Search: Validate script query is run with a single script #29304
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The parsing code for script query currently silently skips by any tokens it does not know about within its parsing loop. The only token it does not catch is an array, which means pasing multiple scripts in via an array will cause the last script to be parsed and one, silently dropping the others. This commit adds validation that arrays are not seen while parsing.
rjernst
added
>bug
:Search/Search
|
Pinging @elastic/es-search-aggs |
|
found in this discuss issue: |
mayya-sharipova
approved these changes
Mar 29, 2018
rjernst
added a commit
that referenced
this pull request
Mar 30, 2018
The parsing code for script query currently silently skips by any tokens it does not know about within its parsing loop. The only token it does not catch is an array, which means pasing multiple scripts in via an array will cause the last script to be parsed and one, silently dropping the others. This commit adds validation that arrays are not seen while parsing.
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Apr 3, 2018
* master: (80 commits) Remove HTTP max content length leniency (elastic#29337) Begin moving XContent to a separate lib/artifact (elastic#29300) Java versions for ci (elastic#29320) Minor cleanup in the InternalEngine (elastic#29241) Clarify expectations of false positives/negatives (elastic#27964) Update docs on vertex ordering (elastic#27963) Revert "REST high-level client: add support for Indices Update Settings API (elastic#28892)" (elastic#29323) [test] remove Streamable serde assertions (elastic#29307) Improve query string docs (elastic#28882) fix query string example for boolean query (elastic#28881) Resolve unchecked cast warnings introduced with elastic#28892 REST high-level client: add support for Indices Update Settings API (elastic#28892) Search: Validate script query is run with a single script (elastic#29304) [DOCS] Added info on WGS-84. Closes issue elastic#3590 (elastic#29305) Increase timeout on Netty client latch for tests Build: Use branch specific refspec sysprop for bwc builds (elastic#29299) TEST: trim unsafe commits before opening engine Move trimming unsafe commits from engine ctor to store (elastic#29260) Fix incorrect geohash for lat 90, lon 180 (elastic#29256) Do not load global state when deleting a snapshot (elastic#29278) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The parsing code for script query currently silently skips by any tokens
it does not know about within its parsing loop. The only token it does
not catch is an array, which means passing multiple scripts in via an
array will cause the last script to be parsed, silently dropping
the others. This commit adds validation that arrays are not seen while
parsing.