Project

General

Profile

Bug #12547

Search raises PGError on feeding a non-integer value for a integer field

Added by roman plevka over 4 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Search
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1283933
Description of problem:
while performing a search on any Foreman entity, there is an error raised on filtering integer-based attributes with non-integer values:

This error exposes a SQL query:

Warning!
PGError: ERROR: invalid input syntax for integer: "not_an_int" LINE 1: ... WHERE (("operatingsystems"."hostgroups_count" <= 'not_an_int')) ORDE... ^ : SELECT "operatingsystems".* FROM "operatingsystems" WHERE (("operatingsystems"."hostgroups_count" <= 'not_an_int')) ORDER BY title LIMIT 20 OFFSET 0

Version-Release number of selected component (if applicable):

  1. rpm -qa katello
    katello-2.4.0-6.nightly.el7.noarch
  2. rpm -qa foreman*
    foreman-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-proxy-1.11.0-0.develop.201511161424gitf24be74.el7.noarch
    foreman-release-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-libvirt-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-release-scl-1-1.el7.x86_64
    foreman-ovirt-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-postgresql-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-selinux-1.11.0-0.develop.201510071426git6234447.el7.noarch
    foreman-debug-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-compute-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-gce-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
    foreman-vmware-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch

How reproducible:
every time

Steps to Reproduce:
1. login to webui
2. go to any foreman entity summary page (e.g. architectures, operating systems,..)
3. type in a query based on an integer-based attribute (e.g. hosts_count) and provide a non-integer value (e.g. hosts_count = 'foo')

Actual results:
PGError warning

Expected results:
Although it is alright for the query to fail, the input should be validated before passed to the actual SQL query (perhaps a sql injection might be possible?).
The neat solution might be to display an error notification as a popup, so user doesn't need to leave the search page every time he makes an error in the search query

Additional info:
no SQL tables were harmed during producing this BZ.


Related issues

Related to Katello - Bug #18084: Search raises PGError on feeding a non-integer value for a integer fieldClosed2017-01-15
Blocked by Foreman - Refactor #17574: Update to scoped_search 4.xClosed2016-12-05

Associated revisions

Revision 3ab02530 (diff)
Added by Kavita Gaikwad about 3 years ago

Fixes #12547 - Added validators to interger fields

With this commit, instead of postgresql exception it will
show proper validation message for interger fields.

History

#1 Updated by Dominic Cleal over 4 years ago

  • Related to Feature #11150: Allow searching of facts as types other than string added

#2 Updated by Dominic Cleal over 4 years ago

  • Subject changed from WebUI - scoped search (foreman instances) raises PGError on feeding a non-integer value for a integer field to Search raises PGError on feeding a non-integer value for a integer field
  • Category changed from Web Interface to Search
  • Assignee deleted (Ohad Levy)
  • Legacy Backlogs Release (now unused) set to 63

Please don't set the assignee on new bug reports.

#3 Updated by Dominic Cleal over 4 years ago

  • Related to deleted (Feature #11150: Allow searching of facts as types other than string)

#4 Updated by Dominic Cleal over 4 years ago

  • Legacy Backlogs Release (now unused) deleted (63)

Misread, this is unrelated to the casting in the previously linked bug report as that'll only happen for int inputs.

#5 Updated by Kavita Gaikwad over 3 years ago

This issue is related scoped_search gem.

The similar kind of issue is created against scoped_search. Link - https://github.com/wvanbergen/scoped_search/issues/148.

For this issue in scoped_search, someone is already created pull-request. Link - https://github.com/wvanbergen/scoped_search/pull/149

Which might be helpful to get rid of this SQL exception.

#6 Updated by Kavita Gaikwad over 3 years ago

  • Target version set to 1.15.6

#7 Updated by Shimon Shtein over 3 years ago

We have to wait for an official release of the scoped_search gem. Once it's released, we can add validators to those fields. You can see an example in foreman-tasks: https://github.com/theforeman/foreman-tasks/pull/212

#8 Updated by Kavita Gaikwad over 3 years ago

  • Assignee set to Kavita Gaikwad

#9 Updated by Shimon Shtein over 3 years ago

  • Assignee changed from Kavita Gaikwad to Shimon Shtein

#10 Updated by Dominic Cleal over 3 years ago

#11 Updated by Kavita Gaikwad over 3 years ago

  • Assignee changed from Shimon Shtein to Kavita Gaikwad

#12 Updated by Kavita Gaikwad over 3 years ago

  • Target version changed from 1.15.6 to 1.15.4

#13 Updated by Anurag Patel about 3 years ago

  • Target version changed from 1.15.4 to 158

#14 Updated by The Foreman Bot about 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4191 added

#15 Updated by Kavita Gaikwad about 3 years ago

  • Related to Bug #18084: Search raises PGError on feeding a non-integer value for a integer field added

#16 Updated by Kavita Gaikwad about 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#17 Updated by Dominic Cleal about 3 years ago

  • Legacy Backlogs Release (now unused) set to 209

Also available in: Atom PDF