User search REST endpoint does not trim input or apply minimum input length restrictions

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 5.8.0, 7.6.0
    • Component/s: User Management - LDAP
    • 1
    • Severity 2 - Major
    • 0

      Issue Summary

      By issuing a user search with multiple spaces it is possible to put high load on the database server.

      Steps to Reproduce

      Submit a REST request to

      /rest/api/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/permissions/users/none?start=0&filter={MY_FILTER}

      or 

      /rest/ui/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/reviewer-groups?avatarSize=32&permission=LICENSED_USER&permission.1=REPO_READ&permission.1.repositoryId=1&start=0&filter={MY_FILTER}

       where MY_FILTER is short, or padded by whitespace

      Expected Results

      No requests made to the DB as the filter is very short.

      Actual Results

      The request is made to the DB, and the filter is not trimmed.

       

      This was split from https://jira.atlassian.com/browse/BSERV-12650 and represents fixing the backend component of that bug

              Assignee:
              Unassigned
              Reporter:
              Kristy
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: