Bug 28383 - (bad_search_filter) Traceback bei nicht ungültigem Suchformular (Bad search filter)
(bad_search_filter)
Traceback bei nicht ungültigem Suchformular (Bad search filter)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Domain management (Generic)
UCS 3.0
Other Linux
: P5 minor (vote)
: UCS 4.0-0-errata
Assigned To: Florian Best
Dirk Wiesenthal
:
: 36956 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-31 11:17 CEST by Dirk Wiesenthal
Modified: 2016-03-11 08:34 CET (History)
5 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Error handling, Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2012-08-31 11:17:26 CEST
Wenn in der Navigation nach einem UDM-Objekttypen gesucht wird, der nicht in der Liste auftaucht (indem man einfach irgend etwas einträgt), und dann trotzdem in einem Container links sucht, kommt ein Traceback:

  File '/usr/lib/pymodules/python2.6/notifier/threads.py', line 82, in _run
    tmp = self._function()
  File '/usr/lib/pymodules/python2.6/notifier/__init__.py', line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/__init__.py', line 418, in _thread
    result = module.search( request.options.get( 'container' ), request.options[ 'objectProperty' ], request.options[ 'objectPropertyValue' ], superordinate, scope = request.options.get( 'scope', 'sub' ) )
  File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py', line 139, in wrapper_func
    ret = func( *args, **kwargs )
  File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py', line 403, in search
    return self.module.lookup( None, ldap_connection, filter_s, base = container, superordinate = superordinate, scope = scope )

AttributeError: 'NoneType' object has no attribute 'lookup'

Wenn man zwar einen ordentlichen Objekttypen angibt, aber irgend etwas falsches in dem Feld "Eigenschaft" angibt, kommt auch einer (ein anderer):

  File '/usr/lib/pymodules/python2.6/notifier/threads.py', line 82, in _run
    tmp = self._function()
  File '/usr/lib/pymodules/python2.6/notifier/__init__.py', line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/__init__.py', line 418, in _thread
    result = module.search( request.options.get( 'container' ), request.options[ 'objectProperty' ], request.options[ 'objectPropertyValue' ], superordinate, scope = request.options.get( 'scope', 'sub' ) )
  File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py', line 162, in wrapper_func
    raise LDAP_ConnectionError( str( e ) )

LDAP_ConnectionError: Bad search filter
Comment 1 Florian Best univentionstaff 2012-09-03 09:59:04 CEST
*** Bug 28384 has been marked as a duplicate of this bug. ***
Comment 2 Florian Best univentionstaff 2012-09-03 10:01:51 CEST
(In reply to comment #0)
> Wenn man zwar einen ordentlichen Objekttypen angibt, aber irgend etwas falsches
> in dem Feld "Eigenschaft" angibt, kommt auch einer (ein anderer):> LDAP_ConnectionError: Bad search filter
Das ist das Problem aus Bug #28384:
(In reply to comment #0)
> Momentan wird der objectPropertyValue wert nicht escaped, sodass eine Anfrage,
> die reservierte ldap suchfilter Zeichen (z.b: klammern () ) enthält schiefgeht.
> 
> {"container":"all","objectType":"users/user","objectProperty":"username","objectPropertyValue":"()"}
Comment 3 Alexander Kläser univentionstaff 2012-10-01 15:07:16 CEST
Stimmt, der Fehlerfall wird nicht abgefangen beim Auslesen des Formulars. Dort fehlt eine JS-seitige Prüfung auf get('status') um invalide Eingaben zu erkennen. Die entsprechende Suchanfrage sieht wie folgt aus:

{
   "options":{
      "objectType":"",
      "objectProperty":"None",
      "objectPropertyValue":"",
      "container":"cn=dhcp,dc=univention,dc=qa"
   },
   "flavor":"navigation"
}
Comment 4 Moritz Muehlenhoff univentionstaff 2013-05-31 10:45:21 CEST
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.
Comment 5 Florian Best univentionstaff 2014-05-27 10:51:59 CEST
We received the second traceback again (3.2-0 errata108 (Borgfeld)).
Comment 6 Florian Best univentionstaff 2014-10-06 10:19:06 CEST
reported again.
Comment 7 Florian Best univentionstaff 2014-11-20 14:47:46 CET
Reported 4 times again:

Remark:
List "Computers" in UMC

Remark:
Es wurde nach dem Drucker osvogd10 gesucht.
Comment 8 Florian Best univentionstaff 2014-11-24 10:53:22 CET
*** Bug 36956 has been marked as a duplicate of this bug. ***
Comment 9 Florian Best univentionstaff 2014-12-04 01:37:20 CET
Got it, both tracebacks can be reproduced:

First traceback:
curl 'http://10.200.27.5/umcp/command/udm/nav/object/query'  -H 'Content-Type: application/json' -H 'Cookie: UMCSessionId=420d1f50-7bea-40c3-b555-9e43d91e03ac;' --data-binary '{"options":{"objectType":"","objectProperty":"None","objectPropertyValue":"","container":"dc=ucs,dc=dev","hidden":true},"flavor":"navigation"}'

Second Traceback:
curl 'http://10.200.27.5/umcp/command/udm/nav/object/query' -H 'Content-Type: application/json' -H 'Cookie: UMCSessionId=4636b03a-3f70-4b10-87b8-338aaeaffc3b; ' --data-binary '{"options":{"objectType":"computers/computer","objectProperty":"asdf(","objectPropertyValue":"asdf","container":"dc=ucs,dc=dev","hidden":true},"flavor":"navigation"}'
Comment 10 Florian Best univentionstaff 2014-12-04 14:56:25 CET
umc-command -U Administrator -P univention udm/nav/object/query -f navigation -e -o '{"objectType":"","objectProperty":"None","objectPropertyValue":"","container":"dc=ucs,dc=dev","hidden":True}'

umc-command -U Administrator -P univention udm/nav/object/query -f navigation -e -o '{"objectType":"computers/computer","objectProperty":"asdf(","objectPropertyValue":"asdf","container":"dc=ucs,dc=dev","hidden":True}'
Comment 11 Florian Best univentionstaff 2014-12-08 11:36:31 CET
Bad search filter-TB was reported by 3.2-1 errata217 (Borgfeld).
Comment 12 Florian Best univentionstaff 2014-12-09 13:15:26 CET
The first traceback is now prevented via JS. After inserting a wrong object type the combobox resets the value to the first one. The backend fix is better done at Bug #37118 because it can occur in many various ways.
The second traceback is prevented in the backend by using sanitizers which prevent inserting invalid ldap attribute names.

Package: univention-management-console-module-udm (5.1.25-8)
YAML: 2014-11-25-univention-management-console-module-udm.yaml
Downgradeable to UCS 3.2-4: the JavaScript part: easy, backend: not necessary
Reproduceable: Comment #10
Comment 13 Dirk Wiesenthal univentionstaff 2015-01-07 17:27:27 CET
Works as expected. Not possible to provoke by the frontend, prevented by the backend anyway.
Comment 14 Janek Walkenhorst univentionstaff 2015-01-08 13:59:18 CET
http://errata.univention.de/ucs/4.0/18.html
Comment 15 Florian Best univentionstaff 2015-02-05 15:23:45 CET
(In reply to Florian Best from comment #7)
> Reported 4 times again:
> 
> Remark:
> List "Computers" in UMC
Amd now! I also understand how he provoked this. If there are a lot of objects and the search query is not yet finished answered, and the form not initialized this error occurred.
Comment 16 Florian Best univentionstaff 2015-07-07 14:10:42 CEST
Reported again, 3.2-5 errata340 (Borgfeld).

(In reply to Florian Best from comment #15)
> > Reported 4 times again:
> > Remark:
> > List "Computers" in UMC
> I also understand how he provoked this. If there are a lot of
> objects and the search query is not yet finished answered, and the form not
> initialized this error occurred.
yes, the following remark also shows this:

Remark:
Diese Fehler passiert fast immer nur beim ersten Aufruf des Rechner-Tabs, nach der Anmeldung an der UMC. Beim erneuten Suchvorgang kommt die Fehlermeldung nicht.
Comment 17 Florian Best univentionstaff 2016-03-11 08:34:39 CET
Reported again, 3.2-3 errata181 (Borgfeld)