AC-746: Malformed request body or parameters cause "Internal Server Error"

sumesh-GL · sumesh-GL · commit ad9bb39f1d53 · 2025-07-04T09:25:46.000+05:30
Determine if an exception is a client error based on the exception type
Plugin for search criteria filter groups
diff --git a/app/code/Magento/Webapi/Model/Plugin/Framework/Api/FilterPlugin.php b/app/code/Magento/Webapi/Model/Plugin/Framework/Api/FilterPlugin.php
@@ -0,0 +1,78 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All rights reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Webapi\Model\Plugin\Framework\Api;
+
+use Magento\Framework\Api\Filter;
+use Magento\Framework\Exception\InputException;
+use Magento\Framework\Phrase;
+
+/**
+ * This plugin validates the search criteria field, value and condition type.
+ */
+class FilterPlugin
+{
+    /**
+     * Validate the search criteria field.
+     *
+     * @param Filter $filter
+     * @param string $result
+     * @return string
+     */
+    public function afterGetField(Filter $filter, $result)
+    {
+        if (empty($result) && !empty($filter->getValue())) {
+            throw new InputException(
+                new Phrase(
+                    'Invalid search filter: %1 cannot be empty.',
+                    ["field"]
+                )
+            );
+        }
+        return $result;
+    }
+
+    /**
+     * Validate the search criteria value.
+     *
+     * @param Filter $filter
+     * @param string $result
+     * @return string
+     */
+    public function afterGetValue(Filter $filter, $result)
+    {
+        if (empty($result) && !empty($filter->getField())) {
+            throw new InputException(
+                new Phrase(
+                    'Invalid search filter: %1 cannot be empty.',
+                    ["value"]
+                )
+            );
+        }
+        return $result;
+    }
+
+    /**
+     * Validate the search criteria condition type.
+     *
+     * @param Filter $filter
+     * @param string $result
+     * @return string
+     */
+    public function afterGetConditionType(Filter $filter, $result)
+    {
+        if (empty($filter->getField()) || empty($filter->getValue())) {
+            throw new InputException(
+                new Phrase(
+                    'Invalid search filter: %1 and %2 cannot be empty.',
+                    ["field", "value"]
+                )
+            );
+        }
+        return $result;
+    }
+}
diff --git a/app/code/Magento/Webapi/etc/webapi_rest/di.xml b/app/code/Magento/Webapi/etc/webapi_rest/di.xml
@@ -83,4 +83,7 @@
     <type name="Magento\Store\Model\Validation\StoreCodeValidator">
         <plugin name="check_if_parsed_store_code_is_valid" type="Magento\Webapi\Model\Plugin\Store\Model\Validation\StoreCodeValidator"/>
     </type>
+    <type name="Magento\Framework\Api\Filter">
+        <plugin name="validate_search_criteria_field" type="Magento\Webapi\Model\Plugin\Framework\Api\FilterPlugin" sortOrder="10"/>
+    </type>
 </config>
diff --git a/lib/internal/Magento/Framework/Webapi/ErrorProcessor.php b/lib/internal/Magento/Framework/Webapi/ErrorProcessor.php
@@ -43,17 +43,6 @@ class ErrorProcessor
 
     public const DATA_FORMAT_XML = 'xml';
 
-    /**
-     * Client error keywords
-     */
-    private const CLIENT_ERROR_KEYWORDS = [
-        'sqlstate',
-        'missing required',
-        'doesn\'t exist',
-        'not found',
-        'not authorized',
-    ];
-
     /**
      * @var \Magento\Framework\Json\Encoder $encoder
      */
@@ -183,18 +172,25 @@ public function maskException(\Exception $exception)
     }
 
     /**
-     * Determine if an exception is a client error based on message content and context
+     * Determine if an exception is a client error based on the exception type
      *
      * @param \Exception $exception
      * @return bool
      */
     private function isClientError(\Exception $exception)
     {
-        $message = strtolower($exception->getMessage());
-
-        return array_filter(self::CLIENT_ERROR_KEYWORDS, function($keyword) use ($message) {
-            return strpos($message, $keyword) !== false;
-        }) !== [];
+        if ($exception instanceof \Zend_Db_Exception
+            || $exception instanceof \Zend_Db_Adapter_Exception
+            || $exception instanceof \Zend_Db_Statement_Exception
+            || $exception instanceof \PDOException
+            || $exception instanceof \InvalidArgumentException
+            || $exception instanceof \BadMethodCallException
+            || $exception instanceof \UnexpectedValueException
+            || $exception instanceof \Magento\Framework\Search\Request\NonExistingRequestNameException
+        ) {
+            return true;
+        }
+        return false;
     }
 
     /**
