fix(agent): Add robust string coercion for numeric literals in transaction payloads#23659
fix(agent): Add robust string coercion for numeric literals in transaction payloads#23659HarshalPatel1972 wants to merge 1 commit into
Conversation
|
|
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds robust JSON unmarshaling to the txn endpoint so that Token values provided as numeric literals can be coerced into strings without failing request parsing.
Changes:
- Introduced a local
TxnOpwrapper type with a customUnmarshalJSONto coerceTokenfrom number → string. - Switched txn op decoding in
convertOpsfromapi.TxnOpsto the new localTxnOpstype. - Added a regression test that submits a numeric
Tokenin the raw JSON payload and asserts the endpoint still processes the transaction.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| agent/txn_endpoint.go | Adds a wrapper txn op type with custom JSON unmarshaling and updates endpoint decoding to use it. |
| agent/txn_endpoint_test.go | Adds a test covering numeric-to-string coercion for the Token field in txn payloads. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // TxnOp wraps api.TxnOp to implement robust JSON unmarshaling | ||
| // with dynamic string coercion for tokens that might slip in as numeric literals. | ||
| type TxnOp struct { | ||
| api.TxnOp | ||
| Token string `json:"Token,omitempty"` | ||
| } |
| payload := `[{"KV": {"Verb": "set", "Key": "foo/bar", "Value": "dGVzdA=="}, "Token": 999888}]` | ||
|
|
||
| buf := bytes.NewBuffer([]byte(payload)) | ||
| req, _ := http.NewRequest("PUT", "/v1/txn", buf) |
HarshalPatel1972
force-pushed
the
fix/kv-string-coercion
branch
from
f3065fd to
1a1fc8f
Compare
Description
When API consumers submit transactions to the Consul KV endpoints, fields like tokens and IDs are structurally expected to be strings. However, if a client inadvertently maps data dynamically and passes an unquoted numerical literal (e.g.,
{"Token": 999888}instead of"999888"), the defaultencoding/jsonlibrary unmarshals the numeric literal as afloat64. This mismatch causes downstream string type-assertions to fail, potentially dropping the data before it crosses the RPC serialization boundaries.This PR introduces a defensive
UnmarshalJSONsafety hook in the HTTP transaction handlers to gracefully intercept and coerce these numerical literals back into valid string blocks.Changes Made
TxnOp) aroundapi.TxnOpinagent/txn_endpoint.goto intercept JSON mappings.UnmarshalJSONhook using thejson.RawMessagepattern to safely read dynamic types on theTokenfield and correctly coercefloat64values into strings.TestTxnEndpoint_StringCoercion) inagent/txn_endpoint_test.goto assert the boundary's safety against unquoted numerals.Testing
go testand validated the defensive structural parser against mock transaction JSON blocks.