Description of problem: Version-Release number of selected component (if applicable): 5.6.0.12 How reproducible: 100% Steps to Reproduce: 1. Add a filter in Infrastructure-> VMs -> All VMs 2. For example: COUNT OF Virtual Machine.Advanced Settings > <user input> 3. Test it with string "test" for example 4. There is small chance, that infinispinner won't appear 5. If infinispinner appears, then click on cancel Actual results: Sometimes even after cancel there is infinispinner, but there is always missing search bar Expected results: Search bar shouldn't be missing Additional info: It probably has something to do with this one: https://bugzilla.redhat.com/show_bug.cgi?id=1349406
Created attachment 1171461 [details] Missing search bar
*** Bug 1349428 has been marked as a duplicate of this bug. ***
Eric, I added a filter as mentioned above "COUNT OF Virtual Machine.Advanced Settings " and entered some value with text in "user input" field, it throws an error in log, reason that Advanced search is missing after spinner stops is because previous transaction does not complete due to error in log and screen does not finish drawing completely. When i added a filter with user input and provided user input value as some text, i see an error in log: [----] F, [2016-07-01T17:27:17.219332 #25954:5277bbc] FATAL -- : Error caught: [ArgumentError] wrong number of arguments (0 for 2..3) /home/hkataria/dev/manageiq/app/models/condition.rb:94:in `eval' (eval):1:in `do_eval' /home/hkataria/dev/manageiq/app/models/condition.rb:94:in `eval' /home/hkataria/dev/manageiq/app/models/condition.rb:94:in `do_eval' /home/hkataria/dev/manageiq/app/models/condition.rb:90:in `subst_matches?' /home/hkataria/dev/manageiq/app/models/miq_expression.rb:788:in `lenient_evaluate' /home/hkataria/dev/manageiq/app/models/rbac.rb:537:in `matches_search_filters?' /home/hkataria/dev/manageiq/app/models/rbac.rb:444:in `block in search' /home/hkataria/.rvm/gems/ruby-2.2.3/gems/activerecord-5.0.0.rc2/lib/active_record/relation/delegation.rb:38:in `each' /home/hkataria/.rvm/gems/ruby-2.2.3/gems/activerecord-5.0.0.rc2/lib/active_record/relation/delegation.rb:38:in `each' /home/hkataria/dev/manageiq/app/models/rbac.rb:444:in `reject' /home/hkataria/dev/manageiq/app/models/rbac.rb:444:in `search' /home/hkataria/dev/manageiq/app/models/miq_report/search.rb:103:in `paged_view_search' /home/hkataria/dev/manageiq/app/controllers/application_controller.rb:1586:in `get_view' /home/hkataria/dev/manageiq/app/controllers/application_controller/ci_processing.rb:1398:in `process_show_list' /home/hkataria/dev/manageiq/app/controllers/vm_common.rb:1477:in `get_node_info' /home/hkataria/dev/manageiq/app/controllers/vm_common.rb:1531:in `replace_right_cell' /home/hkataria/dev/manageiq/app/controllers/application_controller/filter.rb:953:in `quick_search_apply_click' /home/hkataria/dev/manageiq/app/controllers/application_controller/filter.rb:989:in `quick_search' /home/hkataria/.rvm/gems/ruby-2.2.3/gems/actionpack-5.0.0.rc2/lib/action_control Let me know if you need help recreating this or need more information. Thanks, ~Harpreet
New commit detected on ManageIQ/manageiq/darga: https://github.com/ManageIQ/manageiq/commit/fcfbeae255bda843a0d5ff80e2e90071ef3d7e33 commit fcfbeae255bda843a0d5ff80e2e90071ef3d7e33 Author: Eric Hayes <eric> AuthorDate: Tue Jul 26 14:45:07 2016 -0700 Commit: Eric Hayes <eric> CommitDate: Fri Aug 5 14:24:58 2016 -0700 Coerce values to integers for count operations https://bugzilla.redhat.com/show_bug.cgi?id=1353722 https://bugzilla.redhat.com/show_bug.cgi?id=1349429 app/models/miq_expression.rb | 4 ++-- spec/models/miq_expression_spec.rb | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-)
New commit detected on ManageIQ/manageiq/darga: https://github.com/ManageIQ/manageiq/commit/8ba817b46dc4d0d6db1beb7fd5f4c8310267c21c commit 8ba817b46dc4d0d6db1beb7fd5f4c8310267c21c Merge: df1061b fcfbeae Author: Oleg Barenboim <obarenbo> AuthorDate: Wed Aug 10 15:09:52 2016 -0400 Commit: root <root.lab.eng.rdu2.redhat.com> CommitDate: Wed Aug 10 17:25:08 2016 -0400 Merge branch 'fix_expr_cve' into '5.6.z' Filter input from custom searches In custom built searches it's possible to submit unfiltered string values into fields that expect integers. These values make their way through `eval` allowing for arbitrary Ruby code execution. Addresses CVE-2016-5383 and https://bugzilla.redhat.com/show_bug.cgi?id=1353722 Discovered while investigating this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1349429 Thanks to @twade (Tim Wade) /cc @obarenbo @jfrey See merge request !1024 app/models/miq_expression.rb | 4 ++-- spec/models/miq_expression_spec.rb | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-)
https://github.com/ManageIQ/manageiq/pull/11011
Verified in 5.7.0.11. Search bar is not missing anymore after cancelling or executing filter with wrong user input.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0012.html