Fixed NPEs caused by requests without content.

[qwerty4030]

Fixed NPEs caused by requests without content.
REST handlers that require a body will throw an an ElasticsearchParseException "request body required".
REST handlers that require a body OR source param will throw an ElasticsearchParseException "request body or source parameter is required".
Replaced asserts in BulkRequest parsing code with a more descriptive IllegalArgumentException if the line contains an empty object.

Before this fix all the following requests threw confusing exceptions:

POST _bulk
POST _search/template/test
POST _scripts/test
POST _mapping/test
POST test-index/test-type
response:
{
  "error": {
    "root_cause": [
      {
        "type": "null_pointer_exception",
        "reason": null
      }
    ],
    "type": "null_pointer_exception",
    "reason": null
  },
  "status": 500
}

POST _template/test
response:
{

  "error": {
    "root_cause": [
      {
        "type": "not_x_content_exception",
        "reason": "Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes"
      }
    ],
    "type": "not_x_content_exception",
    "reason": "Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes"
  },
  "status": 500
}

POST _bulk
{}
response (note strange null in reason):
{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "Malformed action/metadata line [1], expected START_OBJECT or END_OBJECT but found [null]"
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "Malformed action/metadata line [1], expected START_OBJECT or END_OBJECT but found [null]"
  },
  "status": 400
}

After this fix, requests that require a body will throw this exception:

{
  "error": {
    "root_cause": [
      {
        "type": "parse_exception",
        "reason": "request body required"
      }
    ],
    "type": "parse_exception",
    "reason": "request body required"
  },
  "status": 400
}

After this fix, requests require a body or source param:

{
  "error": {
    "root_cause": [
      {
        "type": "parse_exception",
        "reason": "request body or source parameter is required"
      }
    ],
    "type": "parse_exception",
    "reason": "request body or source parameter is required"
  },
  "status": 400
}

Fixed confusing _bulk response:

POST _bulk
{}
response:
{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "Malformed action/metadata line [1], expected FIELD_NAME but found [END_OBJECT]"
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "Malformed action/metadata line [1], expected FIELD_NAME but found [END_OBJECT]"
  },
  "status": 400
}

Closes #24701

[elasticmachine]

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

[qwerty4030]

@jaymode Do you mind taking a look at this? I noticed you made some changes recently related to content type in #23146. I'm not sure this is the best solution; seems like there should be better way to reject requests at a higher level when there is no content (but it's required). Thanks!

Also I did not add tests for the missing content scenarios. Should this be tested with the REST tests or Java integration tests?

[jasontedor]

I left one comment, but it applies throughout the change. Additionally, I think that REST tests need to be added for all of these changes.

[jasontedor]

I don't understand this change? I think that we should still blow up here, just not with an NPE? This comment applies elsewhere in this pull request.

[qwerty4030]

I followed the pattern used in a few other places. e.g. RestCreateIndexAction#L44-L46.
Instead of failing in RestHandler.prepareRequest a validation exception will be thrown from ActionRequest.validate() if request content is missing but required.
Would an approach similar to RestDeleteByQueryAction.java#L51-L53 be better for cases when request content is required?

[jaymode]

I think that we should still blow up here, just not with an NPE?

I agree. This change may get larger but it would be great to have a general purpose way to do this. Thinking out loud:

• Make request#content throw an exception when there is no content
• Add new method to the RestHandler interface, something like requiresContentOrSource. This one is tricky because some rest handlers allow the content to be specified as the source parameter when it is a GET request with a body, so a simple boolean is not sufficient as not everything will support the source parameter.
• Remove direct uses of RestRequest#content and always use RestRequest#contentOrSourceParamParser and similar methods, which would need to be updated to ensure we have methods that throw when a body/source param is required etc. I do not think we'll be able to remove all of these methods as sometimes we just pass on the bytes directly.

I think all of these options have flaws, but hopefully this helps generate some other ideas about how to handle this.

[qwerty4030]

@jaymode I like your first suggestion:

Make request#content throw an exception when there is no content

If content is required this method will be called like it was before this PR and throw an exception if content is missing.
If content is optional the call can be placed inside if(request.hasContent()) {}

Let me know if that sounds good to you and I'll revert the changes in this PR and update the RestRequest#content method to throw new ElasticsearchParseException("Body required"); similar to RestRequest#contentOrSourceParamParser.

