User search REST endpoint does not trim input or apply minimum input length restrictions

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 5.8.0, 7.6.0
    • Component/s: User Management - LDAP
    • 1
    • Severity 2 - Major
    • 0

      Issue Summary

      By issuing a user search with multiple spaces it is possible to put high load on the database server.

      Steps to Reproduce

      Submit a REST request to

      /rest/api/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/permissions/users/none?start=0&filter={MY_FILTER}

      or 

      /rest/ui/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/reviewer-groups?avatarSize=32&permission=LICENSED_USER&permission.1=REPO_READ&permission.1.repositoryId=1&start=0&filter={MY_FILTER}

       where MY_FILTER is short, or padded by whitespace

      Expected Results

      No requests made to the DB as the filter is very short.

      Actual Results

      The request is made to the DB, and the filter is not trimmed.

       

      This was split from https://jira.atlassian.com/browse/BSERV-12650 and represents fixing the backend component of that bug

            Assignee:
            Unassigned
            Reporter:
            Kristy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: