Closed Bug 642580 Opened 13 years ago Closed 13 years ago

500 Internal Server Errors on /query with malformed/unsanitized queries

Categories

(Socorro :: Webapp, task)

Product:
Socorro
Component:
Webapp
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: stephend, Unassigned)

References

(
URL
)

Details

(Whiteboard: [fuzzer])

Attachments

(3 files)

List of URLs
83.50 KB, text/plain
Details
check params and query result
2.43 KB, patch
ryansnyder
: review+
Details | Diff | Splinter Review
Post-fix screenshot
91.77 KB, image/png
Details
Attached file List of URLs 
STR:

1. Either load any of the URLs in the attachment, or enter "https://crash-stats.stage.mozilla.com/query" into the "Target URL" field of PowerFuzzer (http://www.powerfuzzer.com/)
2. Hit Enter or "Scan" in PowerFuzzer
Flags: in-testsuite?
Bug 641879 lets these queries get a little further, the new failures are all along the lines of:

"""
2011-03-17 13:40:46 -07:00 --- error: [5xx Error] File: application/libraries/drivers/Database/Pgsql.php; Line: 74; Message: pg_query(): Query failed: ERROR:  syntax error at or near ")"
LINE 3: ...oduct = 'on')) AND (branches.branch = '2.0') AND () AND  rep...
"""

We should make sure we're doing validation on the user-supplied data, and also ensure that all required fields are present before building the query.
Assignee: nobody → rhelmer
Status: NEW → ASSIGNED
* fix previous patch, return value not key
* check all non-free-form queries against acceptable array
* check for reports.product result before building SQL

It looks like we're sanity-checking the contents of user input (Kohana does this) and using db->escape(), so I think we're ok there, this looks like we just don't handle missing or nonsensical query parameters well (alternatively to any of this we could just throw an error, but sanity-checking and falling back to reasonable defaults is a little nicer to users who might tweak the URL).
Attachment #520054 - Flags: review?(ryan)
Attachment #520054 - Flags: review?(ryan) → review+
Committed revision 3025.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
This is live on stage now too.
Verified FIXED; thanks!
Status: RESOLVED → VERIFIED
Component: Socorro → General
Product: Webtools → Socorro
Assignee: rhelmer → nobody
Component: General → Webapp
QA Contact: socorro → webapp
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: