admin: reject NUL-byte payload smuggling (Codex P2)

decodeCreateTableRequest used dec.More() to enforce a single JSON
document per request, but goccy/go-json treats a raw NUL as
end-of-input — a body like `{"table_name":...}\x00{"extra":1}`
parsed cleanly, dec.More() returned false, and the trailing
content was silently dropped. Codex P2 on PR #634 flagged this
as a payload-smuggling vector.

Fix: read the body once, scan for NUL before decoding. JSON has
no need for raw NUL (control characters must be \u-escaped per
RFC 8259), so any NUL is a strong signal of either tooling
misconfiguration or deliberate smuggling. Reject with 400.

The existing dec.More() check stays — it catches the well-formed
trailing-token cases (a second `{...}` or trailing `42`) that
would otherwise pass NUL-validation but still violate the
strict-body contract.

Tests: extend TestDynamoHandler_CreateTable_RejectsBadJSON with
two NUL vectors — the trailing `{"extra":1}` from the Codex
report, and a bare trailing NUL with no extra payload.

Author: bootjp

internal/admin/dynamo_handler.go

@@ -1,6 +1,7 @@
 package admin
 
 import (
+	"bytes"
 	"context"
 	"encoding/base64"
 	"errors"
@@ -358,13 +359,27 @@ func decodeCreateTableRequest(body io.Reader) (CreateTableRequest, error) {
 	if body == nil {
 		return CreateTableRequest{}, errors.New("request body is empty")
 	}
-	dec := json.NewDecoder(body)
-	dec.DisallowUnknownFields()
-	var out CreateTableRequest
-	if err := dec.Decode(&out); err != nil {
+	raw, err := io.ReadAll(body)
+	if err != nil {
 		if IsMaxBytesError(err) {
 			return CreateTableRequest{}, errors.New("request body exceeds the 64 KiB admin limit")
 		}
+		return CreateTableRequest{}, errors.New("request body could not be read")
+	}
+	// Reject any NUL byte in the body. JSON has no need for a
+	// raw NUL (control characters must be \u-escaped), and at
+	// least one of our decoders (goccy/go-json) treats a raw
+	// NUL as end-of-input, so a body like
+	// `{"table_name":...}\x00{"extra":1}` would otherwise sneak
+	// past dec.More(). Codex P2 on PR #634 flagged this as a
+	// payload-smuggling vector.
+	if bytes.IndexByte(raw, 0) >= 0 {
+		return CreateTableRequest{}, errors.New("request body contains a NUL byte")
+	}
+	dec := json.NewDecoder(bytes.NewReader(raw))
+	dec.DisallowUnknownFields()
+	var out CreateTableRequest
+	if err := dec.Decode(&out); err != nil {
 		return CreateTableRequest{}, errors.New("request body is not valid JSON")
 	}
 	// Reject trailing JSON tokens — `{"table_name":"a", ...}{...}`

internal/admin/dynamo_handler_test.go

@@ -502,6 +502,12 @@ func TestDynamoHandler_CreateTable_RejectsBadJSON(t *testing.T) {
 		`{"table_name":"u","partition_key":{"name":"id","type":"S"}} 42`,                                // trailing scalar
 		`{"table_name":"foo/bar","partition_key":{"name":"id","type":"S"}}`,                             // slash in name
 		`{"table_name":"a/b/c","partition_key":{"name":"id","type":"S"}}`,                               // multiple slashes
+		// NUL-delimited smuggling vector (Codex P2). goccy/go-json
+		// treats raw NUL as end-of-input so dec.More() would
+		// otherwise return false; the explicit NUL scan catches it.
+		"{\"table_name\":\"u\",\"partition_key\":{\"name\":\"id\",\"type\":\"S\"}}\x00{\"extra\":1}",
+		// Lone NUL inside the JSON object — same vector, less obvious.
+		"{\"table_name\":\"u\",\"partition_key\":{\"name\":\"id\",\"type\":\"S\"}}\x00",
 	}
 	for _, body := range cases {
 		t.Run(body, func(t *testing.T) {