Skip to content

Restore exception semantics for RequestParams#145212

Merged
felixbarny merged 5 commits intoelastic:mainfrom
felixbarny:request-params-restore-exception-semantics
Mar 31, 2026
Merged

Restore exception semantics for RequestParams#145212
felixbarny merged 5 commits intoelastic:mainfrom
felixbarny:request-params-restore-exception-semantics

Conversation

@felixbarny
Copy link
Copy Markdown
Member

@felixbarny felixbarny commented Mar 30, 2026
edited
Loading

#144506 introduced RequestParams and had its factory methods wrap IllegalArgumentException from RestUtils.decodeQueryString as RestRequest.BadParameterException. This caused a regression: the exception was thrown before reaching RestRequest.request(), so it was not caught and translated into a 400 response — instead bubbling up as a 500.

This PR restores the previous behaviour by having RequestParams throw IllegalArgumentException directly (as RestUtils.decodeQueryString always did), and moving the IllegalArgumentExceptionBadParameterException conversion back into RestRequest.request(), where the 400 translation happens.

Closes #145197

@felixbarny
Restore exception semantics for RequestParams: throw IllegalArgumentE…
dd39864 
…xception directly

Move the IllegalArgumentException → BadParameterException conversion to
RestRequest.request(), where it belongs, rather than inside RequestParams which
has no dependency on RestRequest.
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label v9.4.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Mar 30, 2026
@felixbarny felixbarny self-assigned this Mar 30, 2026
@felixbarny felixbarny added >test Issues or PRs that are addressing/adding tests :Security/IdentityProvider Identity Provider (SSO) project in X-Pack labels Mar 30, 2026
@elasticsearchmachine elasticsearchmachine added Team:Security Meta label for security team and removed needs:triage Requires assignment of a team area label labels Mar 30, 2026
@elasticsearchmachine
Copy link
Copy Markdown
Collaborator

elasticsearchmachine commented Mar 30, 2026

Pinging @elastic/es-security (Team:Security)

@n1v0lg n1v0lg requested review from DaveCTurner and n1v0lg March 30, 2026 15:43
n1v0lg
n1v0lg approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@n1v0lg n1v0lg left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM w.r.t. the security test case; keeping the 400 instead of throwing 500 is what we want here 👍

Requesting a review from one of the original PR's reviewers since they'll have more context.

I think it's worth adding some light unit tests for this and the two other methods -- a quick check of fromQueryString doesn't show any coverage of it invoked on invalid inputs.

@felixbarny
Update RestUtilsTests to expect IllegalArgumentException from Request…
d91ea45 
…Params

Now that RequestParams throws IllegalArgumentException directly (rather than
wrapping it as BadParameterException), the testReservedParameters test needs
to match.
DaveCTurner
DaveCTurner approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@DaveCTurner DaveCTurner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM2 tho needs some tests.

Also I think BadParameterException should map to a 400 anyway? I mean I know it doesn't today but we could change that too.

@felixbarny
Copy link
Copy Markdown
Member Author

felixbarny commented Mar 30, 2026

I think it's worth adding some light unit tests for this and the two other methods -- a quick check of fromQueryString doesn't show any coverage of it invoked on invalid inputs.

That's because I forgot to update the tests. Should be covered in d91ea45.

@felixbarny
Copy link
Copy Markdown
Member Author

felixbarny commented Mar 30, 2026

Also I think BadParameterException should map to a 400 anyway? I mean I know it doesn't today but we could change that too.

Maybe it should extend IllegalArgumentException?

@felixbarny felixbarny enabled auto-merge (squash) March 30, 2026 16:13
@felixbarny felixbarny merged commit d96159b into elastic:main Mar 31, 2026
41 checks passed
@felixbarny felixbarny deleted the request-params-restore-exception-semantics branch March 31, 2026 06:46
ncordon pushed a commit to ncordon/elasticsearch that referenced this pull request Apr 1, 2026
@felixbarny @ncordon
Restore exception semantics for RequestParams (elastic#145212)
43dabc6 
Move the IllegalArgumentException → BadParameterException conversion to
RestRequest.request(), where it belongs, rather than inside RequestParams which
has no dependency on RestRequest.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DaveCTurner DaveCTurner DaveCTurner approved these changes

@n1v0lg n1v0lg n1v0lg approved these changes

Assignees

@felixbarny felixbarny

Labels

external-contributor Pull request authored by a developer outside the Elasticsearch team :Security/IdentityProvider Identity Provider (SSO) project in X-Pack Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v9.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[CI] SamlIdentityProviderTests testSpInitiatedSsoFailsForMalformedRequest failing

4 participants

@felixbarny @elasticsearchmachine @DaveCTurner @n1v0lg