Bug 1248271 - Task search not properly validating input, throws SQL error
Task search not properly validating input, throws SQL error
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Tasks Plugin (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Shimon Shtein
Katello QA List
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2015-07-29 21:34 EDT by Corey Welton
Modified: 2017-03-21 17:12 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-03-21 17:12:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 15922 None None None 2016-08-01 02:50 EDT

  None (edit)
Description Corey Welton 2015-07-29 21:34:14 EDT
Description of problem:

Depending on expected inputs, user can get a SQL error thrown on Tasks when providing wrong input type.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Create admin user named 'mmccune'
2.  Using 'mmccune', perform a variety of tasks.
3.  Monitor > Tasks
4.  in search filter, search for owner.id = mmccune (note that this is incorrect; id is expecting an integer)

View results

Actual results:

PGError: ERROR: invalid input syntax for integer: "mmccune" LINE 4: ...) WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')... ^ : SELECT "foreman_tasks_tasks".* FROM "foreman_tasks_tasks" INNER JOIN foreman_tasks_locks AS foreman_tasks_locks_owner ON (foreman_tasks_locks_owner.task_id = foreman_tasks_tasks.id AND foreman_tasks_locks_owner.resource_type = 'User' AND foreman_tasks_locks_owner.name = 'task_owner') WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')) ORDER BY "foreman_tasks_tasks"."started_at" DESC NULLS LAST LIMIT 20 OFFSET 0

Expected results:

Proper handling of incorrect inputs.

Additional info:
Comment 2 Ivan Necas 2016-08-01 02:50:53 EDT
Created redmine issue http://projects.theforeman.org/issues/15922 from this bug
Comment 4 Bryan Kearney 2016-08-04 16:18:14 EDT
Moving 6.2 bugs out to sat-backlog.
Comment 5 Bryan Kearney 2016-08-29 10:08:54 EDT
Upstream bug assigned to sshtein@redhat.com
Comment 6 Bryan Kearney 2016-08-29 10:08:58 EDT
Upstream bug assigned to sshtein@redhat.com
Comment 7 Bryan Kearney 2017-03-21 17:12:35 EDT
There is a an upstream issue opened for this. We will no longer be tracking this downstream. If you believe this was closed in error please feel free to re-open with additional information.

Note You need to log in before you can comment on or make changes to this bug.