[ https://issues.apache.org/jira/browse/MESOS-7773?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16125532#comment-16125532 ]
Benno Evers commented on MESOS-7773: ------------------------------------ While we're at it, we should also make sure that we always return BadRequest on malformed user input instead of `CHECK`-ing and aborting. Right now, there are some places where it looks like we're asserting certain properties of user-passed protobuf messages, for example the local authorizer seems to `CHECK` that certain fields of the passed protobuf message was set. (src/authorizer/local/authorizer.cpp:312) > HTTP request validation stage is not explicit. > ---------------------------------------------- > > Key: MESOS-7773 > URL: https://issues.apache.org/jira/browse/MESOS-7773 > Project: Mesos > Issue Type: Bug > Components: libprocess > Reporter: Alexander Rukletsov > Labels: mesosphere, reliability > > Currently we validate HTTP requests in multiple places in libprocess, for > instance {{ProcessManager::handle()}}, {{StreamingRequestDecoder::decode()}}, > {{process::parse()}}. To improve error handling when dealing with malformed > HTTP requests (including libprocess messages), consider introducing a > validation stage and / or make sure {{Request}} and all its components are in > valid state before we start using it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)