Bug #15922
closed
Task search not properly validating input, throws SQL error
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1248271
Description of problem:
Depending on expected inputs, user can get a SQL error thrown on Tasks when providing wrong input type.
Steps to Reproduce:
1. Create admin user named 'mmccune'
2. Using 'mmccune', perform a variety of tasks.
3. Monitor > Tasks
4. in search filter, search for owner.id = mmccune (note that this is incorrect; id is expecting an integer)
Actual results:
PGError: ERROR: invalid input syntax for integer: "mmccune" LINE 4: ...) WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')... ^ : SELECT "foreman_tasks_tasks".* FROM "foreman_tasks_tasks" INNER JOIN foreman_tasks_locks AS foreman_tasks_locks_owner ON (foreman_tasks_locks_owner.task_id = foreman_tasks_tasks.id AND foreman_tasks_locks_owner.resource_type = 'User' AND foreman_tasks_locks_owner.name = 'task_owner') WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')) ORDER BY "foreman_tasks_tasks"."started_at" DESC NULLS LAST LIMIT 20 OFFSET 0
Expected results:
Proper handling of incorrect inputs.
Updated by 
Updated by 
Updated by 
Updated by