From a60a0c845fb2da704c591f00078654feb2c01d20 Mon Sep 17 00:00:00 2001
From: jfriedli
Date: Mon, 23 Aug 2021 20:56:49 +0200
Subject: validate bulk body is parsable

---
 matweb/rest_api.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'matweb/rest_api.py')

diff --git a/matweb/rest_api.py b/matweb/rest_api.py
index 48dcc10..5784bec 100644
--- a/matweb/rest_api.py
+++ b/matweb/rest_api.py
@@ -7,7 +7,7 @@ from uuid import uuid4
 
 from flask import after_this_request, send_from_directory, Blueprint, current_app
 from flask_restful import Resource, reqparse, abort, request, url_for, Api
-from cerberus import Validator
+from cerberus import Validator, DocumentError
 from werkzeug.datastructures import FileStorage
 from flasgger import swag_from
 
@@ -157,9 +157,13 @@ class APIBulkDownloadCreator(Resource):
         if not data:
             abort(400, message="Post Body Required")
             current_app.logger.error('BulkDownload -  Missing Post Body')
-        if not self.v.validate(data):
-            current_app.logger.error('BulkDownload -  Missing Post Body: %s', str(self.v.errors))
-            abort(400, message=self.v.errors)
+        try:
+            if not self.v.validate(data):
+                current_app.logger.error('BulkDownload -  Missing Post Body: %s', str(self.v.errors))
+                abort(400, message=self.v.errors)
+        except DocumentError as e:
+            abort(400, message="Invalid Post Body")
+            current_app.logger.error('BulkDownload -  Invalid Post Body: %s', str(e))
         # prevent the zip file from being overwritten
         zip_filename = 'files.' + str(uuid4()) + '.zip'
         zip_path = os.path.join(current_app.config['UPLOAD_FOLDER'], zip_filename)
-- 
cgit v1.3