honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20515 from areek/fix/query_validation 

Fix silently accepting malformed queries
This commit is contained in:
Areek Zillur 2016-09-15 16:53:17 -04:00 committed by GitHub
parent 2233d48235 bdad62a2f8
commit 8c12b7c3b6
4 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/main/java/org/elasticsearch/index/query/QueryParseContext.java
View File

@ -130,6 +130,10 @@ public class QueryParseContext implements ParseFieldMatcherSupplier {
"[" + queryName + "] malformed query, expected [END_OBJECT] but found [" + parser.currentToken() + "]");
}
parser.nextToken();
if (parser.currentToken() == XContentParser.Token.FIELD_NAME) {
throw new ParsingException(parser.getTokenLocation(),
"[" + queryName + "] malformed query, unexpected [FIELD_NAME] found [" + parser.currentName() + "]");
}
return result;
}

2
core/src/test/java/org/elasticsearch/index/query/BoolQueryBuilderTests.java
View File

@ -370,7 +370,7 @@ public class BoolQueryBuilderTests extends AbstractQueryTestCase<BoolQueryBuilde
String query = "{\"bool\" : {\"" + clauseType
+ "\" : { \"match\" : { \"foo\" : \"bar\" } , \"match\" : { \"baz\" : \"buzz\" } } } }";
ParsingException ex = expectThrows(ParsingException.class, () -> parseQuery(query, ParseFieldMatcher.EMPTY));
assertEquals("expected [END_OBJECT] but got [FIELD_NAME], possibly too many query clauses", ex.getMessage());
assertEquals("[match] malformed query, unexpected [FIELD_NAME] found [match]", ex.getMessage());
}
public void testRewrite() throws IOException {

2
core/src/test/java/org/elasticsearch/index/query/functionscore/FunctionScoreQueryBuilderTests.java
View File

@ -715,7 +715,7 @@ public class FunctionScoreQueryBuilderTests extends AbstractQueryTestCase<Functi
" }\n" +
" }\n" +
"}";
expectParsingException(json, "[query] is already defined.");
expectParsingException(json, equalTo("[bool] malformed query, unexpected [FIELD_NAME] found [ignored_field_name]"));
}
private void expectParsingException(String json, Matcher<String> messageMatcher) {

22
core/src/test/java/org/elasticsearch/search/builder/SearchSourceBuilderTests.java
View File

@ -21,6 +21,7 @@ package org.elasticsearch.search.builder;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.common.ParseFieldMatcher;
import org.elasticsearch.common.ParsingException;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.io.stream.BytesStreamOutput;
@ -422,6 +423,27 @@ public class SearchSourceBuilderTests extends ESTestCase {
}
}
public void testInvalid() throws Exception {
String restContent = " { \"query\": {\n" +
" \"multi_match\": {\n" +
" \"query\": \"workd\",\n" +
" \"fields\": [\"title^5\", \"plain_body\"]\n" +
" },\n" +
" \"filters\": {\n" +
" \"terms\": {\n" +
" \"status\": [ 3 ]\n" +
" }\n" +
" }\n" +
" } }";
try (XContentParser parser = XContentFactory.xContent(restContent).createParser(restContent)) {
SearchSourceBuilder.fromXContent(createParseContext(parser),
searchRequestParsers.aggParsers, searchRequestParsers.suggesters, searchRequestParsers.searchExtParsers);
fail("invalid query syntax multiple keys under query");
} catch (ParsingException e) {
assertThat(e.getMessage(), containsString("filters"));
}
}
public void testParseSort() throws IOException {
{
String restContent = " { \"sort\": \"foo\"}";