While I was looking at the code I noticed RestRequest#contentOrSourceParam does not throw an exception if content and source are missing. I traced one usage to RestMultiSearchAction#parseMultiLineRequest and it results in an validation exception:

POST _msearch
response:
{
  "error": {
    "root_cause": [
      {
        "type": "action_request_validation_exception",
        "reason": "Validation Failed: 1: no requests added;"
      }
    ],
    "type": "action_request_validation_exception",
    "reason": "Validation Failed: 1: no requests added;"
  },
  "status": 400
}

Should the requests that use this method fail earlier (while parsing) as well?

[jaymode]

@qwerty4030 I apologize for the delay here.

If content is required this method will be called like it was before this PR and throw an exception if content is missing.
If content is optional the call can be placed inside if(request.hasContent()) {}

This sounds good to me.

While I was looking at the code I noticed RestRequest#contentOrSourceParam does not throw an exception if content and source are missing. I traced one usage to RestMultiSearchAction#parseMultiLineRequest and it results in an validation exception:

I think we should probably try to get rid of this behavior and just rely on the behavior you described above (throw exception if content is missing).

[qwerty4030]

@jaymode Pushed new changes. I had to create a new RestRequest#requiredContent() method since content() was abstract and I didn't want to mess with the implementations. Also this way we can just call content() if its optional or requiredContent() if its not (IMO better than having to wrap it in an if(request.hasContent()).

I was unable to add REST tests because the internal test runner validates the request using the api spec, which requires a body for these requests. Should I look into adding some kind of override or try adding integration/unit tests instread? Thanks!

[jasontedor]

This sounds like a good scenario for an ESRestTestCase.

[qwerty4030]

@jasontedor Looks like I spoke too soon. I discovered that you can do a raw REST call:

---
"missing body":
  - do:
      catch: /request body required/
      raw:
        method: POST
        path: _bulk

Would you prefer that?

Another idea I had was to somehow use the REST API spec to automatically test all requests that require a body.

[jasontedor]

Would you prefer that?

The REST tests (the YAML-based ones) are preferred because then the other language clients benefit from them too.

Another idea I had was to somehow use the REST API spec to automatically test all requests that require a body.

I'd rather that we not get fancy here, there are other consumers of the REST tests.

[qwerty4030]

@jasontedor Pushed updates to the REST tests and cleaned up some RestHandlers to use the changes in RestRequest to throw an exception when content is missing.

[jaymode]

Please use a space between the if and (. Also, I think it would be good to use XContentParserUtils#ensureExpectedToken or XContentParserUtils#ensureFieldName

[jaymode]

I think it would be good to use XContentParserUtils#ensureExpectedToken or XContentParserUtils#ensureFieldName

[qwerty4030]

I tried to use these methods but the ParsingException they throw has the wrong line number due to BulkRequest#add creating a new XContentParser for each action.

[qwerty4030]

On potential fix it to catch the ParsingException and rethrow a new ParsingException with the correct line number.

[jaymode]

space between if and (

[jaymode]

Change "param required" to "parameters are required"

[jaymode]

use a try-with resources for the parser value

[jaymode]

use a different variable

[qwerty4030]

@jaymode Pushed changes to address all your comments except the one about using XContentParserUtils#ensureExpectedToken (see my comment above). Thanks!

[qwerty4030]

@jasontedor @jaymode Hey guys, are there any other changes you would like me to make? Thanks.

[jasontedor]

This branch is not up to date with master, can you merge it in and resolve conflicts? Also @jaymode is on vacation this week, and we are going to need his eyes on this next week before it can be pulled.

[qwerty4030]

Sounds good. I'll merge master a bit later this week to catch any future conflicts.

[qwerty4030]

Jumped the gun on cleaning up this class: turns out that update_by_query allows an empty body so we need to make sure this method does not throw an exception if the request body or source param is missing.

[qwerty4030]

Merged master and disabled the new REST tests for BWC tests.

[qwerty4030]

@jaymode Let me know when you'll have time to take another look. Thanks.

[qwerty4030]

Merged latest master to resolve conflicts and ran gradle check successfully.
@jaymode Please take a look when you have a chance.

[jaymode]

left two style comments, but otherwise I think this is ready to get in after fixing those and merging master again. @jasontedor do you want to take another look as well?

[jaymode]

can you add a space between the if and (

[qwerty4030]

done in 08d1749

[jaymode]

space between if and (

[qwerty4030]

done in 08d1749

[jasontedor]

LGTM.

[jaymode]

Pushed 4ad47d2 for 5.x

[qwerty4030]

@jaymode Thanks for the review. Question: do we need to do something different for backport REST tests because they should pass for latest 5.X, but not for versions <= 5.4?

[jaymode]

@qwerty4030 I took care of it during the backport by changing the skip version to 5.4.99. I'll also update the tests on master shortly to use that for the skip version