New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vue: validate search queries #40

Open

rimutaka opened this issue Jun 12, 2022 · 0 comments

Labels

bug

Member

rimutaka commented Jun 12, 2022 •

edited

Loading

A search query with unexpected input results in the hard error on the server and an error returned in GQL response.

E.g. searching for syst em returns ES query failed. See server logs. because it is failed here:

    // validate field_value for possible no-sql injection
    if NO_SQL_STRING_INVALIDATION_REGEX.is_match(&starts_with) {
        error!("Invalid starts_with: {}", starts_with);
        return Err(());
    }

The values should be validated on the client and then on the server before they even make it to ES part.

Relates to #30

The text was updated successfully, but these errors were encountered:

rimutaka added the bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment