|
|
|
|
@ -189,9 +189,9 @@ def inspect_json(obj, path="body", check_whitelist=True):
|
|
|
|
|
log.warning(f"Security violation: Forbidden JSON key detected: {path}.{key}")
|
|
|
|
|
raise HTTPException(status_code=422, detail="Invalid request parameters")
|
|
|
|
|
|
|
|
|
|
if check_whitelist and key not in ALLOWED_DATA_PARAMS:
|
|
|
|
|
log.warning(f"Security violation: Unknown JSON key detected: {path}.{key}")
|
|
|
|
|
raise HTTPException(status_code=422, detail="Invalid request parameters")
|
|
|
|
|
# if check_whitelist and key not in ALLOWED_DATA_PARAMS:
|
|
|
|
|
# log.warning(f"Security violation: Unknown JSON key detected: {path}.{key}")
|
|
|
|
|
# raise HTTPException(status_code=422, detail="Invalid request parameters")
|
|
|
|
|
|
|
|
|
|
# Recurse. If the key is a dynamic container, we stop whitelist checking for children.
|
|
|
|
|
should_check_subkeys = check_whitelist and (key not in DYNAMIC_KEYS)
|
|
|
|
|
@ -251,10 +251,10 @@ class RequestValidationMiddleware(BaseHTTPMiddleware):
|
|
|
|
|
raise HTTPException(status_code=422, detail="Invalid request parameters")
|
|
|
|
|
|
|
|
|
|
# Check for unknown query parameters
|
|
|
|
|
unknown_params = [key for key, _ in params if key not in ALLOWED_DATA_PARAMS]
|
|
|
|
|
if unknown_params:
|
|
|
|
|
log.warning(f"Security violation: Unknown query parameters detected: {unknown_params}")
|
|
|
|
|
raise HTTPException(status_code=422, detail="Invalid request parameters")
|
|
|
|
|
# unknown_params = [key for key, _ in params if key not in ALLOWED_DATA_PARAMS]
|
|
|
|
|
# if unknown_params:
|
|
|
|
|
# log.warning(f"Security violation: Unknown query parameters detected: {unknown_params}")
|
|
|
|
|
# raise HTTPException(status_code=422, detail="Invalid request parameters")
|
|
|
|
|
|
|
|
|
|
# -------------------------
|
|
|
|
|
# 2. Duplicate parameters
|
|
|
|
|
|