You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Should there be some sort of sanity check that events_json decodes to an Array?
We noticed a number of errors reported in our exception logging related to events_controller.rb:25 where the code expects an instance of array. Some values passed in as param events_json will result in the code reaching this point with a nil or integer value instead of an instance of array.
In our case, this was the byproduct of automated fuzzing/penetration testing by a bot (Detectify).
Hi,
Should there be some sort of sanity check that
events_jsondecodes to an Array?We noticed a number of errors reported in our exception logging related to events_controller.rb:25 where the code expects an instance of array. Some values passed in as param
events_jsonwill result in the code reaching this point with a nil or integer value instead of an instance of array.In our case, this was the byproduct of automated fuzzing/penetration testing by a bot (Detectify).
params:
{ "action": "create", "controller": "ahoy/events", "events_json": "nil" }params
{ "action": "create", "controller": "ahoy/events", "events_json": "41414141" }The text was updated successfully, but these errors were encountered: