Project

General

Profile

Actions

action #131012

closed

[openqa_logwarn] Nested quantifiers in regex;lib/OpenQA/Schema/Result/JobGroups.pm size:M

Added by tinita over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Regressions/Crashes
Target version:
Start date:
2023-06-16
Due date:
% Done:

0%

Estimated time:

Description

Observation

[2023-06-15T17:12:06.712593Z] [error] [u1Z-BQzDRUJj] Nested quantifiers in regex; marked by <-- HERE in
m/1'and/** <-- HERE /extractvalue(1,concat(char(126),md5(1182377443)))and'/ at
/usr/share/openqa/script/../lib/OpenQA/Schema/Result/JobGroups.pm line 174.

[2023-06-15T17:12:06.748218Z] [error] [54C15Ag5Uwy3] Nested quantifiers in regex; marked by <-- HERE in
m/1"and/** <-- HERE /extractvalue(1,concat(char(126),md5(1054080286)))and"/ at
/usr/share/openqa/script/../lib/OpenQA/Schema/Result/JobGroups.pm line 174.

[2023-06-15T17:12:07.022245Z] [error] [5kL-XS9KObJX] Nested quantifiers in regex; marked by <-- HERE in
m/1'and(select'1'from/** <-- HERE /cast(md5(1219127737)as/**/int))>'0/ at
/usr/share/openqa/script/../lib/OpenQA/Schema/Result/JobGroups.pm line 174.

...

Seems to come from requests like

[15/Jun/2023:17:12:06 +0000] "GET /dashboard_build_results?group=1%27and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281182377443%29%29%29and%27&interval=0&limit_builds=1&show_tags=1&time_limit_days=1 HTTP/1.1" 500 862 "https://openqa.opensuse.org/" 

Suggestions

  • Is it possible that we come up with a regex string validation and feed back to the user according feedback?
  • Ensure that the user entering an unsupported regex string receives the feedback, e.g. javascript and then show a bootstrap alert or flash
Actions

Also available in: Atom PDF