Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-13076

User search REST endpoint does not trim input or apply minimum input length restrictions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 5.8.0, 7.6.0
    • User Management - LDAP

      Issue Summary

      By issuing a user search with multiple spaces it is possible to put high load on the database server.

      Steps to Reproduce

      Submit a REST request to

      /rest/api/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/permissions/users/none?start=0&filter={MY_FILTER}

      or 

      /rest/ui/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/reviewer-groups?avatarSize=32&permission=LICENSED_USER&permission.1=REPO_READ&permission.1.repositoryId=1&start=0&filter={MY_FILTER}

       where MY_FILTER is short, or padded by whitespace

      Expected Results

      No requests made to the DB as the filter is very short.

      Actual Results

      The request is made to the DB, and the filter is not trimmed.

       

      This was split from https://jira.atlassian.com/browse/BSERV-12650 and represents fixing the backend component of that bug

              Unassigned Unassigned
              khughes@atlassian.com Kristy
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: