Actions
action #132545
closed[o3-logwarn] invalid input syntax for type bigint
Description
It looks like input validation of one or more API routes needs to be improved:
[2023-07-11T02:36:52.656533Z] [error] [DojFwA4uv-jz] DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::Pg::st execute failed: ERROR: invalid input syntax for type bigint: "https://www.google.com/mi/"
CONTEXT: unnamed portal parameter $1 = '...' [for Statement "SELECT me.id, me.result_dir, me.archived, me.state, me.priority, me.result, me.reason, me.clone_id, me.blocked_by_id, me.TEST, me.DISTRI, me.VERSION, me.FLAVOR, me.ARCH, me.BUILD, me.MACHINE, me.group_id, me.assigned_worker_id, me.t_started, me.t_finished, me.logs_present, me.passed_module_count, me.failed_module_count, me.softfailed_module_count, me.skipped_module_count, me.externally_skipped_module_count, me.scheduled_product_id, me.result_size, me.t_created, me.t_updated FROM jobs me WHERE ( ( me.group_id = ? AND me.BUILD = ? ) ) ORDER BY me.id DESC LIMIT ?" with ParamValues: 1='https://www.google.com/mi/', 2='20210707', 3='10001'] at /usr/share/openqa/script/../lib/OpenQA/WebAPI/Controller/API/V1/Job.pm line 120
Updated by okurz over 1 year ago
- Priority changed from Normal to Low
- Target version set to future
Updated by mkittler over 1 year ago
- Status changed from New to Feedback
- Priority changed from Low to Normal
- Target version deleted (
future)
I saw you put this in future but I wanted to check the code nevertheless because it could have been a security-relevant problem. Luckily it isn't one. I nevertheless created a PR (https://github.com/os-autoinst/openQA/pull/5239) because this is actually very easy to fix.
Updated by mkittler over 1 year ago
- Priority changed from Normal to Low
- Target version set to future
Updated by okurz over 1 year ago
- Due date set to 2023-07-25
- Target version changed from future to Ready
Looking into security is a good excuse :D PR is already approved. I assume it will be merged quickly.
Updated by okurz over 1 year ago
- Due date deleted (
2023-07-25) - Status changed from Feedback to Resolved
PR merged. That should be good enough
Updated by tinita over 1 year ago
- Status changed from Resolved to Workable
While the PR makes sense, the actual error in the log cited in the ticket seems to be rather coming from this request:
GET /api/v1/jobs?build=20210707&groupid=https%3A%2F%2Fwww.google.com%2Fmi%2F
It's complaining about the group_id
Updated by mkittler over 1 year ago
- Status changed from Workable to In Progress
Updated by okurz over 1 year ago
- Status changed from In Progress to Resolved
merged, trying again :)
Actions