ozfive
commented
1 year ago To address this problem and prevent errors when an empty string is encountered, you can make a small modification to the code to handle this case.
Before accessing local.tokenValues[local.t] in the loop, you should check whether the value is an empty string and set it accordingly.
<!--- parse path_info data into key-value pairs --->
<cfset local.tokenValues = reFindNoSuck(arguments.regex, arguments.uri) />
<cfset local.numTokenValues = arrayLen(local.tokenValues) />
<cfset local.numTokenNames = arrayLen(arguments.tokenNamesArray) />
<cfif local.numTokenNames gt 0>
<cfloop from="1" to="#local.numTokenNames#" index="local.t">
<cfset local.tokenValue = (local.t <= local.numTokenValues) ? local.tokenValues[local.t] : "" />
<cfset local.returnData[arguments.tokenNamesArray[local.t]] = local.tokenValue />
</cfloop>
</cfif>
In this modification, I added a line to create local.tokenValue, which checks whether local.t is within the bounds of local.tokenValues before attempting to access it. If local.t is greater than the number of tokens, it sets local.tokenValue to an empty string.
This change should help prevent errors when an empty string is encountered, ensuring that an API can handle such cases gracefully.
Suppose you have an API with ONLY the following URI implemented:
/api/v1/index.cfm/pizza/{topping}/api/v1/index.cfm/pizzawe currently return a 404. This is good. 👍🏻/api/v1/index.cfm/pizza/we currently throw an exception. This is bad. 👎🏻The problem is that an empty-string is an acceptable match for tokens. This behavior should continue. There are valid reasons to expect and allow empty-string as a token value.
However, in this case, when
buildRequestArgumentsexecutes, it doesn't account for this possibility. We would expect a response in the shape of{ topping: "" }. Instead an error is thrown while trying to reference the token here (line 1015).https://github.com/atuttle/Taffy/blob/ce987af8a18d66719a532324d10a63dee741c8b7/core/api.cfc#L1009-L1017