Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-2488

Don't accept trailing garbage in query string

    XMLWordPrintable

    Details

    • Template:
    • Team:
      Ghost
    • Story Points:
      5
    • Sprint:
      ghost-27.01.2021, ghost-10.02.2021, ghost-24.02.2021, ghost-10.03.2021
    • Release Notes:
      Known Issue
    • Release Notes Summary:
      Hide
      When multiple AST queries are sent into one request, an error message is returned, instead of solving just the first query.
      Also, if the Json parse fails, a similar message to the one sent by the PQL parser is returned.
      Show
      When multiple AST queries are sent into one request, an error message is returned, instead of solving just the first query. Also, if the Json parse fails, a similar message to the one sent by the PQL parser is returned.

      Description

      Right now, this will succeed, returning all facts, and it shouldn't:

      curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]'
      

      In the example above there isn't an enclosing set of brackets so there are two ast forms submitted but only the first ["from", "facts"] is evaluated. 

       

      Another example: 

      curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] this-is-trailing-garbage-and-not-part-of-the-query-that-gets-evaluated'
      

       

      We should error when this happens and indicate in that there was more than one form submitted in the query. It may be possible to do this by adding another func in middleware.clj to the handler that's created in the build-app func.

       

        Attachments

          Activity

            People

            Assignee:
            andrei.filipovici Andrei Filipovici
            Reporter:
            rob.browning Rob Browning
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support