ParseHTTPSettings: Add guards for boolean fields

idastambuk · web-flow · commit f8bcc37637a2 · 2025-04-15T16:50:45.000+02:00
diff --git a/backend/http_settings.go b/backend/http_settings.go
@@ -127,7 +127,9 @@ func parseHTTPSettings(jsonData json.RawMessage, secureJSONData map[string]strin
 
 	// Basic auth
 	if v, exists := dat["basicAuth"]; exists {
-		s.BasicAuthEnabled = v.(bool)
+		if basicAuth, ok := v.(bool); ok {
+			s.BasicAuthEnabled = basicAuth
+		}
 	}
 	if s.BasicAuthEnabled {
 		if v, exists := dat["basicAuthUser"]; exists {
@@ -213,13 +215,19 @@ func parseHTTPSettings(jsonData json.RawMessage, secureJSONData map[string]strin
 
 	// TLS
 	if v, exists := dat["tlsAuth"]; exists {
-		s.TLSClientAuth = v.(bool)
+		if tlsClientAuth, ok := v.(bool); ok {
+			s.TLSClientAuth = tlsClientAuth
+		}
 	}
 	if v, exists := dat["tlsAuthWithCACert"]; exists {
-		s.TLSAuthWithCACert = v.(bool)
+		if tslAuthCert, ok := v.(bool); ok {
+			s.TLSAuthWithCACert = tslAuthCert
+		}
 	}
 	if v, exists := dat["tlsSkipVerify"]; exists {
-		s.TLSSkipVerify = v.(bool)
+		if tlsSkipVerify, ok := v.(bool); ok {
+			s.TLSSkipVerify = tlsSkipVerify
+		}
 	}
 
 	if s.TLSClientAuth || s.TLSAuthWithCACert {
@@ -239,7 +247,9 @@ func parseHTTPSettings(jsonData json.RawMessage, secureJSONData map[string]strin
 
 	// SigV4
 	if v, exists := dat["sigV4Auth"]; exists {
-		s.SigV4Auth = v.(bool)
+		if sigV4Auth, ok := v.(bool); ok {
+			s.SigV4Auth = sigV4Auth
+		}
 	}
 
 	if s.SigV4Auth {
diff --git a/backend/http_settings_test.go b/backend/http_settings_test.go
@@ -149,3 +149,22 @@ func TestParseHTTPSettings(t *testing.T) {
 		})
 	})
 }
+func TestParseHTTTPSettingsWithInvalidOptions(t *testing.T) {
+	t.Run("ignore fields of type bool if they are not boolean", func(t *testing.T) {
+		jsonData := `{
+							"tlsAuth": "true",
+							"tlsAuthWithCACert": "true",
+							"tlsSkipVerify": "true",
+							"sigV4Auth": "true",
+							"basicAuthEnabled": "true"
+							}`
+		secureData := map[string]string{}
+		res, err := parseHTTPSettings([]byte(jsonData), secureData)
+		require.NoError(t, err)
+		require.False(t, res.TLSClientAuth)
+		require.False(t, res.TLSAuthWithCACert)
+		require.False(t, res.TLSSkipVerify)
+		require.False(t, res.SigV4Auth)
+		require.False(t, res.BasicAuthEnabled)
+	})
+}
