| Summary: | The Deploy REST operations accept a different range of strings for the deployment Id than the other REST operations | ||
|---|---|---|---|
| Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | Marco Rietveld <mrietvel> |
| Component: | Business Central | Assignee: | Marco Rietveld <mrietvel> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ivo Bek <ibek> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.0.0 | CC: | kverlaen, mbaluch, smcgowan |
| Target Milestone: | ER6 | ||
| Target Release: | 6.0.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-08-06 20:09:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Ahh, the regex that should be used is this:
[\\w\\.-]+(:[\\w\\.-]+){2,2}(:[\\w\\.-]*){0,2}
Fixed: 6.0.x: https://github.com/droolsjbpm/droolsjbpm-integration/commit/52fe23ee master: https://github.com/droolsjbpm/droolsjbpm-integration/commit/86b6d61d Verified in BPMS 6.0.0.ER7 |
Description of problem: The REST deployment operations currently use the following regex for the deployment Id: [^\\s:]+(:[^\\s:]+){2,2}(:[^\\s:]*){0,2} The other REST operations currently use the following regex for the deployment Id: [a-zA-Z0-9-:\\.]+ This means that users might be able to deploy a deployment with a deployment id that they would not be able to use in other REST operations. Furthermore the use of \\s (all non-whitespaces characters) could cause crashes or possible security problems. For both of the reasons above, we should change the regex used in both places to this: https://github.com/droolsjbpm/droolsjbpm-integration/commit/86b6d61d16db50165a55f933b24b1e5a336a47a2 This fix has already been committed to master. This bug is to ensure that it also gets added to the product branch.