Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13203

RuntimeException causing a 500 response code for invalid user input

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: master (9.0)
    • Fix Version/s: 8.6
    • Component/s: search
    • Labels:
    • Environment:

      Description

      Requesting the following URL causes Solr to return an HTTP 500 error response:

      http://localhost:8983/solr/films/select?uf=fl=gen*,id&defType=edismax
      

      The error response seems to be caused by the following uncaught exception:

      java.lang.RuntimeException: dynamic field name must start or end with *
      at org.apache.solr.search.ExtendedDismaxQParser$DynamicField.<init>(ExtendedDismaxQParser.java:1610)
      

      The DynamicField parser throws this RuntimeException to tell the user that the given query is invalid. Sadly, the exception is never caught, so it manifests as a 500 error instead of a 400 error.

      We found this issue and ~70 more like this using Diffblue Microservices Testing. Find more information on this fuzz testing campaign.

        Attachments

        1. home.zip
          376 kB
          Johannes Kloos

          Issue Links

            Activity

              People

              • Assignee:
                munendrasn Munendra S N
                Reporter:
                jkloos Johannes Kloos
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m