Actions
action #131012
closed[openqa_logwarn] Nested quantifiers in regex;lib/OpenQA/Schema/Result/JobGroups.pm size:M
Description
Observation¶
[2023-06-15T17:12:06.712593Z] [error] [u1Z-BQzDRUJj] Nested quantifiers in regex; marked by <-- HERE in
m/1'and/** <-- HERE /extractvalue(1,concat(char(126),md5(1182377443)))and'/ at
/usr/share/openqa/script/../lib/OpenQA/Schema/Result/JobGroups.pm line 174.
[2023-06-15T17:12:06.748218Z] [error] [54C15Ag5Uwy3] Nested quantifiers in regex; marked by <-- HERE in
m/1"and/** <-- HERE /extractvalue(1,concat(char(126),md5(1054080286)))and"/ at
/usr/share/openqa/script/../lib/OpenQA/Schema/Result/JobGroups.pm line 174.
[2023-06-15T17:12:07.022245Z] [error] [5kL-XS9KObJX] Nested quantifiers in regex; marked by <-- HERE in
m/1'and(select'1'from/** <-- HERE /cast(md5(1219127737)as/**/int))>'0/ at
/usr/share/openqa/script/../lib/OpenQA/Schema/Result/JobGroups.pm line 174.
...
Seems to come from requests like
[15/Jun/2023:17:12:06 +0000] "GET /dashboard_build_results?group=1%27and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281182377443%29%29%29and%27&interval=0&limit_builds=1&show_tags=1&time_limit_days=1 HTTP/1.1" 500 862 "https://openqa.opensuse.org/"
Suggestions¶
- Is it possible that we come up with a regex string validation and feed back to the user according feedback?
- Ensure that the user entering an unsupported regex string receives the feedback, e.g. javascript and then show a bootstrap alert or flash
Actions