Uploaded image for project: 'Olingo'
  1. Olingo
  2. OLINGO-1620

Incorrect validation of odata.bind annotation

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • (Java) V4 4.9.0, (Java) V4 4.10.0, Version (Java) V4 5.0.0
    • None
    • odata4-server
    • None

    Description

      Steps to reproduce:

      • Make a POST request with a JSON body containing a bind operation. For example: 
        • {
   "Name":"A Name",
   "MyNavProperty@odata.bind12345":"Product(12)"
}

      The JSON deserializer will consider @odata.bind12345 as being well formed and will pass the binding link down to the processors.

      This is because the deserializer only does a partial checks (String.contains()) on the JSON field key: https://github.com/apache/olingo-odata4/blob/20b0d7a2c0134d00cd86ef42545bf4af9b254d32/lib/server-core/src/main/java/org/apache/olingo/server/core/deserializer/json/ODataJsonDeserializer.java#L460

      Instead, it should be an exact match.

      Attachments

        Activity

          People

            Unassigned Unassigned
            falbert Florent Albert
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: