Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Search: Validate script query is run with a single script #29304

Merged
merged 1 commit into from Mar 30, 2018

Conversation

Projects
None yet
4 participants
@rjernst
Copy link
Member

commented Mar 29, 2018

The parsing code for script query currently silently skips by any tokens
it does not know about within its parsing loop. The only token it does
not catch is an array, which means passing multiple scripts in via an
array will cause the last script to be parsed, silently dropping
the others. This commit adds validation that arrays are not seen while
parsing.

Search: Validate script query is run with a single script
The parsing code for script query currently silently skips by any tokens
it does not know about within its parsing loop. The only token it does
not catch is an array, which means pasing multiple scripts in via an
array will cause the last script to be parsed and one, silently dropping
the others. This commit adds validation that arrays are not seen while
parsing.
@elasticmachine

This comment has been minimized.

Copy link
Collaborator

commented Mar 29, 2018

Pinging @elastic/es-search-aggs

@rjernst

This comment has been minimized.

Copy link
Member Author

commented Mar 29, 2018

@mayya-sharipova mayya-sharipova self-requested a review Mar 29, 2018

@mayya-sharipova
Copy link
Contributor

left a comment

+1 LGTM, tested with another script, works well

@rjernst rjernst merged commit 54f8f81 into elastic:master Mar 30, 2018

2 checks passed

CLA Commit author is a member of Elasticsearch
Details
elasticsearch-ci Build finished.
Details

@rjernst rjernst deleted the rjernst:script_query_parsing branch Mar 30, 2018

rjernst added a commit that referenced this pull request Mar 30, 2018

Search: Validate script query is run with a single script (#29304)
The parsing code for script query currently silently skips by any tokens
it does not know about within its parsing loop. The only token it does
not catch is an array, which means pasing multiple scripts in via an
array will cause the last script to be parsed and one, silently dropping
the others. This commit adds validation that arrays are not seen while
parsing.

jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Apr 3, 2018

Merge branch 'master' into align-thread-pool-info-cat-api
* master: (80 commits)
  Remove HTTP max content length leniency (elastic#29337)
  Begin moving XContent to a separate lib/artifact (elastic#29300)
  Java versions for ci (elastic#29320)
  Minor cleanup in the InternalEngine (elastic#29241)
  Clarify expectations of false positives/negatives (elastic#27964)
  Update docs on vertex ordering (elastic#27963)
  Revert "REST high-level client: add support for Indices Update Settings API (elastic#28892)" (elastic#29323)
  [test] remove Streamable serde assertions (elastic#29307)
  Improve query string docs (elastic#28882)
  fix query string example for boolean query (elastic#28881)
  Resolve unchecked cast warnings introduced with elastic#28892
  REST high-level client: add support for Indices Update Settings API (elastic#28892)
  Search: Validate script query is run with a single script (elastic#29304)
  [DOCS] Added info on WGS-84. Closes issue elastic#3590 (elastic#29305)
  Increase timeout on Netty client latch for tests
  Build: Use branch specific refspec sysprop for bwc builds (elastic#29299)
  TEST: trim unsafe commits before opening engine
  Move trimming unsafe commits from engine ctor to store (elastic#29260)
  Fix incorrect geohash for lat 90, lon 180 (elastic#29256)
  Do not load global state when deleting a snapshot (elastic#29278)
  ...

@colings86 colings86 added v7.0.0-beta1 and removed v7.0.0 labels Feb 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.