2 files changed, 13 insertions, 1 deletions

diff --git a/matweb/rest_api.py b/matweb/rest_api.py
index d44d838..48dcc10 100644
--- a/matweb/rest_api.py
+++ b/matweb/rest_api.py
@@ -26,8 +26,12 @@ class APIUpload(Resource):
         req_parser = reqparse.RequestParser()
         req_parser.add_argument('file_name', type=str, required=True, help='Post parameter is not specified: file_name')
         req_parser.add_argument('file', type=str, required=True, help='Post parameter is not specified: file')
+        try:
+            args = req_parser.parse_args()
+        except ValueError as e:
+            current_app.logger.error('Upload - failed parsing arguments %s', e)
+            abort(400, message='Failed parsing body')
 
-        args = req_parser.parse_args()
         try:
             file_data = base64.b64decode(args['file'])
         except (binascii.Error, ValueError) as e:
diff --git a/test/test_api.py b/test/test_api.py
index 8be165e..878b0ab 100644
--- a/test/test_api.py
+++ b/test/test_api.py
@@ -432,6 +432,14 @@ class Mat2APITestCase(unittest.TestCase):
         self.assertEqual(400, request.status_code)
         self.assertEqual("Failed decoding file", error_message)
 
+        request = self.app.post('/api/upload',
+                                data="\"\'\'\'&&cat$z $z/etc$z/passwdu0000\"",
+                                headers={'content-type': 'application/json'}
+                                )
+        error_message = request.get_json()['message']
+        self.assertEqual(400, request.status_code)
+        self.assertEqual("Failed parsing body", error_message)
+
     def test_valid_opena_api_spec(self):
         spec = self.app.get('apispec_1.json').get_json()
         validate_spec(spec)