From c8a58cf400a95091031d604f496c37e531b25a13 Mon Sep 17 00:00:00 2001 From: Dharun Ashokkumar Date: Mon, 19 Jan 2026 23:17:28 +0530 Subject: [PATCH] fix: validate JSON fields in Monitor.validate() to prevent invalid JSON in database --- server/model/monitor.js | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/server/model/monitor.js b/server/model/monitor.js index 1ef42aa51..3b8d89dd4 100644 --- a/server/model/monitor.js +++ b/server/model/monitor.js @@ -1746,6 +1746,55 @@ class Monitor extends BeanModel { } } + // Validate JSON fields to prevent invalid JSON from being stored in database + if (this.kafkaProducerBrokers) { + try { + JSON.parse(this.kafkaProducerBrokers); + } catch (e) { + throw new Error(`Kafka Producer Brokers must be valid JSON: ${e.message}`); + } + } + + if (this.kafkaProducerSaslOptions) { + try { + JSON.parse(this.kafkaProducerSaslOptions); + } catch (e) { + throw new Error(`Kafka Producer SASL Options must be valid JSON: ${e.message}`); + } + } + + if (this.rabbitmqNodes) { + try { + JSON.parse(this.rabbitmqNodes); + } catch (e) { + throw new Error(`RabbitMQ Nodes must be valid JSON: ${e.message}`); + } + } + + if (this.conditions) { + try { + JSON.parse(this.conditions); + } catch (e) { + throw new Error(`Conditions must be valid JSON: ${e.message}`); + } + } + + if (this.headers) { + try { + JSON.parse(this.headers); + } catch (e) { + throw new Error(`Headers must be valid JSON: ${e.message}`); + } + } + + if (this.accepted_statuscodes_json) { + try { + JSON.parse(this.accepted_statuscodes_json); + } catch (e) { + throw new Error(`Accepted status codes must be valid JSON: ${e.message}`); + } + } + if (this.type === "ping") { // ping parameters validation if (this.packetSize && (this.packetSize < PING_PACKET_SIZE_MIN || this.packetSize > PING_PACKET_SIZE_MAX)) {