Bug #15922

Task search not properly validating input, throws SQL error

Added by Ivan Necas 8 months ago. Updated 3 months ago.

Status:Ready For Testing
Priority:Normal
Assigned To:Shimon Shtein
Category:-
Target version:Foreman - Team Ivan backlog
Difficulty: Bugzilla link:1248271
Found in release: Pull request:https://github.com/theforeman/foreman-tasks/pull/212, https://github.com/wvanbergen/scoped_search/pull/149
Story points-
Velocity based estimate-

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1248271
Description of problem:

Depending on expected inputs, user can get a SQL error thrown on Tasks when providing wrong input type.

Steps to Reproduce:
1. Create admin user named 'mmccune'
2. Using 'mmccune', perform a variety of tasks.
3. Monitor > Tasks
4. in search filter, search for owner.id = mmccune (note that this is incorrect; id is expecting an integer)

Actual results:

PGError: ERROR: invalid input syntax for integer: "mmccune" LINE 4: ...) WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')... ^ : SELECT "foreman_tasks_tasks".* FROM "foreman_tasks_tasks" INNER JOIN foreman_tasks_locks AS foreman_tasks_locks_owner ON (foreman_tasks_locks_owner.task_id = foreman_tasks_tasks.id AND foreman_tasks_locks_owner.resource_type = 'User' AND foreman_tasks_locks_owner.name = 'task_owner') WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')) ORDER BY "foreman_tasks_tasks"."started_at" DESC NULLS LAST LIMIT 20 OFFSET 0

Expected results:

Proper handling of incorrect inputs.


Related issues

Blocked by Foreman - Refactor #17574: Update to scoped_search 4.x Closed 12/05/2016

History

#1 Updated by Ivan Necas 8 months ago

  • Subject changed from Task search not properly validating input, throws SQL error to Task search not properly validating input, throws SQL error
  • Target version set to Team Ivan Iteration 1

#2 Updated by Ivan Necas 7 months ago

  • Target version changed from Team Ivan Iteration 1 to Team Ivan Iteration 2

#3 Updated by Shimon Shtein 7 months ago

Added an issue in scoped_search with a suggestion to solve: https://github.com/wvanbergen/scoped_search/issues/148

#4 Updated by Ivan Necas 7 months ago

  • Status changed from New to Ready For Testing
  • Assigned To changed from Ivan Necas to Shimon Shtein

#5 Updated by Ivan Necas 7 months ago

  • Pull request https://github.com/wvanbergen/scoped_search/pull/149 added

#6 Updated by Shimon Shtein 7 months ago

We will need an extra step after scoped_search PR will be merged. We will need to actually add a proper validator to owner.id field.

#7 Updated by Ivan Necas 7 months ago

  • Target version changed from Team Ivan Iteration 2 to Team Ivan Iteration 3

#8 Updated by Ivan Necas 6 months ago

  • Target version changed from Team Ivan Iteration 3 to Team Ivan Iteration 4

#9 Updated by Ivan Necas 5 months ago

  • Target version changed from Team Ivan Iteration 4 to Team Ivan Iteration 5

#10 Updated by The Foreman Bot 4 months ago

  • Pull request https://github.com/theforeman/foreman-tasks/pull/212 added

#11 Updated by Ivan Necas 4 months ago

  • Target version changed from Team Ivan Iteration 5 to Team Ivan backlog

#12 Updated by Shimon Shtein 3 months ago

Also available in: Atom PDF