Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 804665

Summary: ISE on search "Days Since Last Checked-in"
Product: [Community] Spacewalk Reporter: Matej Kollar <mkollar>
Component: WebUIAssignee: Tomas Lestach <tlestach>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.7CC: cperry, jpazdziora, slukasik
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-01 16:19:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 871344    

Description Matej Kollar 2012-03-19 14:39:14 UTC 
Description of problem:

  Checking input on Search (Days Since Last Checked-in
  & Days Since First Registered) does not detect
  "<3" as incorrect input and returns ISE. Other
  toxic characters that can sneak behind detection
  are ">{}()", (they have to be used in conjunction with number).

  Also, parameters passed trough GET are not checked
  and leads to ISE even in cases they would be rejected
  if submitted by POST.

Version-Release number of selected component (if applicable):

  Spacewalk 1.7, Nightly

How reproducible: always/deterministic


Steps to Reproduce:

  1. Go to Search
  2. Pick "Days Since Last Checked-in" (or "Days Since First Registered")
  3. Use "<3" as search term.
  
Actual results:

  System is crushed (ISE) under weight of your feelings.

Expected results:

  System should explain to you, that your feelings are inappropriate,
  or that this field is not meant for you to express them.

Additional info:

  This is not a regression.

  Side effect of system's hurt feelings is NumberFormatException
  in catalina.out:

  > 2012-03-19 10:22:20,058 [TP-Processor8] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back
  > javax.servlet.ServletException: java.lang.NumberFormatException: For input string: "<3"
  >         at org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:520)
  ...
  > Caused by: java.lang.NumberFormatException: For input string: "<3"
  >         at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
  >         at java.lang.Integer.parseInt(Integer.java:481)
  ...
Comment 2 Tomas Lestach 2012-04-13 13:45:34 UTC 
spacewalk.git: bcc055b02eb13c7ac5d38cdb7a2b5f1be52df8db
Comment 3 Jan Pazdziora (Red Hat) 2012-06-15 14:01:02 UTC 
This is Spacewalk bugzilla -- could we have it public?
Comment 6 Jan Pazdziora (Red Hat) 2012-10-30 19:24:11 UTC 
Moving ON_QA. Packages that address this bugzilla should now be available in yum repos at http://yum.spacewalkproject.org/nightly/
Comment 7 Jan Pazdziora (Red Hat) 2012-11-01 16:19:27 UTC 
Spacewalk 1.8 has been released: https://fedorahosted.org/spacewalk/wiki/ReleaseNotes18