Improve query limit parameter validation

Signed-off-by: Carlos Martín <[email protected]>

Author: carlosms

server/handler/query.go

@@ -16,7 +16,7 @@ import (
 
 type queryRequest struct {
 	Query string `json:"query"`
-	Limit int    `json:"limit"`
+	Limit int    `json:"limit,omitempty"`
 }
 
 // genericVals returns a slice of interface{}, each one a pointer to the proper
@@ -50,12 +50,14 @@ func Query(db *sql.DB) RequestProcessFunc {
 	return func(r *http.Request) (*serializer.Response, error) {
 		var queryRequest queryRequest
 		body, err := ioutil.ReadAll(r.Body)
-		if err == nil {
-			err = json.Unmarshal(body, &queryRequest)
+		if err != nil {
+			return nil, err
 		}
 
+		err = json.Unmarshal(body, &queryRequest)
 		if err != nil {
-			return nil, err
+			return nil, serializer.NewHTTPError(http.StatusBadRequest,
+				`Bad Request. Expected body: { "query": "SQL statement", "limit": 1234 }`)
 		}
 
 		query := addLimit(queryRequest.Query, queryRequest.Limit)
@@ -184,9 +186,14 @@ func unmarshallUAST(data interface{}) ([]*uast.Node, error) {
 // addLimit adds LIMIT to the query, performing basic tests to skip it
 // for DESCRIBE TABLE, SHOW TABLES, and avoid '; limit'
 func addLimit(query string, limit int) string {
+	if limit <= 0 {
+		return query
+	}
+
 	query = strings.TrimRight(strings.TrimSpace(query), ";")
 	if strings.HasPrefix(strings.ToUpper(query), "SELECT") {
 		return fmt.Sprintf("%s LIMIT %d", query, limit)
 	}
+
 	return query
 }