Project

General

Profile

Actions

Enhancement #14840

open

500 server error page when URL contains a ;

Added by Nicolas CHARLES over 5 years ago. Updated about 1 year ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Web - Maintenance
UX impact:
Suggestion strength:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Name check:
Fix check:
Regression:

Description

In Rudder 5.0, if the URL contains a ";", we get redirected to a nasty 500Server Error page
It used to be only a Not found before

I found it out while upgrading from 4.1 to 5.0, the URL after refresh was

https://192.168.45.2/rudder/index.html;jsessionid=1jzhqomd91t101mcki3zo8ouch#%7B%22nodeId%22:%22root%22,%22displayCompliance%22:false,%22query%22:%7B%22select%22:%22node%22,%22composition%22:%22And%22,%22where%22:%5B%7B%22objectType%22:%22node%22,%22attribute%22:%22OS%22,%22comparator%22:%22eq%22,%22value%22:%22Linux%22%7D%5D%7D%7D

stacktrace is

[2019-05-09 10:26:47] INFO  inventory-processing - Report 'server-root.ocs' for node 'server.rudder.local' [root] (signature:certified) processed in 733 milliseconds ms
2019-05-09 10:26:54.757:WARN:oejs.HttpChannel:qtp1618212626-17: /rudder/index.html;jsessionid=1jzhqomd91t101mcki3zo8ouch
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String ";" 
        at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlacklistedUrls(StrictHttpFirewall.java:265)
        at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:245)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
        at org.eclipse.jetty.server.Server.handle(Server.java:531)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
        at java.lang.Thread.run(Thread.java:748)
2019-05-09 10:26:56.960:WARN:oejs.HttpChannel:qtp1618212626-10: /rudder/index.html;jsessionid=1jzhqomd91t101mcki3zo8ouch
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String ";" 

Actions #1

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.10 to 5.0.11
Actions #2

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.11 to 5.0.12
Actions #3

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.12 to 5.0.13
Actions #4

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.13 to 5.0.14
Actions #5

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.14 to 5.0.15
Actions #6

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.15 to 5.0.16
Actions #7

Updated by Alexis Mousset almost 5 years ago

  • Target version changed from 5.0.16 to 5.0.17
Actions #8

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.17 to 5.0.18
Actions #9

Updated by François ARMAND over 4 years ago

  • Severity set to Minor - inconvenience | misleading | easy workaround
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 27
Actions #10

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.18 to 5.0.19
Actions #11

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.19 to 5.0.20
Actions #12

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 5.0.20 to 797
Actions #13

Updated by Benoît PECCATTE over 3 years ago

  • Target version changed from 797 to 6.1.14
Actions #14

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.14 to 6.1.15
Actions #15

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.15 to 6.1.16
Actions #16

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.16 to 6.1.17
Actions #17

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.17 to 6.1.18
Actions #18

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.18 to 6.1.19
Actions #19

Updated by François ARMAND almost 3 years ago

  • Tracker changed from Bug to Enhancement
  • Severity deleted (Minor - inconvenience | misleading | easy workaround)
  • Priority deleted (27)
Actions #20

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.19 to 6.1.20
Actions #21

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.20 to 6.1.21
Actions #22

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.21 to old 6.1 issues to relocate
Actions #23

Updated by Alexis Mousset almost 2 years ago

  • Target version changed from old 6.1 issues to relocate to 7.2.5
Actions #24

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 7.2.5 to 7.2.6
Actions #25

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.6 to 7.2.7
Actions #26

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.7 to 7.2.8
Actions #27

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.8 to 7.2.9
Actions #28

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.9 to 7.2.10
Actions #29

Updated by Alexis Mousset over 1 year ago

  • Target version changed from 7.2.10 to 7.2.11
Actions #30

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.11 to 1046
Actions #31

Updated by Alexis Mousset about 1 year ago

  • Target version changed from 1046 to Ideas (not version specific)
Actions

Also available in: Atom PDF