Uploaded image for project: 'RAML Module Builder'
  1. RAML Module Builder
  2. RMB-534

Reject CQL queries that match no index in schema.json

    XMLWordPrintable

Details

    • New Feature
    • Status: Open (View Workflow)
    • P3
    • Resolution: Unresolved
    • None
    • None
    • CP: Non-roadmap backlog
    • Core: Platform

    Description

      We've had warnings for some time, but since that's not relayed back to a client this
      has not prevented slow queries from popping up.

      This also allows some endpoint to return a list of valid indexes and relations allowed.

      Since users can use arbitrary fields and, thus, cause RMB-based modules to perform sequental scan, this is a very easy to perform denial-of-service attack.. Inventory front-end has the "Query search" slot where the user can enter any CQL: https://folio-snapshot.aws.indexdata.com/inventory?qindex=querySearch&sort=Title

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                adam Adam Dickmeiss
                Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                  Created:
                  Updated:

                  TestRail: Runs

                    TestRail: Cases