Apply more strict parsing of actions in bulk API (#115923)

Previously, the following classes of malformed input were deprecated
but not rejected in the action lines of the a bulk request:

 - Missing closing brace;
 - Additional keys after the action (which were ignored);
 - Additional data after the closing brace (which was ignored).

They will now be considered errors and rejected.

The existing behaviour is preserved in v8 compatibility mode.

(N.B. The deprecation warnings were added in 8.1. The normal guidance
to deprecate for a whole major version before removing does not apply
here, since this was never a supported API feature. There is a risk to
the lenient approach since it results in input being ignored, which is
likely not the user's intention.)

Author: PeteGillinElastic

docs/changelog/115923.yaml

@@ -0,0 +1,16 @@
+pr: 115923
+summary: Apply more strict parsing of actions in bulk API
+area: Indices APIs
+type: breaking
+issues: [ ]
+breaking:
+  title: Apply more strict parsing of actions in bulk API
+  area: REST API
+  details: >-
+    Previously, the following classes of malformed input were deprecated but not rejected in the action lines of the a
+    bulk request: missing closing brace; additional keys after the action (which were ignored); additional data after
+    the closing brace (which was ignored). They will now be considered errors and rejected.
+  impact: >-
+    Users must provide well-formed input when using the bulk API. (They can request REST API compatibility with v8 to
+    get the previous behaviour back as an interim measure.)
+  notable: false

server/src/main/java/org/elasticsearch/action/bulk/BulkRequestParser.java

@@ -19,7 +19,7 @@
 import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
 import org.elasticsearch.core.Nullable;
 import org.elasticsearch.core.RestApiVersion;
-import org.elasticsearch.core.UpdateForV9;
+import org.elasticsearch.core.UpdateForV10;
 import org.elasticsearch.index.VersionType;
 import org.elasticsearch.index.seqno.SequenceNumbers;
 import org.elasticsearch.search.fetch.subphase.FetchSourceContext;
@@ -44,7 +44,11 @@
  * Helper to parse bulk requests. This should be considered an internal class.
  */
 public final class BulkRequestParser {
+
+    @UpdateForV10(owner = UpdateForV10.Owner.DATA_MANAGEMENT)
+    // Remove deprecation logger when its usages in checkBulkActionIsProperlyClosed are removed
     private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(BulkRequestParser.class);
+
     private static final Set<String> SUPPORTED_ACTIONS = Set.of("create", "index", "update", "delete");
     private static final String STRICT_ACTION_PARSING_WARNING_KEY = "bulk_request_strict_action_parsing";
 
@@ -348,7 +352,7 @@ public int incrementalParse(
                             + "]"
                     );
                 }
-                checkBulkActionIsProperlyClosed(parser);
+                checkBulkActionIsProperlyClosed(parser, line);
 
                 if ("delete".equals(action)) {
                     if (dynamicTemplates.isEmpty() == false) {
@@ -446,35 +450,55 @@ public int incrementalParse(
         return isIncremental ? consumed : from;
     }
 
