Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-60765

REST API multiProjectSearch returns an Internal Server Error

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      Summary

      When querying /rest/api/latest/user/assignable/multiProjectSearch, it's possible to get an internal server error if the query parameters indicate to start at a higher number than the amount of users there are. For example if 24 users, and you try to startAt 25 it will fail.

      Steps to Reproduce

      Query a project that has a small number of assignable users with a larger number than exists. For example this was reproduced with <BASE_URL>/rest/api/latest/user/assignable/multiProjectSearch?projectKeys=WITI&startAt=100&maxResults=50 on a project that had 26 assignable users.

      Expected Results

      An empty set is returned.

      Actual Results

      The below JSON response is returned:

      {
errorMessages: [
"Internal server error"
],
errors: { }
}

      And an exception is thrown:

      2016-05-18 15:33:23,390 http-bio-8443-exec-9 ERROR admin 931x5x1 1vl875a 0:0:0:0:0:0:0:1 /rest/api/latest/user/assignable/multiProjectSearch [c.a.j.rest.exception.ExceptionInterceptor] Returning internal server error in response
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at com.atlassian.plugins.rest.common.interceptor.impl.DispatchProviderHelper$ResponseOutInvoker$1.invoke(DispatchProviderHelper.java:192)
	... 4 filtered
	at com.atlassian.jira.rest.exception.ExceptionInterceptor.intercept(ExceptionInterceptor.java:55)
	... 1 filtered
	at com.atlassian.jira.rest.v2.issue.scope.RequestScopeInterceptor.intercept(RequestScopeInterceptor.java:39)
	... 15 filtered
	at com.atlassian.plugins.rest.module.RestDelegatingServletFilter$JerseyOsgiServletContainer.doFilter(RestDelegatingServletFilter.java:154)
	... 1 filtered
	at com.atlassian.plugins.rest.module.RestDelegatingServletFilter.doFilter(RestDelegatingServletFilter.java:68)
	... 86 filtered
	at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:70)
	... 16 filtered
	at com.atlassian.plugins.rest.module.servlet.RestSeraphFilter.doFilter(RestSeraphFilter.java:37)
	... 74 filtered
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IndexOutOfBoundsException: start index (100) must not be greater than size (26)
	at com.google.common.base.Preconditions.checkPositionIndexes(Preconditions.java:383)
	at com.google.common.collect.ImmutableList.subList(ImmutableList.java:381)
	at com.google.common.collect.ImmutableList.subList(ImmutableList.java:61)
	at com.atlassian.jira.rest.v2.issue.UserResource.findBulkAssignableUsers(UserResource.java:960)
	... 212 more

      Notes

      This appears to be due to not validating the startAt query parameter and the collection is called with a substring, so it throws an exception.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-60765 REST API multiProjectSearch returns an Internal Server Error

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              35e9a5a18bd1 Vit Novak
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: