fixed issue #4056 (#4057)

* fixed issue #4056 * fix over eager sanitation
2017-12-16 15:10:22 +01:00 · 2017-12-16 15:10:22 +01:00 · e543016b7b
parent e6f7282e03
commit e543016b7b
3 changed files with 53 additions and 1 deletions
--- a/UnitTests/HttpInterface/api-cursor-spec.rb
+++ b/UnitTests/HttpInterface/api-cursor-spec.rb
@ -27,6 +27,54 @@ describe ArangoDB do
        doc.parsed_response['code'].should eq(400)
        doc.parsed_response['errorNum'].should eq(1502)
      end
+      
+      it "returns an error if query attribute is missing" do
+        cmd = api
+        body = "{ }"
+        doc = ArangoDB.log_post("#{prefix}-empty-query", cmd, :body => body)
+        
+        doc.code.should eq(400)
+        doc.headers['content-type'].should eq("application/json; charset=utf-8")
+        doc.parsed_response['error'].should eq(true)
+        doc.parsed_response['code'].should eq(400)
+        doc.parsed_response['errorNum'].should eq(600)
+      end
+      
+      it "returns an error if query is null" do
+        cmd = api
+        body = "{ \"query\" : null }"
+        doc = ArangoDB.log_post("#{prefix}-empty-query", cmd, :body => body)
+        
+        doc.code.should eq(400)
+        doc.headers['content-type'].should eq("application/json; charset=utf-8")
+        doc.parsed_response['error'].should eq(true)
+        doc.parsed_response['code'].should eq(400)
+        doc.parsed_response['errorNum'].should eq(1502)
+      end
+      
+      it "returns an error if query string is empty" do
+        cmd = api
+        body = "{ \"query\" : \"\" }"
+        doc = ArangoDB.log_post("#{prefix}-empty-query", cmd, :body => body)
+        
+        doc.code.should eq(400)
+        doc.headers['content-type'].should eq("application/json; charset=utf-8")
+        doc.parsed_response['error'].should eq(true)
+        doc.parsed_response['code'].should eq(400)
+        doc.parsed_response['errorNum'].should eq(1502)
+      end
+      
+      it "returns an error if query string is just whitespace" do
+        cmd = api
+        body = "{ \"query\" : \"    \" }"
+        doc = ArangoDB.log_post("#{prefix}-empty-query", cmd, :body => body)
+        
+        doc.code.should eq(400)
+        doc.headers['content-type'].should eq("application/json; charset=utf-8")
+        doc.parsed_response['error'].should eq(true)
+        doc.parsed_response['code'].should eq(400)
+        doc.parsed_response['errorNum'].should eq(1501)
+      end

      it "returns an error if collection is unknown" do
        cmd = api
--- a/arangod/Aql/Query.cpp
+++ b/arangod/Aql/Query.cpp
@ -94,7 +94,7 @@ Query::Query(bool contextOwnedByExterior, TRI_vocbase_t* vocbase,
      _contextOwnedByExterior(contextOwnedByExterior),
      _killed(false),
      _isModificationQuery(false) {
-
+    
  AqlFeature* aql = AqlFeature::lease();
  if (aql == nullptr) {
    THROW_ARANGO_EXCEPTION(TRI_ERROR_SHUTTING_DOWN);
--- a/arangod/RestHandler/RestCursorHandler.cpp
+++ b/arangod/RestHandler/RestCursorHandler.cpp
@ -112,6 +112,10 @@ void RestCursorHandler::processQuery(VPackSlice const& slice) {
  auto options = std::make_shared<VPackBuilder>(buildOptions(slice));
  VPackValueLength l;
  char const* queryString = querySlice.getString(l);
+  
+  if (l == 0) {
+    THROW_ARANGO_EXCEPTION(TRI_ERROR_QUERY_EMPTY);
+  }

  arangodb::aql::Query query(false, _vocbase, arangodb::aql::QueryString(queryString, static_cast<size_t>(l)),
                             bindVarsBuilder, options,