Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-67570

JQL context validation can execute third-party JQL statements which can be expensive

XMLWordPrintable

      Summary

      JQL context validation can execute third-party JQL statements which can be expensive.
      This is done as part of com.atlassian.jira.jql.operand.FunctionOperandHandler.validate method.

      Environment

      • JQL filter with 3rd party JQL providers: JQL-tricks, Script Runner, etc

      Steps to Reproduce

      1. Install Script Runner (just an example)
      2. Create new JQL with following data and safe as a filter 
        issueFunction in subtasksOf('Project = "AG"')
      3. Creare new board using the mentioned filter
      4. Load any issue

      Expected Results

      JQL will be not executed

      Actual Results

      JQL was executed

      Notes

      Potentially any JQL with long and complex statement will cause the problem. So we are aware of the following specific pattens in JQL:

      • id in
      • key in
      • parent in
      • filter in
      • issue in
      • issueFunction in

      The following query will help you identifying those JQL function used as filter for Boards in your instance:

      // list of Boards with JQL filters
 select rv."ID", rv."NAME", sr.reqcontent from searchrequest sr, "AO_60DB71_RAPIDVIEW" rv where rv."SAVED_FILTER_ID" = sr.id;

      Workaround

      None

              Unassigned Unassigned
              ayakovlev@atlassian.com Andriy Yakovlev [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: