Uploaded image for project: 'Couchbase Gateway'
  1. Couchbase Gateway
  2. CBG-1412

JSON strings in some responses not being correctly escaped

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 2.7.0
    • 3.0
    • SyncGateway
    • Security Level: Public
    • None
    • CBG Sprint 75
    • 3

    Description

      Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively.

      Same general issue as CBG-661, but that fix was too narrow.

      E.g:

      from handler.writeRawJSON, handler.writeRawJSONStatus

      h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) 

      h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) 

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            ben.brooks Ben Brooks created issue -
            ben.brooks Ben Brooks made changes -
            Field Original Value New Value
            Description Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively.

             

            We can use the Go JSON Marshaller to get properly escaped JSON strings, and should still be cheaper than using the JSON marshaller on the entire struct.

             

            E.g:

            from handler.writeRawJSON, handler.writeRawJSONStatus
            {code:java}
            h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code}
            {code:java}
            h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}
            Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively.

             

            E.g:

            from handler.writeRawJSON, handler.writeRawJSONStatus
            {code:java}h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code}
            {code:java}h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}
            ben.brooks Ben Brooks made changes -
            Link This issue relates to CBG-661 [ CBG-661 ]
            ben.brooks Ben Brooks made changes -
            Description Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively.

             

            E.g:

            from handler.writeRawJSON, handler.writeRawJSONStatus
            {code:java}h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code}
            {code:java}h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}
            Need to ensure strings are correctly escaped when manually building JSON responses (we do this for some small efficiency reasons). We already do this in some places via ConvertToJSONString, need to make sure this is used comprehensively.

            Same general issue as CBG-661, but that fix was too narrow.

            E.g:

            from handler.writeRawJSON, handler.writeRawJSONStatus
            {code:java}h.writeRawJSON([]byte(`{"id":"` + docid + `","ok":true,"rev":"` + newRev + `"}`)) {code}
            {code:java}h.writeRawJSONStatus(http.StatusCreated, []byte(`{"id":"`+docid+`","ok":true,"rev":"`+newRev+`"}`)) {code}
            ben.brooks Ben Brooks made changes -
            Priority Major [ 3 ] Critical [ 2 ]
            adamf Adam Fraser made changes -
            Assignee The One [ the one ] Isaac Lambat [ JIRAUSER25602 ]
            adamf Adam Fraser made changes -
            Story Points 2 3
            adamf Adam Fraser made changes -
            Sprint CBG Sprint 75 [ 1625 ]
            adamf Adam Fraser made changes -
            Rank Ranked lower
            isaac.lambat Isaac Lambat made changes -
            Rank Ranked higher
            isaac.lambat Isaac Lambat made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Automated transition triggered when Isaac Lambat created pull request #5023 in GitHub -
            Status In Progress [ 3 ] In Review [ 10107 ]
            Automated transition triggered when Ben Brooks merged pull request #5023 in GitHub -
            Resolution Fixed [ 1 ]
            Status In Review [ 10107 ] Resolved [ 5 ]
            ben.brooks Ben Brooks made changes -
            Status Resolved [ 5 ] Closed [ 6 ]

            People

              isaac.lambat Isaac Lambat
              ben.brooks Ben Brooks
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty