Merge pull request #600 from CVEProject/dev

#569 Update INT
CVEProject · Mar 21, 2022 · 836f57b · 836f57b
2 parents 62dc6f3 + e7ff06b
commit 836f57b
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 9 deletions.
diff --git a/src/index.js b/src/index.js
@@ -36,7 +36,7 @@ app.use(express.urlencoded({ extended: true })) // Allows us to handle url encod
 app.use('/api/', mw.createCtxAndReqUUID)
 global.mongoose = mongoose // Make mongoose connection available globally
 configureRoutes(app) // Define api routes
-app.use(mw.largeInputErrorHandler) // error handler for large input
+app.use(mw.validateJsonSyntax) // error handler for large input and JSON syntax
 app.use(mw.errorHandler) // error handler middleware
 
 // Handle 404 - Keep this as a last route

diff --git a/src/middleware/error.js b/src/middleware/error.js
@@ -47,6 +47,13 @@ class MiddlewareError extends idrErr.IDRError {
     return err
   }
 
+  invalidJsonSyntax (errors) { // mw
+    const err = {}
+    err.error = 'INVALID_JSON_SYNTAX'
+    err.message = errors
+    return err
+  }
+
   recordTooLarge () {
     const err = {}
     err.error = 'RECORD_TOO_LARGE'

diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
@@ -205,11 +205,17 @@ function validateCveJsonSchema (req, res, next) {
   }
 }
 
-function largeInputErrorHandler (err, req, res, next) {
+function validateJsonSyntax (err, req, res, next) {
   if (err.status && err.message) {
-    console.warn('Request failed validation because entity too large')
-    console.info((JSON.stringify(err)))
-    return res.status(400).json(error.recordTooLarge(errors))
+    if (err.message.includes('Unexpected token')) {
+      console.warn('Request failed validation because JSON syntax is incorrect')
+      console.info((JSON.stringify(err)))
+      return res.status(400).json(error.invalidJsonSyntax(err.message))
+    } else if (err.message.includes('request entity too large')) {
+      console.warn('Request failed validation because entity too large')
+      console.info((JSON.stringify(err)))
+      return res.status(413).json(error.recordTooLarge(errors))
+    }
   } else {
     next(err)
   }
@@ -228,6 +234,6 @@ module.exports = {
   cnaMustOwnID,
   createCtxAndReqUUID,
   validateCveJsonSchema,
-  largeInputErrorHandler,
-  errorHandler
+  errorHandler,
+  validateJsonSyntax
 }
diff --git a/test-http/src/test/cve_tests/cve.py b/test-http/src/test/cve_tests/cve.py
@@ -445,7 +445,7 @@ def test_record_submission_too_large():
             headers=utils.BASE_HEADERS,
             json=data
         )
-        assert res.status_code == 400 # payload is too large
+        assert res.status_code == 413 # payload is too large
         response_contains_json(res, 'error', 'RECORD_TOO_LARGE')
 
 
@@ -458,7 +458,7 @@ def test_record_update_too_large():
             headers=utils.BASE_HEADERS,
             json=data
         )
-        assert res.status_code == 400 # payload is too large
+        assert res.status_code == 413 # payload is too large
         response_contains_json(res, 'error', 'RECORD_TOO_LARGE')
 
 

diff --git a/test-http/src/test/user_tests/user.py b/test-http/src/test/user_tests/user.py
@@ -13,6 +13,7 @@ def test_get_all_users():
         f'{env.AWG_BASE_URL}/api/users',
         headers=utils.BASE_HEADERS
     )
+
     test_user={}
     for user in json.loads(res.content.decode())['users']:
         if user['username'] == '[email protected]':