Project

General

Profile

Bug #18084

Search raises PGError on feeding a non-integer value for a integer field

Added by Kavita Gaikwad over 2 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1283933
Description of problem:
while performing a search on any Foreman entity, there is an error raised on filtering integer-based attributes with non-integer values:

This error exposes a SQL query:

Warning!
PGError: ERROR: invalid input syntax for integer: "not_an_int" LINE 1: ... WHERE (("operatingsystems"."hostgroups_count" <= 'not_an_int')) ORDE... ^ : SELECT "operatingsystems".* FROM "operatingsystems" WHERE (("operatingsystems"."hostgroups_count" <= 'not_an_int')) ORDER BY title LIMIT 20 OFFSET 0

Version-Release number of selected component (if applicable):

rpm -qa katello
katello-2.4.0-6.nightly.el7.noarch
rpm -qa foreman*
foreman-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-proxy-1.11.0-0.develop.201511161424gitf24be74.el7.noarch
foreman-release-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-libvirt-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-release-scl-1-1.el7.x86_64
foreman-ovirt-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-postgresql-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-selinux-1.11.0-0.develop.201510071426git6234447.el7.noarch
foreman-debug-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-compute-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-gce-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch
foreman-vmware-1.11.0-0.develop.201511181617git2fc4d6d.el7.noarch

How reproducible:
every time

Steps to Reproduce:
1. login to webui
2. go to content-view page (e.g. architectures, operating systems,..)
3. type in a query based on an integer-based attribute (e.g. organization_id) and provide a non-integer value (e.g. organization_id = 'foo')

Actual results:
PGError warning

Expected results:
Although it is alright for the query to fail, the input should be validated before passed to the actual SQL query (perhaps a sql injection might be possible?).
The neat solution might be to display an error notification as a popup, so user doesn't need to leave the search page every time he makes an error in the search query

Additional info:
no SQL tables were harmed during producing this BZ.


Related issues

Related to Foreman - Bug #12547: Search raises PGError on feeding a non-integer value for a integer fieldClosed2015-11-20

Associated revisions

Revision ac66f56b (diff)
Added by Kavita Gaikwad over 2 years ago

Fixes #18084 - Added validators to interger fields

With this commit, instead of postgresql exception it will
show proper validation message for interger fields.

History

#1 Updated by Kavita Gaikwad over 2 years ago

  • Related to Bug #12547: Search raises PGError on feeding a non-integer value for a integer field added

#2 Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/6546 added

#3 Updated by Kavita Gaikwad over 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Justin Sherrill over 2 years ago

  • Legacy Backlogs Release (now unused) set to 211

#5 Updated by Kavita Gaikwad over 2 years ago

  • Target version set to 158

Also available in: Atom PDF