Bug 804665 - ISE on search "Days Since Last Checked-in"
Summary: ISE on search "Days Since Last Checked-in"
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Spacewalk
Classification: Community
Component: WebUI
Version: 1.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Lestach
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: space18
TreeView+ depends on / blocked
 
Reported: 2012-03-19 14:39 UTC by Matej Kollar
Modified: 2015-07-26 22:20 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-11-01 16:19:27 UTC
Embargoed:


Attachments (Terms of Use)

Description Matej Kollar 2012-03-19 14:39:14 UTC
Description of problem:

  Checking input on Search (Days Since Last Checked-in
  & Days Since First Registered) does not detect
  "<3" as incorrect input and returns ISE. Other
  toxic characters that can sneak behind detection
  are ">{}()", (they have to be used in conjunction with number).

  Also, parameters passed trough GET are not checked
  and leads to ISE even in cases they would be rejected
  if submitted by POST.

Version-Release number of selected component (if applicable):

  Spacewalk 1.7, Nightly

How reproducible: always/deterministic


Steps to Reproduce:

  1. Go to Search
  2. Pick "Days Since Last Checked-in" (or "Days Since First Registered")
  3. Use "<3" as search term.
  
Actual results:

  System is crushed (ISE) under weight of your feelings.

Expected results:

  System should explain to you, that your feelings are inappropriate,
  or that this field is not meant for you to express them.

Additional info:

  This is not a regression.

  Side effect of system's hurt feelings is NumberFormatException
  in catalina.out:

  > 2012-03-19 10:22:20,058 [TP-Processor8] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back
  > javax.servlet.ServletException: java.lang.NumberFormatException: For input string: "<3"
  >         at org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:520)
  ...
  > Caused by: java.lang.NumberFormatException: For input string: "<3"
  >         at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
  >         at java.lang.Integer.parseInt(Integer.java:481)
  ...

Comment 2 Tomas Lestach 2012-04-13 13:45:34 UTC
spacewalk.git: bcc055b02eb13c7ac5d38cdb7a2b5f1be52df8db

Comment 3 Jan Pazdziora (Red Hat) 2012-06-15 14:01:02 UTC
This is Spacewalk bugzilla -- could we have it public?

Comment 6 Jan Pazdziora (Red Hat) 2012-10-30 19:24:11 UTC
Moving ON_QA. Packages that address this bugzilla should now be available in yum repos at http://yum.spacewalkproject.org/nightly/

Comment 7 Jan Pazdziora (Red Hat) 2012-11-01 16:19:27 UTC
Spacewalk 1.8 has been released: https://fedorahosted.org/spacewalk/wiki/ReleaseNotes18


Note You need to log in before you can comment on or make changes to this bug.