sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Mueller (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SLING-8407) JobManagerImpl.findJobs should prevent traversal
Date Fri, 10 May 2019 07:21:00 GMT

    [ https://issues.apache.org/jira/browse/SLING-8407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16836974#comment-16836974
] 

Thomas Mueller commented on SLING-8407:
---------------------------------------

There is at least one other place where the parameter is not encoded: topic.
If I'm not mistaken, ISO9075.encode is used unnecessarily in many places to encode constant
property names, while some property names are not encoded, e.g.

{noformat}
 buf.append(propName);
{noformat}

getJobById doesn't escape the id and also swallows exceptions.


> JobManagerImpl.findJobs should prevent traversal
> ------------------------------------------------
>
>                 Key: SLING-8407
>                 URL: https://issues.apache.org/jira/browse/SLING-8407
>             Project: Sling
>          Issue Type: Improvement
>          Components: Event
>            Reporter: Thomas Mueller
>            Priority: Major
>
> The method [JobManagerImpl.findJobs|https://github.com/apache/sling-org-apache-sling-event/blob/master/src/main/java/org/apache/sling/event/impl/jobs/JobManagerImpl.java#L373]
runs a JCR query to find all jobs for a topic.
> It is possible that such a query is running while the repository isn't initialized yet,
meaning while the index isn't available yet. What is happening in this case is that the query
is traversing all nodes below that path, triggering a warning that the query doesn't use an
index. It is sometimes happening when a health check is running before the repository is initialized
(ReplicationQueueHealthCheck and DistributionQueueHealthCheck).
> It doesn't make sense that the query traverses the nodes. It should use an index. If
the index isn't available yet, it should fail. Therefore, the query should use "option(traversal
fail)". That would result in an exception that can be caught.  I will log a related issue
to change the health checks to process this exception and return HEALTH_CHECK_ERROR for this
case.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message