Page MenuHomePhabricator
Create Task
Maniphest T344901

TypeError: Argument 1 passed to MediaWiki\CheckUser\ClientHints\ClientHintsData::newFromJsApi() must be of the type array, null given
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

What is the problem?

I can get the client hints API endpoint (rest.php/checkuser/v0/useragent-clienthints/revision/) to return this error:

[exception] [30b80b4c154e277391656329] /bare/rest.php/checkuser/v0/useragent-clienthints/revision/6890   TypeError: Argument 1 passed to MediaWiki\CheckUser\ClientHints\ClientHintsData::newFromJsApi() must be of the type array, null given, called in /home/drw/wikimedia/srv/bare/extensions/CheckUser/src/Api/Rest/Handler/UserAgentClientHintsHandler.php on line 55
#0 /home/drw/wikimedia/srv/bare/extensions/CheckUser/src/Api/Rest/Handler/UserAgentClientHintsHandler.php(55): MediaWiki\CheckUser\ClientHints\ClientHintsData::newFromJsApi()
#1 /home/drw/wikimedia/srv/bare/includes/Rest/SimpleHandler.php(38): MediaWiki\CheckUser\Api\Rest\Handler\UserAgentClientHintsHandler->run()
#2 /home/drw/wikimedia/srv/bare/includes/Rest/Router.php(517): MediaWiki\Rest\SimpleHandler->execute()
#3 /home/drw/wikimedia/srv/bare/includes/Rest/Router.php(422): MediaWiki\Rest\Router->executeHandler()
#4 /home/drw/wikimedia/srv/bare/includes/Rest/EntryPoint.php(195): MediaWiki\Rest\Router->execute()
#5 /home/drw/wikimedia/srv/bare/includes/Rest/EntryPoint.php(135): MediaWiki\Rest\EntryPoint->execute()
#6 /home/drw/wikimedia/srv/bare/rest.php(31): MediaWiki\Rest\EntryPoint::main()
#7 {main}

I think it happens when you try to pass it something that isn't JSON.

Steps to reproduce problem
  1. Setup a wiki with CheckUser installed and client hints enabled (they are by default)
  2. Run this command (You may need to change the value of the server to point to your local wiki):
curl 'http://localhost:8080/w/rest.php/checkuser/v0/useragent-clienthints/revision/6890' -H 'Content-Type: application/x-www-form-urlencoded' --data-raw 'foobar'

I have tried other content types, but so far I have only been able to reproduce it with Content-Type: application/x-www-form-urlencoded.

Environment

Wiki(s): MediaWiki 1.41.0-alpha (e20dc2f) 14:13, 7 August 2023. CheckUser 2.5 (bfcb3ae) 04:46, 24 August 2023.

Details

SubjectRepoBranchLines +/-
clienthints: Handle non-array response from ::getValidatedBodymediawiki/extensions/CheckUsermaster+63 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

dom_walden created this task.Aug 24 2023, 10:49 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 24 2023, 10:49 AM
Dreamy_Jazz subscribed.Aug 24 2023, 11:01 AM

This is because the UserAgentClientHintsHandler::getBodyValidator method isn't called if the content type is either application/x-www-form-urlencoded or mutlipart/form-data. This means that the UnsupportedContentTypeBodyValidator cannot be used as the method is never called and as such the "valid" data is used. When the data isn't valid (because it's a form data), the ::getValidatedBody method returns null. This was not accounted for.

The fix should just require checking that:

  • The validated body is an array. If not, then:
    • If the content type is a form, then return a 415 with the message rest-unsupported-content-type
    • Otherwise return some 4XX with an appropriate message (this should be accounted for by ::getBodyValidator, but it makes sense to explicitly check for it to prevent other issues that may not be seen at the moment)
Dreamy_Jazz added a project: Wikimedia-production-error.Aug 24 2023, 11:03 AM
Dreamy_Jazz changed the subtype of this task from "Bug Report" to "Production Error".
Dreamy_Jazz added a comment.Aug 24 2023, 11:06 AM

Re-producible on production wikis (Logstash single document). Impact is low as it would require a user sending a custom request to hit the server error.

Dreamy_Jazz added a parent task: T257893: [EPIC] Support User-Agent Client Hints header in CheckUser.Aug 24 2023, 11:06 AM
gerritbot added a comment.Aug 24 2023, 11:53 AM

Change 952187 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] clienthints: Handle non-array response from ::getValidatedBody

https://gerrit.wikimedia.org/r/952187

gerritbot added a project: Patch-For-Review.Aug 24 2023, 11:53 AM
Dreamy_Jazz claimed this task.Aug 24 2023, 11:53 AM
Dreamy_Jazz edited projects, added Anti-Harassment (AHaT Sprint 32 - Baseball Cap); removed Anti-Harassment.

Thanks for spotting this. I have created a patch that fixes this by returning an appropriate 4XX error code instead of a 500.

Dreamy_Jazz moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 24 2023, 11:54 AM
DAlangi_WMF moved this task from Untriaged to Aug 2023 on the Wikimedia-production-error board.Aug 24 2023, 3:11 PM
kostajh moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 25 2023, 8:38 AM
Dreamy_Jazz added a comment.Aug 25 2023, 9:06 AM

It seems that many other uses of ::getValidatedBody also assume an array will be returned if the JSON validator is used. While outside the scope of this task, the other usages will need to be fixed as I've seen a few in codesearch that would also cause a 500 server error if also given "form data" via setting the content type to a form.

Code search link: https://codesearch.wmcloud.org/search/?q=getValidatedBody&files=&excludeFiles=&repos=

Considering that the ::getValidatedBody method will also return null in many other cases (more than just the Content-Type check in Validator.php line 174), the usages of this method should explicitly be checking for null and return some kind of 4XX error when the validated body is null.

gerritbot added a comment.Aug 25 2023, 9:13 AM

Change 952187 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] clienthints: Handle non-array response from ::getValidatedBody

https://gerrit.wikimedia.org/r/952187

Maintenance_bot removed a project: Patch-For-Review.Aug 25 2023, 9:30 AM
Dreamy_Jazz moved this task from General / Unsorted to CheckUser on the CheckUser board.Aug 29 2023, 11:37 AM
Dreamy_Jazz moved this task from CheckUser to General / Unsorted on the CheckUser board.
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.25; 2023-09-05).Aug 30 2023, 3:01 AM
dom_walden moved this task from QA/Testing 🐞 to Done Q1 2023-2024 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.EditedAug 30 2023, 8:10 AM

I can no longer reproduce the bug in the description.

Instead, the API returns:

{"errorKey":"rest-unsupported-content-type","messageTranslations":{"en":"Unsupported Content-Type: application/x-www-form-urlencoded"},"httpCode":415,"httpReason":"Unsupported Media Type"}

I attacked the client hints API using OWASP ZAP which, among other things, modifies the Content-Type of the request header. I did not see any 500 responses or exceptions in the logs.

Test environment: CheckUser 2.5 (9ed2b65) 19:12, 29 August 2023.

kostajh moved this task from Backlog to Release 0 (Pilot wikis) on the http-client-hints board.Sep 26 2023, 11:31 AM
kostajh edited projects, added http-client-hints (Release 0 (Pilot wikis)); removed http-client-hints.
kostajh closed this task as Resolved.Sep 26 2023, 12:48 PM
Daimona mentioned this in T357909: Clarify Handler::getValidatedBody error states.Feb 19 2024, 3:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL