Uploaded image for project: 'mod-inventory-storage'
  1. mod-inventory-storage
  2. MODINVSTOR-293

CQL identifiers=")" fails with "invalid regular expression: parentheses () not balanced" SQL Injection

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      CP: sprint 65
    • Story Points:
      1
    • Development Team:
      Core: Platform

      Description

      The CQL query

      identifiers=")"
      

      is valid, parentheses need no masking inside of quotes.
      Apply urlencoding:

      identifiers%3D%22%29%22
      

      Invoke curl:

      curl -H "X-Okapi-Tenant: diku"  http://localhost:8081/instance-storage/instances?query=identifiers%3D%22%29%22
      

      There is SQL injection resulting in this error message:

      ErrorMessage(fields=Map(Line -> 208, File -> regexp.c, SQLSTATE -> 2201B, Routine -> RE_compile_and_cache, V -> ERROR, Message -> invalid regular expression: parentheses () not balanced, Severity -> ERROR))
      

      This is the produced SQL:

      WHERE lower(f_unaccent(instance.jsonb->>'identifiers')) ~ lower(f_unaccent('(^|[[:punct:]]|[[:space:]]|(?=[[:punct:]]|[[:space:]])))($|[[:punct:]]|[[:space:]]|(?<=[[:punct:]]|[[:space:]]))')) LIMIT 10 OFFSET 0
      

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                julianladisch Julian Ladisch
                Reporter:
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases