Skip to content

Commit

Permalink
Merge pull request #537 from NASA-PDS/522-log-injection
Browse files Browse the repository at this point in the history 
whitespace-sanitize user-provided query string value
  • Loading branch information
@alexdunnjpl
alexdunnjpl committed Sep 11, 2024
2 parents fae80d7 + b521cfe commit 6166f65
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion service/src/main/java/gov/nasa/pds/api/registry/search/RegistrySearchRequestBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import org.antlr.v4.runtime.tree.ParseTreeWalker;
import org.antlr.v4.runtime.RecognitionException;
import org.antlr.v4.runtime.misc.ParseCancellationException;
import org.apache.commons.lang3.StringUtils;
import org.opensearch.client.opensearch._types.FieldSort;
import org.opensearch.client.opensearch._types.FieldValue;
import org.opensearch.client.opensearch._types.SortOptions;
Expand Down Expand Up @@ -339,7 +340,7 @@ public RegistrySearchRequestBuilder constrainByQueryString(String q) throws Unpa
}
return this;
} catch (RecognitionException | ParseCancellationException e) {
log.info("Unable to parse q " + q + "error message is " + e);
log.info("Unable to parse q " + StringUtils.normalizeSpace(q) + "error message is " + e);
throw new UnparsableQParamException(
"q string value:" + q + " Error message " + e.getMessage());
}
Expand Down

0 comments on commit 6166f65

Please sign in to comment.