action #133901
Updated by tinita over 1 year ago
## Observation From o3 /var/log/openqa: ``` [2023-08-05T20:39:10.313025Z] [error] [wjDADFtweJVf] DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::Pg::st execute failed: ERROR: invalid input syntax for type bigint: "1'" CONTEXT: unnamed portal parameter $1 = '...' [for Statement "SELECT COUNT( * ) FROM scheduled_products me WHERE ( me.id = ? )" with ParamValues: 1='1''] at /usr/share/openqa/script/../lib/OpenQA/WebAPI/ServerSideDataTable.pm line 33 [2023-08-05T20:40:04.268615Z] [error] [SXp2NHWv1rW-] DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::Pg::st execute failed: ERROR: invalid input syntax for type bigint: "1<script>alert(1)</script>" CONTEXT: unnamed portal parameter $1 = '...' [for Statement "SELECT COUNT( * ) FROM scheduled_products me WHERE ( me.id = ? )" with ParamValues: 1='1<script>alert(1)</script>'] at /usr/share/openqa/script/../lib/OpenQA/WebAPI/ServerSideDataTable.pm line 33 ``` Happens with this for example: https://openqa.opensuse.org/admin/productlog?id=327913lala There are 4 places where OpenQA::WebAPI::ServerSideDataTable::render_response is used. ## Acceptance Criteria **AC1**: Parameters for the mentioned calls are validated