Bug 676761
Summary: | Entering invalid expression in search bar results in uncaught runtime exception, rather than user friendly error | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] RHQ Project | Reporter: | Corey Welton <cwelton> | ||||
Component: | SearchBar | Assignee: | Charles Crouch <ccrouch> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0.0 | CC: | ccrouch, hbrock, skondkar | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | 4.1 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-09-03 17:01:22 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 676759, 678340, 730796 | ||||||
Attachments: |
|
Description
Corey Welton
2011-02-11 03:41:59 UTC
I don't see a security bug here. However, we should be printing a friendly "Invalid search expression." error rather than an ugly stack trace with the SearchExpressionException buried inside it. [master ad611c8] fixes this. We now display an "Invalid search expression." error message if the user enters an invalid search expression on either the Resource or group list views. Tested on on build#344 (Version: 4.1.0-SNAPSHOT Build Number: bdc6f5e) The error message "Invalid search expression." is displayed to the user when user enters invalid search expression on the resource or group list views in 'Inventory->Resources' or 'Inventory->Groups' menu. However, when a user navigates to 'Inventory->Child Resources' tab of a resource (Ex: Platform resource), and enters the invalid expression, it displays the error "Failed to load resource composite data" in UI. Below are the details in message center: Message : Failed to load resource composite data Severity : Error Time : Thursday, August 25, 2011 5:21:22 PM Etc/GMT-5:30 Detail : java.lang.RuntimeException:[1314273082029] javax.ejb.EJBException:org.rhq.enterprise.server.search.SearchExpressionException: search pattern error -> org.rhq.enterprise.server.search.SearchExpressionException:search pattern error Below are the steps to reproduce: 1. Login to RHQ. 2. Navigate to the 'Inventory->Child Resources' tab of the inventoried platform. 3. In the search bar, enter the search criteria " document.write('<b>Hello World</b>') " 4. Press Enter key. Please refer the attached screenshot. Created attachment 519830 [details]
Screenshot
Good catch - I forgot about the Inventory>Children subtab, which also provides a search bar. [master 74ead91] fixes that. Verified on build#373 (Version: 4.1.0-SNAPSHOT Build Number: 044113e) when a user navigates to 'Inventory->Child Resources' tab of a resource (Ex: Platform resource), and enters the invalid expression, it displays the expected error message ""Invalid search expression." in UI. Marking as verified. Bulk closing of old issues that are in VERIFIED state. |