Jira (PDB-2488) Don't accept trailing garbage in query string

[Rob Browning (JIRA)]

Rob Browning created an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string Issue Type: Bug Assignee: Unassigned Created: 2016/03/01 9:20 AM Priority: Normal Reporter: Rob Browning Right now, this will succeed, returning all facts, and it shouldn't: curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]' Add Comment

This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Zachary Kent Labels: tsr-pdb-backlog

Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string Change By: Zachary Kent

Right now, this will succeed, returning all facts, and it shouldn't:

{code}

curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]'

{code}

Add Comment

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string Change By: Zachary Kent

Right now, this will succeed, returning all facts, and it shouldn't: {code}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]' {code}

Another example:  {code:java}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] this-is-trailing-garbage-and-not-part-of-the-query' {code}

Add Comment

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string Change By: Zachary Kent

Right now, this will succeed, returning all facts, and it shouldn't: {code}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]' {code}

In the example above there isn't an enclosing set of brackets so there are two ast forms submitted but only the first is evaluated.

Another example:  {code:java}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] this-is-trailing-garbage-and-not-part-of-the-query' {code}

Add Comment

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Zachary Kent Team: Ghost

Add Comment

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string Change By: Zachary Kent

Right now, this will succeed, returning all facts, and it shouldn't: {code}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]' {code}

In the example above there isn't an enclosing set of brackets so there are two ast forms submitted but only the first ["from", "facts"]  is evaluated.

Another example:  {code:java}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] this-is-trailing-garbage-and-not-part-of-the-query' {code}

Add Comment

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string Change By: Zachary Kent

Right now, this will succeed, returning all facts, and it shouldn't: {code}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]' {code} In the example above there isn't an enclosing set of brackets so there are two ast forms submitted but only the first ["from", "facts"] is evaluated.    Another example:

{code:java}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] this-is-trailing-garbage-and-not-part-of-the-query -that-gets-evaluated ' {code}

Add Comment

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string Change By: Zachary Kent

Right now, this will succeed, returning all facts, and it shouldn't: {code}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] ["not" ["=", "certname", "security-sensitive-host"]]' {code} In the example above there isn't an enclosing set of brackets so there are two ast forms submitted but only the first ["from", "facts"] is evaluated.    Another example:  {code:java}curl -X GET http://localhost:8080/pdb/query/v4?pretty=true --data-urlencode 'query=["from","facts"] this-is-trailing-garbage-and-not-part-of-the-query-that-gets-evaluated' {code}

We should error when this happens and indicate in that there was more than one form submitted in the query. It may be possible to do this by adding another func in [middleware.clj|https://github.com/puppetlabs/puppetdb/blob/master/src/puppetlabs/puppetdb/middleware.clj] to the handler that's created in the [build-app|https://github.com/puppetlabs/puppetdb/blob/master/src/puppetlabs/puppetdb/http/server.clj#L62] func.

Add Comment

[Bogdan Irimie (Jira)]

Bogdan Irimie updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Bogdan Irimie Story Points: 5

Add Comment

[Bogdan Irimie (Jira)]

Bogdan Irimie updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Bogdan Irimie Sprint: ghost-27.01.2021

Add Comment

[Bogdan Irimie (Jira)]

Bogdan Irimie updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Bogdan Irimie Sprint: ghost-27.01.2021 , ready for triage 3

Add Comment

[Andrei Filipovici (Jira)]

Andrei Filipovici assigned an issue to Andrei Filipovici

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Andrei Filipovici Assignee: Andrei Filipovici

Add Comment

[Bogdan Irimie (Jira)]

Bogdan Irimie updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Bogdan Irimie Sprint: ghost-27.01.2021, ghost-10.02.2021 , ready for triage 3

Add Comment

[Bogdan Irimie (Jira)]

Bogdan Irimie updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Bogdan Irimie Sprint: ghost-27.01.2021, ghost-10.02.2021, ghost-24.02.2021 , ready for triage 3

Add Comment

[Zachary Kent (Jira)]

Zachary Kent updated an issue

PuppetDB / PDB-2488 Don't accept trailing garbage in query string

Change By: Zachary Kent Fix Version/s: PDB 7.3.0 Fix Version/s: PDB 6.16.0

Add Comment

This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)