Project

General

Profile

Actions
Copy link

Bug #15922

closed

Task search not properly validating input, throws SQL error

Added by Ivan Necas over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shimon Shtein
Category:
-
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
1248271
Pull request:
https://github.com/wvanbergen/scoped_search/pull/149, https://github.com/theforeman/foreman-tasks/pull/212
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1248271
Description of problem:

Depending on expected inputs, user can get a SQL error thrown on Tasks when providing wrong input type.

Steps to Reproduce:
1. Create admin user named 'mmccune'
2. Using 'mmccune', perform a variety of tasks.
3. Monitor > Tasks
4. in search filter, search for owner.id = mmccune (note that this is incorrect; id is expecting an integer)

Actual results:

PGError: ERROR: invalid input syntax for integer: "mmccune" LINE 4: ...) WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')... ^ : SELECT "foreman_tasks_tasks".* FROM "foreman_tasks_tasks" INNER JOIN foreman_tasks_locks AS foreman_tasks_locks_owner ON (foreman_tasks_locks_owner.task_id = foreman_tasks_tasks.id AND foreman_tasks_locks_owner.resource_type = 'User' AND foreman_tasks_locks_owner.name = 'task_owner') WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')) ORDER BY "foreman_tasks_tasks"."started_at" DESC NULLS LAST LIMIT 20 OFFSET 0

Expected results:

Proper handling of incorrect inputs.

Related issues 1 (0 open1 closed)

Blocked by Foreman - Refactor #17574: Update to scoped_search 4.xClosedDominic Cleal12/05/2016Actions
Actions
Copy link
 #1

Updated by Ivan Necas over 8 years ago

  • Subject changed from Task search not properly validating input, throws SQL error to Task search not properly validating input, throws SQL error
  • Target version set to 1.7.0
Actions
Copy link
 #2

Updated by Ivan Necas over 8 years ago

  • Target version changed from 1.7.0 to 1.6.1
Actions
Copy link
 #3

Updated by Shimon Shtein over 8 years ago

Added an issue in scoped_search with a suggestion to solve: https://github.com/wvanbergen/scoped_search/issues/148

Actions
Copy link
 #4

Updated by Ivan Necas over 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee changed from Ivan Necas to Shimon Shtein
Actions
Copy link
 #5

Updated by Ivan Necas over 8 years ago

  • Pull request https://github.com/wvanbergen/scoped_search/pull/149 added
Actions
Copy link
 #6

Updated by Shimon Shtein over 8 years ago

We will need an extra step after scoped_search PR will be merged. We will need to actually add a proper validator to owner.id field.

Actions
Copy link
 #7

Updated by Ivan Necas over 8 years ago

  • Target version changed from 1.6.1 to 127
Actions
Copy link
 #8

Updated by Ivan Necas over 8 years ago

  • Target version changed from 127 to 1.5.1
Actions
Copy link
 #9

Updated by Ivan Necas about 8 years ago

  • Target version changed from 1.5.1 to 1.4.1
Actions
Copy link
 #10

Updated by The Foreman Bot about 8 years ago

  • Pull request https://github.com/theforeman/foreman-tasks/pull/212 added
Actions
Copy link
 #11

Updated by Ivan Necas about 8 years ago

  • Target version changed from 1.4.1 to 113
Actions
Copy link
 #12

Updated by Shimon Shtein about 8 years ago

Actions
Copy link
 #13

Updated by Shimon Shtein almost 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link
 #14

Updated by Ivan Necas almost 8 years ago

  • Target version changed from 113 to 1.12.2
Actions
Copy link
 #15

Updated by Greg Sutcliffe over 6 years ago

  • Target version deleted (1.12.2)
Actions
Copy link

Also available in: Atom PDF