Bug 804665 - ISE on search "Days Since Last Checked-in"
ISE on search "Days Since Last Checked-in"
Product: Spacewalk
Classification: Community
Component: WebUI (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Tomas Lestach
Red Hat Satellite QA List
Depends On:
Blocks: space18
  Show dependency treegraph
Reported: 2012-03-19 10:39 EDT by Matej Kollar
Modified: 2015-07-26 18:20 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-11-01 12:19:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matej Kollar 2012-03-19 10:39:14 EDT
Description of problem:

  Checking input on Search (Days Since Last Checked-in
  & Days Since First Registered) does not detect
  "<3" as incorrect input and returns ISE. Other
  toxic characters that can sneak behind detection
  are ">{}()", (they have to be used in conjunction with number).

  Also, parameters passed trough GET are not checked
  and leads to ISE even in cases they would be rejected
  if submitted by POST.

Version-Release number of selected component (if applicable):

  Spacewalk 1.7, Nightly

How reproducible: always/deterministic

Steps to Reproduce:

  1. Go to Search
  2. Pick "Days Since Last Checked-in" (or "Days Since First Registered")
  3. Use "<3" as search term.
Actual results:

  System is crushed (ISE) under weight of your feelings.

Expected results:

  System should explain to you, that your feelings are inappropriate,
  or that this field is not meant for you to express them.

Additional info:

  This is not a regression.

  Side effect of system's hurt feelings is NumberFormatException
  in catalina.out:

  > 2012-03-19 10:22:20,058 [TP-Processor8] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back
  > javax.servlet.ServletException: java.lang.NumberFormatException: For input string: "<3"
  >         at org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:520)
  > Caused by: java.lang.NumberFormatException: For input string: "<3"
  >         at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
  >         at java.lang.Integer.parseInt(Integer.java:481)
Comment 2 Tomas Lestach 2012-04-13 09:45:34 EDT
spacewalk.git: bcc055b02eb13c7ac5d38cdb7a2b5f1be52df8db
Comment 3 Jan Pazdziora 2012-06-15 10:01:02 EDT
This is Spacewalk bugzilla -- could we have it public?
Comment 6 Jan Pazdziora 2012-10-30 15:24:11 EDT
Moving ON_QA. Packages that address this bugzilla should now be available in yum repos at http://yum.spacewalkproject.org/nightly/
Comment 7 Jan Pazdziora 2012-11-01 12:19:27 EDT
Spacewalk 1.8 has been released: https://fedorahosted.org/spacewalk/wiki/ReleaseNotes18

Note You need to log in before you can comment on or make changes to this bug.