Bug 1022448 - Missing input validation for several panels in console installer.
Missing input validation for several panels in console installer.
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Installer (Show other bugs)
6.2.0
Unspecified Unspecified
unspecified Severity medium
: CR1
: EAP 6.2.0
Assigned To: Miles Tjandrawidjaja
Petr Kremensky
Russell Dickenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-23 06:03 EDT by Petr Kremensky
Modified: 2014-04-30 07:16 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-15 11:14:16 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Kremensky 2013-10-23 06:03:55 EDT
Description of problem:
 Input validation is missing for several panels while installing EAP in console mode. This could lead to installation failure due to processing of invalid data.

Version-Release number of selected component (if applicable):
 EAP 6.2.0.ER6
 
How reproducible:
 Always

Steps to Reproduce:
 1. Run the console installation: java -jar jboss-eap-6.2.0.ER6-installer.jar -console
 2. Enter some invalid data (eg. installation path = /abc/def)
 3. Finish the installation

Actual results:
 [ ERROR: Could not create directory /dsa/dsa/jboss-eap-6.2/bin ]

Expected results:
 User is warned that directory he entered is invalid and is prompted to enter a new one, user cannot continue with installation unless he enters valid directory

Additional info:
List of panels with missing input validation I found:
Select the installation path:
 - path validation

Select the quickstart installation path:
 - quickstarts path validation
 - new settings.xml path validation

Cannot check port configuration because of BZ1021976

Password Vault Configuration
 - salt could have more than 8 chars

Infinispan Configuration
 - missing numeric validation for Eviction Max Entries
 - missing numeric validation for Expiration Max Idle

Security-Domain Configuration
 - Authentication options should be consist of key=value entries (this should be fixed also in GUI instller) 

Configure the datasource for Red Hat JBoss Enterprise Application Platform below.
 - min pool size can by still greater than max pool size, just enter 50 as min pool size and leave default (20) for max pool.
Comment 1 Miles Tjandrawidjaja 2013-10-24 15:49:16 EDT
Validation has been added to the installation path during console installation.
Now checks weather or not you can create in the directory you have chosen.

Validation has been added to the quickstarts panel during console installation.
Now checks weather or not you can install quickstarts in directory you have chosen.

Validation has been added to password value configuration during console install.
Salt must contain only 8 characters.

Validation for infinispan configuration for entries eviction max and expiration max idle has is now the same as in GUI. Only numeric values can be passed in, must contain 1 to 10 digits.

Security-Domain Configurations now check for consistent key=value entries. Multiple entries should be separated with a comma.


Console installation now properly checks that min pool size must be less than the max pool size.
Comment 2 Petr Kremensky 2013-11-01 08:32:43 EDT
I am still able to enter some invalid data:
Select the installation path:
 - path validation (installation will fail)

Select the quickstart installation path:
 - new settings.xml path validation (installation will fail)

Security-Domain Configuration
 - Authentication options should be consist of key=value entries (this should be fixed also in GUI instller), however aaa=bbb=ccc is considered to be a valid input now.
Comment 3 Miles Tjandrawidjaja 2013-11-06 12:08:12 EST
Path validation has been fixed for target panel and settings
http://git.app.eng.bos.redhat.com/jbossas-installer.git/commit/?h=eap-6.2&id=020fea5b43603053b3a5c5473aa17ce2a44d31c3

Now longer allowed aaa=bbb=ccc as a valid input for key,value entries.

585e8fdcf99671763ba0030113b7aea443a35818
162f5e3b3d68ba47f4ebad87cfd9523e71196d64
Comment 4 Petr Kremensky 2013-11-15 06:23:22 EST
Verified on EAP 6.2.0.CR1 installer.

Note You need to log in before you can comment on or make changes to this bug.