doesn't and instead assumes a 0, subsequently leading to a time range including everything from the beginning of time (1970) until now.

This is by side-effect not the case for string parameters because these are NULL by default and therefore fail at the NULL check.

Expected Behavior

The API returns HTTP 400 Missing required parameters

Possible Solution

Judging by the source code annotation, this should be already happening. So presumeably its not easy to correct, because its probably not supported/behaviour by the framework. Ignoring the fact that for that very reason, not having to implement these changes by hand, we wouldn't be able to implement that anway because we can't distinguish a zero from a missing parameters in case of ints.

Equally, its not complaining about any additional fields, that are not accepted by the endpoint.

These two factors prolonged the confusion when in a script by accident the wrong endpoin was used. Instead of failing, it responded with unexpected (but similar) results.

Reproduce

https://graylog-server/api/search/universal/relative?query=

  • Graylog Version: 3.1

jrunu avatar Feb 05 '20 10:02 jrunu

@Emy-01 - why this minor issue about our LEGACY API is given so high priority???

luk-kaminski avatar May 22 '24 11:05 luk-kaminski

@luk-kaminski mislabeled.

Emy-01 avatar May 22 '24 16:05 Emy-01