Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.0.4, 7.1.4
-
7
-
7
-
Severity 3 - Minor
-
Description
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
Summary
When querying /rest/api/latest/user/assignable/multiProjectSearch, it's possible to get an internal server error if the query parameters indicate to start at a higher number than the amount of users there are. For example if 24 users, and you try to startAt 25 it will fail.
Steps to Reproduce
Query a project that has a small number of assignable users with a larger number than exists. For example this was reproduced with <BASE_URL>/rest/api/latest/user/assignable/multiProjectSearch?projectKeys=WITI&startAt=100&maxResults=50 on a project that had 26 assignable users.
Expected Results
An empty set is returned.
Actual Results
The below JSON response is returned:
{
errorMessages: [
"Internal server error"
],
errors: { }
}
And an exception is thrown:
2016-05-18 15:33:23,390 http-bio-8443-exec-9 ERROR admin 931x5x1 1vl875a 0:0:0:0:0:0:0:1 /rest/api/latest/user/assignable/multiProjectSearch [c.a.j.rest.exception.ExceptionInterceptor] Returning internal server error in response java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at com.atlassian.plugins.rest.common.interceptor.impl.DispatchProviderHelper$ResponseOutInvoker$1.invoke(DispatchProviderHelper.java:192) ... 4 filtered at com.atlassian.jira.rest.exception.ExceptionInterceptor.intercept(ExceptionInterceptor.java:55) ... 1 filtered at com.atlassian.jira.rest.v2.issue.scope.RequestScopeInterceptor.intercept(RequestScopeInterceptor.java:39) ... 15 filtered at com.atlassian.plugins.rest.module.RestDelegatingServletFilter$JerseyOsgiServletContainer.doFilter(RestDelegatingServletFilter.java:154) ... 1 filtered at com.atlassian.plugins.rest.module.RestDelegatingServletFilter.doFilter(RestDelegatingServletFilter.java:68) ... 86 filtered at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:70) ... 16 filtered at com.atlassian.plugins.rest.module.servlet.RestSeraphFilter.doFilter(RestSeraphFilter.java:37) ... 74 filtered at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IndexOutOfBoundsException: start index (100) must not be greater than size (26) at com.google.common.base.Preconditions.checkPositionIndexes(Preconditions.java:383) at com.google.common.collect.ImmutableList.subList(ImmutableList.java:381) at com.google.common.collect.ImmutableList.subList(ImmutableList.java:61) at com.atlassian.jira.rest.v2.issue.UserResource.findBulkAssignableUsers(UserResource.java:960) ... 212 more
Notes
This appears to be due to not validating the startAt query parameter and the collection is called with a substring, so it throws an exception.
Attachments
Issue Links
- relates to
-
JRACLOUD-60765 REST API multiProjectSearch returns an Internal Server Error
- Closed