-    @UpdateForV9(owner = UpdateForV9.Owner.DISTRIBUTED_INDEXING)
-    // Warnings will need to be replaced with XContentEOFException from 9.x
-    private static void warnBulkActionNotProperlyClosed(String message) {
-        deprecationLogger.compatibleCritical(STRICT_ACTION_PARSING_WARNING_KEY, message);
-    }
-
-    private static void checkBulkActionIsProperlyClosed(XContentParser parser) throws IOException {
+    @UpdateForV10(owner = UpdateForV10.Owner.DATA_MANAGEMENT) // Remove lenient parsing in V8 BWC mode
+    private void checkBulkActionIsProperlyClosed(XContentParser parser, int line) throws IOException {
         XContentParser.Token token;
         try {
             token = parser.nextToken();
-        } catch (XContentEOFException ignore) {
-            warnBulkActionNotProperlyClosed(
-                "A bulk action wasn't closed properly with the closing brace. Malformed objects are currently accepted but will be "
-                    + "rejected in a future version."
-            );
-            return;
+        } catch (XContentEOFException e) {
+            if (config.restApiVersion() == RestApiVersion.V_8) {
+                deprecationLogger.compatibleCritical(
+                    STRICT_ACTION_PARSING_WARNING_KEY,
+                    "A bulk action wasn't closed properly with the closing brace. Malformed objects are currently accepted but will be"
+                        + " rejected in a future version."
+                );
+                return;
+            } else {
+                throw e;
+            }
         }
         if (token != XContentParser.Token.END_OBJECT) {
-            warnBulkActionNotProperlyClosed(
-                "A bulk action object contained multiple keys. Additional keys are currently ignored but will be rejected in a "
-                    + "future version."
-            );
-            return;
+            if (config.restApiVersion() == RestApiVersion.V_8) {
+                deprecationLogger.compatibleCritical(
+                    STRICT_ACTION_PARSING_WARNING_KEY,
+                    "A bulk action object contained multiple keys. Additional keys are currently ignored but will be rejected in a future"
+                        + " version."
+                );
+                return;
+            } else {
+                throw new IllegalArgumentException(
+                    "Malformed action/metadata line ["
+                        + line
+                        + "], expected "
+                        + XContentParser.Token.END_OBJECT
+                        + " but found ["
+                        + token
+                        + "]"
+                );
+            }
         }
         if (parser.nextToken() != null) {
-            warnBulkActionNotProperlyClosed(
-                "A bulk action contained trailing data after the closing brace. This is currently ignored but will be rejected in a "
-                    + "future version."
-            );
+            if (config.restApiVersion() == RestApiVersion.V_8) {
+                deprecationLogger.compatibleCritical(
+                    STRICT_ACTION_PARSING_WARNING_KEY,
+                    "A bulk action contained trailing data after the closing brace. This is currently ignored but will be rejected in a"
+                        + " future version."
+                );
+            } else {
+                throw new IllegalArgumentException(
+                    "Malformed action/metadata line [" + line + "], unexpected data after the closing brace"
+                );
+            }
         }
     }
 

server/src/test/java/org/elasticsearch/action/bulk/BulkRequestParserTests.java

@@ -12,6 +12,7 @@
 import org.elasticsearch.action.index.IndexRequest;
 import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.core.RestApiVersion;
+import org.elasticsearch.core.UpdateForV10;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.xcontent.XContentType;
 import org.hamcrest.Matchers;
@@ -20,9 +21,15 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.stream.Stream;
 
 public class BulkRequestParserTests extends ESTestCase {
 
+    @UpdateForV10(owner = UpdateForV10.Owner.DATA_MANAGEMENT) // Replace with just RestApiVersion.values() when V8 no longer exists
+    public static final List<RestApiVersion> REST_API_VERSIONS_POST_V8 = Stream.of(RestApiVersion.values())
+        .filter(v -> v.compareTo(RestApiVersion.V_8) > 0)
+        .toList();
+
     public void testIndexRequest() throws IOException {
         BytesArray request = new BytesArray("""
             { "index":{ "_id": "bar" } }
@@ -260,6 +267,90 @@ public void testFailOnInvalidAction() {
         );
     }
 
+    public void testFailMissingCloseBrace() {
+        BytesArray request = new BytesArray("""
+            { "index":{ }
+            {}
+            """);
+        BulkRequestParser parser = new BulkRequestParser(randomBoolean(), randomFrom(REST_API_VERSIONS_POST_V8));
+
+        IllegalArgumentException ex = expectThrows(
+            IllegalArgumentException.class,
+            () -> parser.parse(
+                request,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                false,
+                XContentType.JSON,
+                (req, type) -> fail("expected failure before we got this far"),
+                req -> fail("expected failure before we got this far"),
+                req -> fail("expected failure before we got this far")
+            )
+        );
+        assertEquals("[1:14] Unexpected end of file", ex.getMessage());
+    }
+
+    public void testFailExtraKeys() {
+        BytesArray request = new BytesArray("""
+            { "index":{ }, "something": "unexpected" }
+            {}
+            """);
+        BulkRequestParser parser = new BulkRequestParser(randomBoolean(), randomFrom(REST_API_VERSIONS_POST_V8));
+
+        IllegalArgumentException ex = expectThrows(
+            IllegalArgumentException.class,
+            () -> parser.parse(
+                request,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                false,
+                XContentType.JSON,
+                (req, type) -> fail("expected failure before we got this far"),
+                req -> fail("expected failure before we got this far"),
+                req -> fail("expected failure before we got this far")
+            )
+        );
+        assertEquals("Malformed action/metadata line [1], expected END_OBJECT but found [FIELD_NAME]", ex.getMessage());
+    }
+
+    public void testFailContentAfterClosingBrace() {
+        BytesArray request = new BytesArray("""
+            { "index":{ } } { "something": "unexpected" }
+            {}
+            """);
+        BulkRequestParser parser = new BulkRequestParser(randomBoolean(), randomFrom(REST_API_VERSIONS_POST_V8));
+
+        IllegalArgumentException ex = expectThrows(
+            IllegalArgumentException.class,
+            () -> parser.parse(
+                request,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                false,
+                XContentType.JSON,
+                (req, type) -> fail("expected failure before we got this far"),
+                req -> fail("expected failure before we got this far"),
+                req -> fail("expected failure before we got this far")
+            )
+        );
+        assertEquals("Malformed action/metadata line [1], unexpected data after the closing brace", ex.getMessage());
+    }
+
     public void testListExecutedPipelines() throws IOException {
         BytesArray request = new BytesArray("""
             { "index":{ "_id": "bar" } }

