[PDB-2488] Don't accept trailing garbage in query string - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PDB 6.16.1, PDB 7.3.1
Component/s: PuppetDB
Labels:
- tsr-pdb-backlog

Team:
Ghost
Story Points:
5
Sprint:
ghost-27.01.2021, ghost-10.02.2021, ghost-24.02.2021, ghost-10.03.2021

Release Notes:
Known Issue
Release Notes Summary:

Hide
When multiple AST queries are sent into one request, an error message is returned, instead of solving just the first query.
Also, if the Json parse fails, a similar message to the one sent by the PQL parser is returned.

Show
When multiple AST queries are sent into one request, an error message is returned, instead of solving just the first query. Also, if the Json parse fails, a similar message to the one sent by the PQL parser is returned.

Description

Right now, this will succeed, returning all facts, and it shouldn't:

curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]'

In the example above there isn't an enclosing set of brackets so there are two ast forms submitted but only the first ["from", "facts"] is evaluated.

Another example:

curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] this-is-trailing-garbage-and-not-part-of-the-query-that-gets-evaluated'

We should error when this happens and indicate in that there was more than one form submitted in the query. It may be possible to do this by adding another func in middleware.clj to the handler that's created in the build-app func.

Attachments

Activity

People

Assignee:: Andrei Filipovici

Reporter:: Rob Browning

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2016/03/01 9:20 AM

Updated:: 2022/01/17 12:43 PM

Resolved:: 2021/02/25 1:17 AM