Fix nlohmann::json::dump calls
The nlohmann::json::dump call needs to be called with specific arguments
to avoid throwing in failure cases. http connection already does this
properly, but a bunch of code has snuck in (mostly in redfish) that
ignores this, and calls it incorrectly. This can potentially lead to a
crash if the wrong thing throws on invalid UTF8 characters.
This audits the whole codebase, and replaces every dump() call with the
correct dump(2, ' ', true, nlohmann::json::error_handler_t::replace)
call. For correct output, the callers should expect no change, and in
practice, this would require injecting non-utf8 characters into the
BMC.
Tested:
Ran several of the endpoints/error conditions in question, including
some of the error cases. Observed correct responses. I don't know of a
security issue that would allow injecting invalid utf8 into the BMC, but
in theory if it were possible, this would prevent a crash.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4a15b8e260e3db129bc20484ade4ed5449f75ad0
diff --git a/redfish-core/lib/task.hpp b/redfish-core/lib/task.hpp
index b6ca010..dbc6278 100644
--- a/redfish-core/lib/task.hpp
+++ b/redfish-core/lib/task.hpp
@@ -446,7 +446,9 @@
{"TargetUri", p.targetUri},
{"HttpOperation", p.httpOperation},
{"HttpHeaders", p.httpHeaders},
- {"JsonBody", p.jsonBody.dump()}};
+ {"JsonBody",
+ p.jsonBody.dump(2, ' ', true,
+ nlohmann::json::error_handler_t::replace)}};
}
asyncResp->res.jsonValue["PercentComplete"] = ptr->percentComplete;
}