server/src/test/java/org/elasticsearch/action/bulk/BulkRequestTests.java

@@ -42,6 +42,7 @@
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.instanceOf;
+import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
 import static org.hamcrest.Matchers.notNullValue;
 
@@ -426,12 +427,12 @@ public void testBulkActionWithoutCurlyBrace() throws Exception {
             { "field1" : "value1" }
             """;
         BulkRequest bulkRequest = new BulkRequest();
-        bulkRequest.add(bulkAction.getBytes(StandardCharsets.UTF_8), 0, bulkAction.length(), null, XContentType.JSON);
-
-        assertWarnings(
-            "A bulk action wasn't closed properly with the closing brace. Malformed objects are currently accepted"
-                + " but will be rejected in a future version."
+        IllegalArgumentException ex = expectThrows(
+            IllegalArgumentException.class,
+            () -> bulkRequest.add(bulkAction.getBytes(StandardCharsets.UTF_8), 0, bulkAction.length(), null, XContentType.JSON)
         );
+
+        assertThat(ex.getMessage(), containsString("Unexpected end of file"));
     }
 
     public void testBulkActionWithAdditionalKeys() throws Exception {
@@ -440,12 +441,12 @@ public void testBulkActionWithAdditionalKeys() throws Exception {
             { "field1" : "value1" }
             """;
         BulkRequest bulkRequest = new BulkRequest();
-        bulkRequest.add(bulkAction.getBytes(StandardCharsets.UTF_8), 0, bulkAction.length(), null, XContentType.JSON);
-
-        assertWarnings(
-            "A bulk action object contained multiple keys. Additional keys are currently ignored but will be "
-                + "rejected in a future version."
+        IllegalArgumentException ex = expectThrows(
+            IllegalArgumentException.class,
+            () -> bulkRequest.add(bulkAction.getBytes(StandardCharsets.UTF_8), 0, bulkAction.length(), null, XContentType.JSON)
         );
+
+        assertThat(ex.getMessage(), is("Malformed action/metadata line [1], expected END_OBJECT but found [FIELD_NAME]"));
     }
 
     public void testBulkActionWithTrailingData() throws Exception {
@@ -454,12 +455,12 @@ public void testBulkActionWithTrailingData() throws Exception {
             { "field1" : "value1" }
             """;
         BulkRequest bulkRequest = new BulkRequest();
-        bulkRequest.add(bulkAction.getBytes(StandardCharsets.UTF_8), 0, bulkAction.length(), null, XContentType.JSON);
-
-        assertWarnings(
-            "A bulk action contained trailing data after the closing brace. This is currently ignored "
-                + "but will be rejected in a future version."
+        IllegalArgumentException ex = expectThrows(
+            IllegalArgumentException.class,
+            () -> bulkRequest.add(bulkAction.getBytes(StandardCharsets.UTF_8), 0, bulkAction.length(), null, XContentType.JSON)
         );
+
+        assertThat(ex.getMessage(), is("Malformed action/metadata line [1], unexpected data after the closing brace"));
     }
 
     public void testUnsupportedAction() {