[CBG-1412] JSON strings in some responses not being correctly escaped - Couchbase database

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.7.0
Fix Version/s: 3.0
Component/s: SyncGateway
Security Level: Public
Labels:
None

Sprint:
CBG Sprint 75
Story Points:
3

Description

Same general issue as ~~CBG-661~~, but that fix was too narrow.

E.g:

from handler.writeRawJSON, handler.writeRawJSONStatus

h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`))

h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`))

Attachments

Issue Links

relates to

CBG-661 Errors from REST API produce invalid JSON

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

Ascending order - Click to sort in descending order

Ben Brooks created issue - 22/Apr/21 10:19 AM

Ben Brooks made changes - 22/Apr/21 10:35 AM

Field	Original Value	New Value
Description	Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively. We can use the Go JSON Marshaller to get properly escaped JSON strings, and should still be cheaper than using the JSON marshaller on the entire struct. E.g: from handler.writeRawJSON, handler.writeRawJSONStatus {code:java} h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code} {code:java} h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}	Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively. E.g: from handler.writeRawJSON, handler.writeRawJSONStatus {code:java}h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code} {code:java}h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}

Ben Brooks made changes - 22/Apr/21 10:38 AM

Link

This issue relates to ~~CBG-661~~ [ ~~CBG-661~~ ]

Ben Brooks made changes - 22/Apr/21 10:38 AM

Description

Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively.

E.g:

from handler.writeRawJSON, handler.writeRawJSONStatus
{code:java}h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code}
{code:java}h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}

Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively.

Same general issue as ~~CBG-661~~, but that fix was too narrow.

E.g:

from handler.writeRawJSON, handler.writeRawJSONStatus
{code:java}h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code}
{code:java}h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}

Ben Brooks made changes - 27/Apr/21 8:12 AM

Priority

Major [ 3 ]

Critical [ 2 ]

Adam Fraser made changes - 03/Jun/21 9:11 AM

Assignee

The One [ the one ]

Isaac Lambat [ JIRAUSER25602 ]

Adam Fraser made changes - 03/Jun/21 9:12 AM

Story Points

Adam Fraser made changes - 03/Jun/21 9:12 AM

Sprint

CBG Sprint 75 [ 1625 ]

Adam Fraser made changes - 03/Jun/21 9:12 AM

Rank

Ranked lower

Isaac Lambat made changes - 03/Jun/21 10:16 AM

Rank

Ranked higher

Isaac Lambat made changes - 04/Jun/21 7:34 AM

Status

Open [ 1 ]

In Progress [ 3 ]

Automated transition triggered when Isaac Lambat created pull request #5023 in GitHub - 07/Jun/21 5:14 AM

Status

In Progress [ 3 ]

In Review [ 10107 ]

Couchbase Build Team added a comment - 07/Jun/21 7:12 AM

Build sync_gateway-3.0.0-216 contains sync_gateway commit 51c3631 with commit message:
~~CBG-1412~~ - JSON strings in some responses not being correctly escaped (#5023)

Couchbase Build Team added a comment - 07/Jun/21 7:12 AM Build sync_gateway-3.0.0-216 contains sync_gateway commit 51c3631 with commit message: CBG-1412 - JSON strings in some responses not being correctly escaped (#5023)

Automated transition triggered when Ben Brooks merged pull request #5023 in GitHub - 07/Jun/21 7:16 AM

Resolution		Fixed [ 1 ]
Status	In Review [ 10107 ]	Resolved [ 5 ]

Ben Brooks made changes - 08/Jun/21 11:44 AM

Status

Resolved [ 5 ]

Closed [ 6 ]

People

Assignee:: Isaac Lambat

Reporter:: Ben Brooks

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Apr/21 10:19 AM

Updated:: 08/Jun/21 11:44 AM

Resolved:: 07/Jun/21 7:16 AM

Gerrit Reviews

There are no open Gerrit changes

PagerDuty

Couchbase Gateway

Details

Description

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty