Bug 200898 - bugzilla should provide better error for incorrect regex patterns
bugzilla should provide better error for incorrect regex patterns
Status: CLOSED CURRENTRELEASE
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
3.2
All Linux
medium Severity medium (vote)
: ---
: ---
Assigned To: PnT DevOps Devs
David Lawrence
https://bugzilla.redhat.com/bugzilla/...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-01 10:03 EDT by Chris Duryee
Modified: 2013-06-23 22:48 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-07 11:03:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
screenshot of settings to cause SQL error (87.57 KB, image/png)
2006-08-01 10:03 EDT, Chris Duryee
no flags Details

  None (edit)
Description Chris Duryee 2006-08-01 10:03:59 EDT
Description of problem:

Trying to search with reporter/bug owner "doesn't match regex" *redhat.com
crashes bugzilla (sql shown)

Version-Release number of selected component (if applicable):

2.18rh (what's on bugzilla.redhat.com)


How reproducible:
every time


Steps to Reproduce:
(note: screenshot attached)
1. Go to the advanced search page
2. search for Red Hat Web Site bugs, current release
3. select "reporter" and "bug owner" in the "any of:" checkboxes
4. select "doesn't match regex"
5. enter "*redhat.com" as the regex
6. run query
  
Actual results:

DBD::Pg::st execute failed: ERROR:  invalid regular expression: quantifier
operand invalid
 [for Statement "SELECT bugs.bug_id, bugs.bug_severity, bugs.priority,
bugs.bug_status, bugs.resolution, bugs.alias, bugs.bug_severity, bugs.priority,
bugs.rep_platform, map_assigned_to.login_name, bugs.bug_status, bugs.resolution,
bugs.short_desc FROM bugs LEFT JOIN bug_group_map  ON bug_group_map.bug_id =
bugs.bug_id  LEFT JOIN cc ON cc.bug_id = bugs.bug_id AND cc.who = 199427  ,
profiles AS map_assigned_to, profiles AS map_reporter WHERE bugs.assigned_to =
map_assigned_to.userid AND bugs.assigned_to = map_assigned_to.userid AND
bugs.reporter = map_reporter.userid AND ((bugs.product_id IN (29)) AND
(bugs.version IN ('current')) AND (bugs.bug_status IN
('NEW','ASSIGNED','REOPENED','MODIFIED')) AND
((LOWER(map_assigned_to.login_name)  !~  LOWER('*redhat.com')) OR
(LOWER(map_reporter.login_name)  !~  LOWER('*redhat.com')))) AND
((bug_group_map.group_id IS NULL)  OR bug_group_map.group_id IN
(81,75,138,140,79,67,41,127,58,122,35,7,133,62,93,126,72,39,33,107,22,78,14,123,44,139,121,92,85,91,25,15,61,142,38)
 OR (bugs.reporter_accessible = 1 AND bugs.reporter = 199427)  OR
(bugs.cclist_accessible = 1 AND cc.who IS NOT NULL)  OR (bugs.assigned_to =
199427)  OR (bugs.qa_contact = 199427) ) GROUP BY bugs.bug_id,
bugs.bug_id,bugs.bug_severity,bugs.priority,bugs.bug_status,bugs.resolution,bugs.alias,bugs.bug_severity,bugs.priority,bugs.rep_platform,map_assigned_to.login_name,bugs.bug_status,bugs.resolution,bugs.short_desc
ORDER BY bugs.bug_status,bugs.priority,map_assigned_to.login_name,bugs.bug_id"]
at Bugzilla/DB.pm line 71
	Bugzilla::DB::SendSQL('SELECT bugs.bug_id, bugs.bug_severity, bugs.priority,
bugs.bu...') called at /var/www/html/bugzilla/buglist.cgi line 651

Expected results:

Query should work, or give an error that my regex is bad.

Additional info:


It looks like the regex field is going right into the SQL statement without
sanitization.

Also, maybe the text entry field should be called "contains" instead of "matches
regex", since it just goes into a LOWER() for matching.
Comment 1 Chris Duryee 2006-08-01 10:03:59 EDT
Created attachment 133397 [details]
screenshot of settings to cause SQL error
Comment 2 David Lawrence 2006-08-01 10:52:24 EDT
'*' is not a valid quantifier in the regex language. You would need to instead
type '.*redhat.com'. The problem here is that Bugzilla is not failing gracefully
for misinterpreted regex patterns. I suppose it needs to at a minimum to
substitute '.*' for any '*' characters that it finds as well as some of the
other quanitifiers it uses. And/Or it needs to precompile the regex first before
using in SQL and then fail with a descriptive error and make some possible
suggestions.

In the meantime, I tried your same query with '.*redhat.com' instead and all
works fine with that.
Comment 3 David Lawrence 2008-09-16 12:54:46 EDT
Red Hat Bugzilla is now using version 3.2 of the Bugzilla codebase and therefore this bug will need to be re-verified against the new release. With the updated code this bug may no longer be relevant or may have been fixed in the new code.
Updating bug version to 3.2.

Note You need to log in before you can comment on or make changes to this bug.