diff --git a/lib/api/apiUtils/bucket/parseLikeExpression.js b/lib/api/apiUtils/bucket/parseLikeExpression.js index d5fc2a6c3a..0b85cfa6d8 100644 --- a/lib/api/apiUtils/bucket/parseLikeExpression.js +++ b/lib/api/apiUtils/bucket/parseLikeExpression.js @@ -13,7 +13,7 @@ function parseLikeExpression(regex) { } const pattern = split.slice(1, split.length - 1).join('/'); const regexOpt = split[split.length - 1]; - return { $regex: pattern, $options: regexOpt }; + return { $regex: new RegExp(pattern), $options: regexOpt }; } module.exports = parseLikeExpression; diff --git a/lib/api/bucketGet.js b/lib/api/bucketGet.js index d76d816cd8..d98ab7a7ec 100644 --- a/lib/api/bucketGet.js +++ b/lib/api/bucketGet.js @@ -283,7 +283,16 @@ function bucketGet(authInfo, request, log, callback) { } if (params.search !== undefined) { log.info('performaing search listing', { search: params.search }); - listParams.mongifiedSearch = parseWhere(validatedAst); + try { + listParams.mongifiedSearch = parseWhere(validatedAst); + } catch (err) { + log.debug(err.message, { + stack: err.stack, + }); + return callback(errors.InvalidArgument + .customizeDescription('Invalid sql where clause ' + + 'sent as search query')); + } } return services.getObjectListing(bucketName, listParams, log, (err, list) => { diff --git a/tests.bash b/tests.bash index a128ef3b1e..b197cc8844 100644 --- a/tests.bash +++ b/tests.bash @@ -134,25 +134,25 @@ then killandsleep 8000 - # Run with mongdb backend ; run ft_tests + # Run with mongdb backend ; run ft_tests - S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_awssdk.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file npm run ft_awssdk + S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_awssdk.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file S3METADATA=mongodb npm run ft_awssdk killandsleep 8000 - S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_s3cmd.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file npm run ft_s3cmd + S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_s3cmd.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file S3METADATA=mongodb npm run ft_s3cmd killandsleep 8000 - - S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_s3curl.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file npm run ft_s3curl + + S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_s3curl.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file S3METADATA=mongodb npm run ft_s3curl killandsleep 8000 - S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_healthchecks.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file npm run ft_healthchecks + S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_healthchecks.txt & bash wait_for_local_port.bash 8000 40 && S3DATA=file S3METADATA=mongodb npm run ft_healthchecks killandsleep 8000 - S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_management.txt & bash wait_for_local_port.bash 8000 40 && npm run ft_management + S3BACKEND=mem MPU_TESTING=yes S3METADATA=mongodb npm start > $CIRCLE_ARTIFACTS/server_mongodb_management.txt & bash wait_for_local_port.bash 8000 40 && S3METADATA=mongodb npm run ft_management killandsleep 8000 diff --git a/tests/functional/aws-node-sdk/test/mdSearch/basicSearch.js b/tests/functional/aws-node-sdk/test/mdSearch/basicSearch.js index d544f3bd11..6e894bd7f2 100644 --- a/tests/functional/aws-node-sdk/test/mdSearch/basicSearch.js +++ b/tests/functional/aws-node-sdk/test/mdSearch/basicSearch.js @@ -120,7 +120,7 @@ runIfMongo('Search when no objects in bucket', () => { }); runIfMongo('Invalid regular expression searches', () => { - const bucketName = `noobjectbucket${Date.now()}`; + const bucketName = `badregex-${Date.now()}`; before(done => { s3Client.createBucket({ Bucket: bucketName }, done); }); @@ -132,18 +132,8 @@ runIfMongo('Invalid regular expression searches', () => { it('should return error if pattern is invalid', done => { const encodedSearch = encodeURIComponent('key LIKE "/((helloworld/"'); const testError = { - code: 'InternalError', - message: 'We encountered an internal error. Please try again.', - }; - return runAndCheckSearch(s3Client, bucketName, - encodedSearch, testError, done); - }); - - it('should return error if regex flag is invalid', done => { - const encodedSearch = encodeURIComponent('key LIKE "/((helloworld/ii"'); - const testError = { - code: 'InternalError', - message: 'We encountered an internal error. Please try again.', + code: 'InvalidArgument', + message: 'Invalid sql where clause sent as search query', }; return runAndCheckSearch(s3Client, bucketName, encodedSearch, testError, done); diff --git a/tests/unit/api/parseLikeExpression.js b/tests/unit/api/parseLikeExpression.js index e4663a09f5..469b6a8df7 100644 --- a/tests/unit/api/parseLikeExpression.js +++ b/tests/unit/api/parseLikeExpression.js @@ -14,11 +14,11 @@ describe('parseLikeExpression', () => { }, { input: '/ice-cream-cone/', - output: { $regex: 'ice-cream-cone', $options: '' }, + output: { $regex: /ice-cream-cone/, $options: '' }, }, { input: '/ice-cream-cone/i', - output: { $regex: 'ice-cream-cone', $options: 'i' }, + output: { $regex: /ice-cream-cone/, $options: 'i' }, }, { input: 'an/ice-cream-cone/', @@ -26,7 +26,7 @@ describe('parseLikeExpression', () => { }, { input: '///', - output: { $regex: '/', $options: '' }, + output: { $regex: /\//, $options: '' }, }, ]; tests.forEach(test => it('should return correct MongoDB query object: ' +