From aa7d9afeb2275c5502b937299e39430e916791fe Mon Sep 17 00:00:00 2001
From: Patrick Boos <patrick.boos@getyourguide.com>
Date: Mon, 18 Mar 2024 17:08:02 +0100
Subject: [PATCH] update: ignore unexpected body on
 GET/DELETE/OPTIONS/HEAD/TRACE

---
 .../filter/OpenApiValidationInterceptor.java   |  6 ++++++
 .../validation/filter/BaseFilterTest.java      |  4 ++++
 .../OpenApiValidationInterceptorTest.java      | 18 +++++++++++++++++-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/spring-boot-starter/spring-boot-starter-web/src/main/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptor.java b/spring-boot-starter/spring-boot-starter-web/src/main/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptor.java
index df73fd61..a8847d8e 100644
--- a/spring-boot-starter/spring-boot-starter-web/src/main/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptor.java
+++ b/spring-boot-starter/spring-boot-starter-web/src/main/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptor.java
@@ -155,6 +155,12 @@ private List<OpenApiViolation> validateRequest(
     }
 
     private static String readBodyCatchingException(MultiReadContentCachingRequestWrapper request) {
+        if (!"POST".equalsIgnoreCase(request.getMethod())
+            && !"PUT".equalsIgnoreCase(request.getMethod())
+            && !"PATCH".equalsIgnoreCase(request.getMethod())) {
+            return null;
+        }
+
         try {
             return StreamUtils.copyToString(request.getInputStream(), StandardCharsets.UTF_8);
         } catch (IOException e) {
diff --git a/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/BaseFilterTest.java b/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/BaseFilterTest.java
index b7c01b95..a7e93349 100644
--- a/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/BaseFilterTest.java
+++ b/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/BaseFilterTest.java
@@ -53,6 +53,7 @@ private static void mockRequestAttributes(ServletRequest request, HashMap<String
 
     protected MockSetupData mockSetup(MockConfiguration configuration) {
         var request = mock(MultiReadContentCachingRequestWrapper.class);
+        when(request.getMethod()).thenReturn(configuration.requestMethod);
         var response = mock(ContentCachingResponseWrapper.class);
         var cachingRequest = mockContentCachingRequest(request, configuration);
         var cachingResponse = mockContentCachingResponse(response, configuration);
@@ -108,6 +109,7 @@ private MultiReadContentCachingRequestWrapper mockContentCachingRequest(
         MockConfiguration configuration
     ) {
         var cachingRequest = mock(MultiReadContentCachingRequestWrapper.class);
+        when(cachingRequest.getMethod()).thenReturn(configuration.requestMethod);
         when(contentCachingWrapperFactory.buildContentCachingRequestWrapper(request)).thenReturn(cachingRequest);
         if (configuration.requestBody != null) {
             try {
@@ -160,6 +162,8 @@ protected static class MockConfiguration {
         @Builder.Default
         private String requestBody = REQUEST_BODY;
         @Builder.Default
+        private String requestMethod = "POST";
+        @Builder.Default
         private String responseBody = RESPONSE_BODY;
     }
 
diff --git a/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptorTest.java b/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptorTest.java
index 7176b99c..75b11894 100644
--- a/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptorTest.java
+++ b/spring-boot-starter/spring-boot-starter-web/src/test/java/com/getyourguide/openapi/validation/filter/OpenApiValidationInterceptorTest.java
@@ -104,6 +104,18 @@ public void testShouldFailOnRequestViolationWithViolation() {
         verifyNoResponseValidation();
     }
 
+    @Test
+    public void testShouldIgnoreBodyOnGetRequests() {
+        var mockData = mockSetup(MockConfiguration.builder().requestBody("{\"field\": 1}}").requestMethod("GET").build());
+
+        httpInterceptor.preHandle(mockData.request(), mockData.response(), new Object());
+        httpInterceptor.postHandle(mockData.request(), mockData.response(), new Object(), null);
+        httpInterceptor.afterCompletion(mockData.request(), mockData.response(), new Object(), null);
+
+        verifyRequestValidatedAsync(mockData, null);
+        verifyResponseValidatedAsync(mockData);
+    }
+
     @Test
     public void testShouldFailOnResponseViolationWithViolation() {
         var mockData = mockSetup(MockConfiguration.builder().shouldFailOnResponseViolation(true).build());
@@ -140,10 +152,14 @@ private void verifyNoResponseValidation() {
     }
 
     private void verifyRequestValidatedAsync(MockSetupData mockData) {
+        verifyRequestValidatedAsync(mockData, REQUEST_BODY);
+    }
+
+    private void verifyRequestValidatedAsync(MockSetupData mockData, String requestBody) {
         verify(validator).validateRequestObjectAsync(
             eq(mockData.requestMetaData()),
             eq(mockData.responseMetaData()),
-            eq(REQUEST_BODY),
+            eq(requestBody),
             eq(openApiViolationHandler)
         );
     }