Slash before double quote in JSON data for REST back-end
Concerned version
Version: 2.0.5 with patch (fca83141)
Platform: Apache
Summary
REST Back-end JSON data body aka JSON file sent to the REST Authentication URL contains slash before quotes.
Logs
The following output in JSON format was captured by Wiremock. The LLNG (192.168.1.40) REST Authentication URL was set to the Wiremock URL (http://192.168.1.134:8080/api/auth) for the data to be captured:
{
"url" : "/api/auth",
"absoluteUrl" : "http://192.168.1.134:8080/api/auth",
"method" : "POST",
"clientIp" : "192.168.1.40",
"headers" : {
"Connection" : "TE, close",
"User-Agent" : "libwww-perl/6.05",
"TE" : "deflate,gzip;q=0.3",
"Host" : "192.168.1.134:8080",
"Content-Length" : "38",
"Content-Type" : "application/json"
},
"cookies" : { },
"browserProxyRequest" : false,
"loggedDate" : 1567140439293,
"bodyAsBase64" : "eyJwYXNzd29yZCI6InNlY3JldCIsInVzZXIiOiJqYWlsYW5pIn0=",
"body" : "{\"password\":\"secret\",\"user\":\"jailani\"}",
"scheme" : "http",
"host" : "192.168.1.134",
"port" : 8080,
"loggedDateString" : "2019-08-30T04:47:19Z",
"queryParams" : { }
}
Correspondingly, JSON data was sent using CURL from the same host to the same Wiremock URL is as follows $ curl --header "Content-Type: application/json" --request POST --data '{“user”:jailani,“password”:secret}' http://192.168.1.134:8080/api/auth
What the wiremock captured was (in JSON)
{
"url" : "/api/auth",
"absoluteUrl" : "http://192.168.1.134:8080/api/auth",
"method" : "POST",
"clientIp" : "192.168.1.40",
"headers" : {
"User-Agent" : "curl/7.29.0",
"Host" : "192.168.1.134:8080",
"Accept" : "*/*",
"Content-Length" : "42",
"Content-Type" : "application/json"
},
"cookies" : { },
"browserProxyRequest" : false,
"loggedDate" : 1566994915552,
"bodyAsBase64" : "e+KAnHVzZXLigJ06amFpbGFuaSzigJxwYXNzd29yZOKAnTpzZWNyZXR9",
"body" : "{“user”:jailani,“password”:secret}",
"scheme" : "http",
"host" : "192.168.1.134",
"port" : 8080,
"loggedDateString" : "2019-08-28T12:21:55Z",
"queryParams" : { }
}
Backends used
REST backend
Possible fixes
The code to add slash before the double quotes was probably done to comply to the specifications set out in http://json.org/ and RFC 8259 (https://tools.ietf.org/html/rfc8259) to allow for double quotation marks as part of a string value in the name:value pair. Possible solution
- fix the code that adds the slash before the double quotes.
- code the API end points to ignore or strip the slash