Catch parsing errors

lukebakken · lukebakken · commit f9d18756eb5f · 2025-09-22T10:25:45.000-07:00
diff --git a/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap_mgmt.erl b/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap_mgmt.erl
@@ -45,17 +45,17 @@ is_authorized(ReqData, Context) ->
 
 accept_content(ReqData0, Context) ->
     F = fun (_Values, BodyMap, ReqData1) ->
-        Port = rabbit_mgmt_util:parse_int(maps:get(port, BodyMap, 389)),
-        UseSsl = rabbit_mgmt_util:parse_bool(maps:get(use_ssl, BodyMap, false)),
-        UseStartTls = rabbit_mgmt_util:parse_bool(maps:get(use_starttls, BodyMap, false)),
-        Servers = maps:get(servers, BodyMap, []),
-        UserDN = maps:get(user_dn, BodyMap, <<"">>),
-        Password = maps:get(password, BodyMap, <<"">>),
-        Options0 = [
-            {port, Port},
-            {timeout, 5000}
-        ],
         try
+            Port = safe_parse_int(maps:get(port, BodyMap, 389), "port"),
+            UseSsl = safe_parse_bool(maps:get(use_ssl, BodyMap, false), "use_ssl"),
+            UseStartTls = safe_parse_bool(maps:get(use_starttls, BodyMap, false), "use_starttls"),
+            Servers = maps:get(servers, BodyMap, []),
+            UserDN = maps:get(user_dn, BodyMap, <<"">>),
+            Password = maps:get(password, BodyMap, <<"">>),
+            Options0 = [
+                {port, Port},
+                {timeout, 5000}
+            ],
             {ok, Options1} = maybe_add_ssl_options(Options0, UseSsl, BodyMap),
             case eldap:open(Servers, Options1) of
                 {ok, LDAP} ->
@@ -92,17 +92,6 @@ accept_content(ReqData0, Context) ->
 
 %%--------------------------------------------------------------------
 
-unicode_format(Arg) ->
-    rabbit_data_coercion:to_utf8_binary(io_lib:format("~tp", [Arg])).
-
-unicode_format(Format, Args) ->
-    rabbit_data_coercion:to_utf8_binary(io_lib:format(Format, Args)).
-
-format_password_for_logging(<<>>) ->
-    "[empty]";
-format_password_for_logging(Password) ->
-    io_lib:format("[~p bytes]", [byte_size(Password)]).
-
 maybe_starttls(_LDAP, false, _BodyMap) ->
     ok;
 maybe_starttls(LDAP, true, BodyMap) ->
@@ -205,3 +194,34 @@ tls_options(BodyMap) when is_map_key(ssl_options, BodyMap) ->
     {ok, TlsOpts7};
 tls_options(_BodyMap) ->
     {ok, []}.
+
+unicode_format(Arg) ->
+    rabbit_data_coercion:to_utf8_binary(io_lib:format("~tp", [Arg])).
+
+unicode_format(Format, Args) ->
+    rabbit_data_coercion:to_utf8_binary(io_lib:format(Format, Args)).
+
+format_password_for_logging(<<>>) ->
+    "[empty]";
+format_password_for_logging(Password) ->
+    io_lib:format("[~p bytes]", [byte_size(Password)]).
+
+safe_parse_int(Value, FieldName) ->
+    try
+        rabbit_mgmt_util:parse_int(Value)
+    catch
+        throw:{error, {not_integer, BadValue}} ->
+            Msg = unicode_format("invalid value for ~s: expected integer, got ~tp",
+                                [FieldName, BadValue]),
+            throw({bad_request, Msg})
+    end.
+
+safe_parse_bool(Value, FieldName) ->
+    try
+        rabbit_mgmt_util:parse_bool(Value)
+    catch
+        throw:{error, {not_boolean, BadValue}} ->
+            Msg = unicode_format("invalid value for ~s: expected boolean, got ~tp",
+                                [FieldName, BadValue]),
+            throw({bad_request, Msg})
+    end.
