Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
8.9.0, 8.18.0
-
Severity 3 - Minor
-
Description
Issue Summary
The fromHash field isn't validated in the Add pull request comment REST API query.
This is reproducible on Data Center: (yes) / (no)
Steps to Reproduce
- Create a PR on the Bitbucket UI
- Try to add a comment via the REST API.
Expected Results
Adding an invalid fromHash should show an error.
Actual Results
Adding an invalid fromHash makes no difference and a commit is added based on the toHash:
ajaitly@hostname ~ % curl -X POST -H 'content-type: application/json' --user "admin" https://instenv-257291-bblr.instenv.internal.atlassian.com/rest/api/1.0/projects/FIR/repos/avengers-repo/pull-requests/5/comments -d '{"text": "test comment for pull request number 5", "anchor": {"path": "README.md", "line": 1, "fileType": "TO", "diffType": "COMMIT", "fromHash": "helloworld", "toHash": "16ac6cd895bcc841256ccd5e05fdd70b66ae5d66"}}' Enter host password for user 'admin': {"properties":{"repositoryId":13},"id":43,"version":0,"text":"test comment for pull request number 5","author":{"name":"admin","emailAddress":"admin@admin.com","active":true,"displayName":"Ansible Admin","id":2,"slug":"admin","type":"NORMAL","links":{"self":[{"href":"https://instenv-257291-bblr.instenv.internal.atlassian.com/users/admin"}]}},"createdDate":1711869462381,"updatedDate":1711869462381,"comments":[],"threadResolved":false,"severity":"NORMAL","state":"OPEN","permittedOperations":{"editable":true,"transitionable":true,"deletable":true}}%
Not adding a toHash however, gives an error message:
ajaitly@hostname ~ % curl -X POST -H 'content-type: application/json' --user "admin" https://instenv-257291-bblr.instenv.internal.atlassian.com/rest/api/1.0/projects/FIR/repos/avengers-repo/pull-requests/5/comments -d '{"text": "test comment for pull request number 5", "anchor": {"path": "README.md", "line": 1, "fileType": "TO", "diffType": "COMMIT", "fromHash": "helloworld"}}' Enter host password for user 'admin': {"errors":[{"context":null,"message":"The toHash must be provided when adding a comment to a COMMIT diff.","exceptionName":"com.atlassian.bitbucket.validation.ArgumentValidationException"}]}%
Not adding the fromHash field however breaks the PR page and none of the tabs including Overview, Diff, Commits etc are accessible. This is detailed in the below FR ticket:
It looks like the fromHash is only checked if it's a diffType=RANGE comment. If diffType=COMMIT, only toHash is checked. I think via the UI, one can't do a RANGE comment.
https://stash.atlassian.com/projects/STASH/repos/stash/browse/service-impl/src/main/ja[…]atlassian/stash/internal/comment/DefaultCommentService.java
- But if fromHash is a required field even in "diffType": "COMMIT", shouldn't it be validated too?
Workaround
Add valid fromHash and toHash fields in the API query.