Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
8.5.16, 8.17.1, 8.13.9, 8.18.1, 8.20.11
-
None
-
8.05
-
5
-
Severity 3 - Minor
-
1
-
Description
Issue Summary
OfBiz library used by Jira to communicate with databases doesn't sanitize NUL characters. Some databases don't handle NUL characters and throw exceptions which causes various bugs across Jira.
Example of such exception:
2015-12-18 10:26:30,458 Caesium-1-2 WARN anonymous my-mail-handler [c.a.mail.incoming.mailfetcherservice] my-mail-handler[10101]: Unable to create issue with message. com.atlassian.jira.exception.CreateException: com.atlassian.jira.workflow.WorkflowException: org.ofbiz.core.entity.GenericEntityException: while inserting: [GenericEntity:Issue][summary,Hello!][watches,0][creator,testuser][created,2015-12-18 10:26:30.453][timespent,null][timeoriginalestimate,null][project,10000][description,Test. Some NULL values ahead:end of message 2015-12-18 10:26:30.460736500 ][reporter,testuser][type,3][priority,3][number,311][environment,null][security,null][timeestimate,null][duedate,null][resolutiondate,null][votes,0][assignee,sysadmin][id,17907][updated,2015-12-18 10:26:30.453][workflowId,17907][status,1] (SQL Exception while executing the following:INSERT INTO public.jiraissue (ID, pkey, issuenum, PROJECT, REPORTER, ASSIGNEE, CREATOR, issuetype, SUMMARY, DESCRIPTION, ENVIRONMENT, PRIORITY, RESOLUTION, issuestatus, CREATED, UPDATED, DUEDATE, RESOLUTIONDATE, VOTES, WATCHES, TIMEORIGINALESTIMATE, TIMEESTIMATE, TIMESPENT, WORKFLOW_ID, SECURITY, FIXFOR, COMPONENT) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (ERROR: invalid byte sequence for encoding "UTF8": 0x00 Hint: This error can also happen if the byte sequence does not match the encoding expected by the server, which is controlled by "client_encoding".)) at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:546) at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssueObject(DefaultIssueManager.java:635) at com.atlassian.jira.service.util.handler.DefaultMessageHandlerContext.createIssueWithIssueManager(DefaultMessageHandlerContext.java:248) at com.atlassian.jira.service.util.handler.DefaultMessageHandlerContext.createIssue(DefaultMessageHandlerContext.java:166) at com.atlassian.jira.service.services.mail.DelegatingMessageHandlerContext.createIssue(DelegatingMessageHandlerContext.java:43) at com.atlassian.jira.plugins.mail.handlers.CreateIssueHandler.handleMessage(CreateIssueHandler.java:265) at com.atlassian.jira.plugins.mail.handlers.CreateOrCommentHandler.handleMessage(CreateOrCommentHandler.java:133) at com.atlassian.jira.service.services.mail.MailFetcherService$1.process(MailFetcherService.java:381) at com.atlassian.jira.service.services.mail.MailFetcherService$MessageProviderImpl.getAndProcessMail(MailFetcherService.java:260) at com.atlassian.jira.service.services.mail.MailFetcherService.runImpl(MailFetcherService.java:371) at com.atlassian.jira.service.services.file.AbstractMessageHandlingService.run(AbstractMessageHandlingService.java:229) at com.atlassian.jira.service.JiraServiceContainerImpl.run(JiraServiceContainerImpl.java:61) at com.atlassian.jira.service.ServiceRunner.runService(ServiceRunner.java:62) at com.atlassian.jira.service.ServiceRunner.runServiceId(ServiceRunner.java:44) at com.atlassian.jira.service.ServiceRunner.runJob(ServiceRunner.java:32) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:153) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:118) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:97) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:453) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJob(CaesiumSchedulerService.java:447) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:394) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService$1.consume(CaesiumSchedulerService.java:279) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService$1.consume(CaesiumSchedulerService.java:275) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:78) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:70) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:40) at java.lang.Thread.run(Thread.java:745)
Steps to Reproduce
1. Prepare input data with NUL characters
2. Pass prepared data as input for Jira.
Expected Results
Database exceptions are not thrown from Jira. Jira throws meaningful exceptions or sanitizes NUL characters
Actual Results
Database exceptions are thrown from Jira:
Caused by: org.ofbiz.core.entity.GenericDataSourceException: SQL Exception while executing the following:INSERT INTO public.jiraissue (ID, pkey, issuenum, PROJECT, REPORTER, ASSIGNEE, CREATOR, issuetype, SUMMARY, DESCRIPTION, ENVIRONMENT, PRIORITY, RESOLUTION, issuestatus, CREATED, UPDATED, DUEDATE, RESOLUTIONDATE, VOTES, WATCHES, TIMEORIGINALESTIMATE, TIMEESTIMATE, TIMESPENT, WORKFLOW_ID, SECURITY, FIXFOR, COMPONENT) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (ERROR: invalid byte sequence for encoding "UTF8": 0x00) at org.ofbiz.core.entity.jdbc.SQLProcessor.executeUpdate(SQLProcessor.java:686) at org.ofbiz.core.entity.GenericDAO.singleInsert(GenericDAO.java:206) ... 41 more
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
