Details
-
Bug
-
Resolution: Fixed
-
Low
-
6.4.14, 7.2.7, 7.3.1
-
6.04
-
Severity 2 - Major
-
Description
Summary
JQL context validation can execute third-party JQL statements which can be expensive.
This is done as part of com.atlassian.jira.jql.operand.FunctionOperandHandler.validate method.
Environment
- JQL filter with 3rd party JQL providers: JQL-tricks, Script Runner, etc
Steps to Reproduce
- Install Script Runner (just an example)
- Create new JQL with following data and safe as a filter
issueFunction in subtasksOf('Project = "AG"') - Creare new board using the mentioned filter
- Load any issue
Expected Results
JQL will be not executed
Actual Results
JQL was executed
Notes
Potentially any JQL with long and complex statement will cause the problem. So we are aware of the following specific pattens in JQL:
- id in
- key in
- parent in
- filter in
- issue in
- issueFunction in
The following query will help you identifying those JQL function used as filter for Boards in your instance:
// list of Boards with JQL filters select rv."ID", rv."NAME", sr.reqcontent from searchrequest sr, "AO_60DB71_RAPIDVIEW" rv where rv."SAVED_FILTER_ID" = sr.id;
Workaround
None
Attachments
Issue Links
- causes
-
-
- Gathering Impact
-
- is caused by
-
-
- Closed
-
- is related to
-
-
- Closed
-
-
JRASERVER-60957 As a user of JIRA I do not want JQL context lookups to execute third-party JQL queries, timing out web requests
- Gathering Interest
- relates to
-
RUM-1354 Loading...