From 6b66e332fb682898b50020d283aa8addfa166a10 Mon Sep 17 00:00:00 2001
From: Stefar77 <Stefar77@users.noreply.github.com>
Date: Fri, 11 Aug 2017 16:20:47 +0200
Subject: [PATCH] API: Fix requested attrs/joins/meta type errors in object
 query response

fixes #5377

Signed-off-by: Michael Friedrich <michael.friedrich@icinga.com>
---
 lib/remote/objectqueryhandler.cpp | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/lib/remote/objectqueryhandler.cpp b/lib/remote/objectqueryhandler.cpp
index 836e4510a..db731396a 100644
--- a/lib/remote/objectqueryhandler.cpp
+++ b/lib/remote/objectqueryhandler.cpp
@@ -123,9 +123,32 @@ bool ObjectQueryHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& re
 	qd.Types.insert(type->GetName());
 	qd.Permission = "objects/query/" + type->GetName();
 
-	Array::Ptr uattrs = params->Get("attrs");
-	Array::Ptr ujoins = params->Get("joins");
-	Array::Ptr umetas = params->Get("meta");
+	Array::Ptr uattrs, ujoins, umetas;
+
+	try {
+		uattrs = params->Get("attrs");
+	} catch (const std::exception&) {
+		HttpUtility::SendJsonError(response, 400,
+                    "Invalid type for 'attrs' attribute specified. Array type is required.", Empty);
+                return true;
+	}
+
+	try {
+		ujoins = params->Get("joins");
+	} catch (const std::exception&) {
+		HttpUtility::SendJsonError(response, 400,
+                    "Invalid type for 'joins' attribute specified. Array type is required.", Empty);
+                return true;
+	}
+
+	try {
+		umetas = params->Get("meta");
+	} catch (const std::exception&) {
+		HttpUtility::SendJsonError(response, 400,
+                    "Invalid type for 'meta' attribute specified. Array type is required.", Empty);
+		return true;
+	}
+
 	bool allJoins = HttpUtility::GetLastParameter(params, "all_joins");
 
 	params->Set("type", type->GetName());