From 44d913657ad957c9678d3445e267096b43c89e96 Mon Sep 17 00:00:00 2001 From: calgor Date: Fri, 14 Apr 2023 10:23:44 +0330 Subject: [PATCH 1/3] Add handling for empty content type in request header --- bind.go | 4 +++- echo.go | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/bind.go b/bind.go index c841ca010..5d84c9e5a 100644 --- a/bind.go +++ b/bind.go @@ -90,6 +90,8 @@ func (b *DefaultBinder) BindBody(c Context, i interface{}) (err error) { if err = b.bindData(i, params, "form"); err != nil { return NewHTTPError(http.StatusBadRequest, err.Error()).SetInternal(err) } + case ctype == "": + return ErrEmptyContentType default: return ErrUnsupportedMediaType } @@ -114,7 +116,7 @@ func (b *DefaultBinder) Bind(i interface{}, c Context) (err error) { // Only bind query parameters for GET/DELETE/HEAD to avoid unexpected behavior with destination struct binding from body. // For example a request URL `&id=1&lang=en` with body `{"id":100,"lang":"de"}` would lead to precedence issues. // The HTTP method check restores pre-v4.1.11 behavior to avoid these problems (see issue #1670) - method := c.Request().Method + method := c.Request().Method if method == http.MethodGet || method == http.MethodDelete || method == http.MethodHead { if err = b.BindQueryParams(c, i); err != nil { return err diff --git a/echo.go b/echo.go index 085a3a7f2..f8898bcb3 100644 --- a/echo.go +++ b/echo.go @@ -338,6 +338,7 @@ var ( ErrCookieNotFound = errors.New("cookie not found") ErrInvalidCertOrKeyType = errors.New("invalid cert or key type, must be string or []byte") ErrInvalidListenerNetwork = errors.New("invalid listener network") + ErrEmptyContentType = errors.New("empty content type") ) // Error handlers From bfe99ab14e258d57b041bfe23eecad31c28b860c Mon Sep 17 00:00:00 2001 From: calgor Date: Mon, 17 Apr 2023 08:57:41 +0330 Subject: [PATCH 2/3] fixed the error type --- echo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/echo.go b/echo.go index f8898bcb3..b92242862 100644 --- a/echo.go +++ b/echo.go @@ -338,7 +338,7 @@ var ( ErrCookieNotFound = errors.New("cookie not found") ErrInvalidCertOrKeyType = errors.New("invalid cert or key type, must be string or []byte") ErrInvalidListenerNetwork = errors.New("invalid listener network") - ErrEmptyContentType = errors.New("empty content type") + ErrEmptyContentType = ErrUnsupportedMediaType.WithInternal(errors.New("missing content type header")) ) // Error handlers From 774c166dd7088edf7964c01a6e500c1b4a9466c1 Mon Sep 17 00:00:00 2001 From: calgor Date: Tue, 18 Apr 2023 08:28:23 +0330 Subject: [PATCH 3/3] added testing for empty Content-Type --- bind_test.go | 9 +++++++++ binder_test.go | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/bind_test.go b/bind_test.go index c35283dcf..dc6885a1a 100644 --- a/bind_test.go +++ b/bind_test.go @@ -429,6 +429,10 @@ func TestBindUnsupportedMediaType(t *testing.T) { testBindError(t, strings.NewReader(invalidContent), MIMEApplicationJSON, &json.SyntaxError{}) } +func TestBindErrEmptyContentType(t *testing.T) { + testBindError(t, strings.NewReader(invalidContent), "", errors.New("missing content type header")) +} + func TestBindbindData(t *testing.T) { ts := new(bindTestStruct) b := new(DefaultBinder) @@ -674,6 +678,11 @@ func testBindError(t *testing.T, r io.Reader, ctype string, expectedInternal err assert.Equal(t, http.StatusBadRequest, err.(*HTTPError).Code) assert.IsType(t, expectedInternal, err.(*HTTPError).Internal) } + case ctype == "": // no content type + if assert.IsType(t, new(HTTPError), err) { + assert.Equal(t, ErrEmptyContentType, err) + assert.IsType(t, expectedInternal, err.(*HTTPError).Internal) + } default: if assert.IsType(t, new(HTTPError), err) { assert.Equal(t, ErrUnsupportedMediaType, err) diff --git a/binder_test.go b/binder_test.go index 0b27cae64..b9b116d9a 100644 --- a/binder_test.go +++ b/binder_test.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/stretchr/testify/assert" "io" "math/big" "net/http" @@ -13,6 +12,8 @@ import ( "strings" "testing" "time" + + "github.com/stretchr/testify/assert" ) func createTestContext(URL string, body io.Reader, pathParams map[string]string) Context {