Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-13076

User search REST endpoint does not trim input or apply minimum input length restrictions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Low
    • None
    • 5.8.0, 7.6.0
    • User Management - LDAP

    Description

      Issue Summary

      By issuing a user search with multiple spaces it is possible to put high load on the database server.

      Steps to Reproduce

      Submit a REST request to

      /rest/api/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/permissions/users/none?start=0&filter={MY_FILTER}

      or 

      /rest/ui/latest/projects/{PROJECT_KEY}/repos/{REPO_SLUG}/reviewer-groups?avatarSize=32&permission=LICENSED_USER&permission.1=REPO_READ&permission.1.repositoryId=1&start=0&filter={MY_FILTER}

       where MY_FILTER is short, or padded by whitespace

      Expected Results

      No requests made to the DB as the filter is very short.

      Actual Results

      The request is made to the DB, and the filter is not trimmed.

       

      This was split from https://jira.atlassian.com/browse/BSERV-12650 and represents fixing the backend component of that bug

      Attachments

        Issue Links

          split from

          Bug - A problem which impairs or prevents the functions of the product. BSERV-12650 Typing a space or more into the user picker can result in heavy DB load

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              khughes@atlassian.com Kristy
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: