Bug 34276 - "udm --filter" ignores syntax errors in filter string
"udm --filter" ignores syntax errors in filter string
Product: UCS
Classification: Unclassified
Component: UDM - CLI
UCS 4.2
All Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Johannes Keiser
Florian Best
Depends on:
  Show dependency treegraph
Reported: 2014-03-06 13:34 CET by Philipp Hahn
Modified: 2017-07-05 13:06 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup, Error handling, Usability
Max CVSS v3 score:
best: Patch_Available+

patch (927 bytes, patch)
2015-06-10 17:27 CEST, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-03-06 13:34:36 CET
# udm users/user list --filter '(&(uid=Administrator)' | grep -c ^DN
# udm users/user list --filter '(&(uid=Administrator))' | grep -c ^DN

Notice the missing second closing parenthesis, which leads UDM to output all users instead of the only expected one.
On the other hand there already seems to be some syntax checking in place:

# udm users/user list --filter '(&(uid='
Bad search filter
Comment 1 Philipp Hahn univentionstaff 2014-04-10 18:52:15 CEST
The listener has its own code, which also evaluates the filter wrong: Bug #28646
Comment 2 Florian Best univentionstaff 2015-06-10 17:00:10 CEST
I implemented the syntax class ldapFilter which is able to validate correctness of a filter. (univention.admin.filter.parse is very broken).
Comment 3 Florian Best univentionstaff 2015-06-10 17:27:52 CEST
Created attachment 6953 [details]

patch will result in:
# udm users/user list --filter '(&(uid=Administrator)'
Not a valid LDAP search filter.
Comment 4 Johannes Keiser univentionstaff 2017-06-30 17:33:39 CEST
(In reply to Florian Best from comment #3)
> Created attachment 6953 [details]
> patch
> patch will result in:
> # udm users/user list --filter '(&(uid=Administrator)'
> Not a valid LDAP search filter.

Applied rebased patch:

r 80745
univention-directory-manager-modules (12.0.17-44) 
* Bug #34276: Applied patch from Florian Best - Improve syntax check for
udm --filter

YAML: r 80746
Comment 5 Florian Best univentionstaff 2017-07-03 12:23:48 CEST
OK: valid search filters are still detected
OK: invalid search filters are rejected

# udm users/user list --filter '(&(uid=Administrator)'
Not a valid LDAP search filter.
# echo $?
Comment 6 Janek Walkenhorst univentionstaff 2017-07-05 13:06:11 CEST