fix(http): Handle undefined serialized JSON Query param #2844
Conversation
When a query parameter has content-type like JSON, an undefined serialized value could result into a Javascript Runtime error. This change will handle undefined value and simply ignore it.
|
Hi @acote-coveo, Thanks for contributing I'll look in this PR ASAP. |
|
This will be processed when [email protected] (https://github.com/swagger-api/swagger-js/releases/tag/v3.19.0-beta.5) is out of beta, probably during next week. The timing needs to be sequential here. |
|
All right, we're in stable release channel again, I'll process this PR during this week. |
|
|
||
| if (serializedValue) { | ||
| req.query[parameter.name] = serializedValue; | ||
| } else if (parameter.allowEmptyValue && value !== undefined) { |
There was a problem hiding this comment.
This else block is AFAICT never going to be hit. If we look at serialize function:
export default function serialize(value, mediaType) {
if (mediaType.includes('application/json')) {
if (typeof value === 'string') {
// Assume the user has a JSON string
return value;
}
return JSON.stringify(value);
}
return value.toString();
}If always returns undefined or string. It returns undefined for following cases:
serialize(undefined, 'application/json'); // => undefined
serialize(Symbol.for('test'), 'application/json'); // => undefined
...etc...We've now established that the serializedValue variable can be either string or undefined, this serves as a proof that else is never going to be hit.
What do you think, if we would simplify the code into following statement?
if (parameter.content) {
const effectiveMediaType = Object.keys(parameter.content)[0];
value = serialize(value, effectiveMediaType);
if (value) {
req.query[parameter.name] = value;
}
return;
}There was a problem hiding this comment.
We've now established that the serializedValue variable can be either string or undefined, this serves as a proof that else is never going to be hit.
The else if is comparing the value to undefined. So the simplification you're suggesting is not entirely equivalent.
Take this example:
const value = Symbol.for('test') // Symbol(test)
serialize(value, 'application/json'); // undefined
// Invalidation of your proof
value !== undefined // trueNote that I haven't look at all the possible combination of input/output we could have for the serialize functional. So I took the safest path and kept the same else that I saw elsewhere in the code.
There was a problem hiding this comment.
You're right, we're comparing serializedValue and value. So taking my falsy "elaboration" back.
Co-authored-by: Vladimír Gorej <[email protected]>
## [3.19.1](v3.19.0...v3.19.1) (2023-03-08) ### Bug Fixes * **execute:** handle undefined serialized JSON Query param ([#2844](#2844)) ([285ade8](285ade8))
|
🎉 This PR is included in version 3.19.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Description
When a query parameter has content-type like JSON, an undefined serialized value could result into a Javascript Runtime error.
If we look at the code, we can see that if the parameter has a
contentproperty, we have the following handling:swagger-js/src/execute/oas3/parameter-builders.js
Lines 30 to 35 in e0194da
Then, if look into the serialize function, we see that for JSON, it will either serialize the value or return it (if it's a string:
swagger-js/src/execute/oas3/content-serializer.js
Lines 6 to 16 in e0194da
The
JSON.stringify()was returning anundefinedvalue if it was provided with aundefinedvalue. Thus, it was breaking a bunch of assumptions in the code to expect thevalueto be an object or a string.Motivation and Context
Whenever we would define a query parameter of content type "application/json", if no value or example was provided for this value, it will result in a runtime error. Consequently, we were able to use the
Try it outfeature of Swagger UI on the endpoints having this particularity.It potentially fixes swagger-api/swagger-ui#8374. I haven't tested but it the same error.
How Has This Been Tested?
I added unit test to see if the error still happen and I tested the change locally by linking my local instance of SwaggerUI with my local SwaggerClient repo.
I made sure there was no JS error when trying an endpoint and made sure the parameter were properly passed.
Screenshots (if appropriate):
Types of changes
package.json)Checklist: