Skip to content

web: fix whitespace-fragile extract_bool_value in request_handler #10139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
oharboe wants to merge 1 commit into from
+22 −3
Closed

web: fix whitespace-fragile extract_bool_value in request_handler #10139

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 22 additions & 3 deletions src/web/src/request_handler.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -363,13 +363,32 @@ static double extract_double_value(const std::string& json)

static bool extract_bool_value(const std::string& json)
{
if (json.find("\"value\":true") != std::string::npos) {
const std::string needle = "\"value\"";
auto pos = json.find(needle);
if (pos == std::string::npos) {
return false;
}
pos = json.find(':', pos + needle.size());
if (pos == std::string::npos) {
return false;
}
// Skip whitespace after colon
pos++;
while (pos < json.size() && (json[pos] == ' ' || json[pos] == '\t')) {
pos++;
}
Comment on lines +366 to +379
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This logic for finding the key, locating the colon, and skipping whitespace is identical to the implementation in extract_int and extract_float_or. Consider extracting this into a common helper function (e.g., find_value_start) to reduce code duplication and improve maintainability. Note that helper logic should be defined as a free function in a namespace rather than as a local lambda.

References
  1. To improve maintainability and reduce redundancy, extract duplicated logic into a helper function.
  2. Helper logic should be defined as a free function in a namespace rather than as a local lambda within a function.

if (pos < json.size() && json[pos] == 't') {
return true;
}
if (json.find("\"value\":false") != std::string::npos) {
if (pos < json.size() && json[pos] == 'f') {
return false;
}
Comment on lines +380 to +385
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The current implementation only checks the first character ('t' or 'f') to determine the boolean value. This is significantly less robust than the previous implementation and could lead to incorrect parsing if the value starts with these letters but isn't a valid JSON boolean (e.g., "value": "total" would be parsed as true). It is better to check for the full literal.

Suggested change
if (pos < json.size() && json[pos] == 't') {
return true;
}
if (json.find("\"value\":false") != std::string::npos) {
if (pos < json.size() && json[pos] == 'f') {
return false;
}
if (pos < json.size() && json.compare(pos, 4, "true") == 0) {
return true;
}
if (pos < json.size() && json.compare(pos, 5, "false") == 0) {
return false;
}

// Fall back to integer interpretation (0/1)
try {
return std::stoi(json.substr(pos)) != 0;
} catch (...) {
return false;
}
return extract_int_or(json, "value", 0) != 0;
}

static void writeColorArray(JsonBuilder& builder,
Expand Down
Loading