[
https://issues.apache.org/jira/browse/ATLAS-3853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mayank Jain updated ATLAS-3853:
-------------------------------
Description:
_The issue :_
The enumValue which we assigned "><svg
onload=\"alert('table');\"display=none>" has double quotes in it.the
janusgraph's class SystemTypeManager.java has RESERVED_CHARS = new char[]{'
{', '}
', '"', '\u001e'}; into it.
_How to reproduce it ? Steps to reproduce :_
Step 1 : Create an enum e.g enumXSS.
Step 2 : create a classification with some attribute of type enumXSS.
Step 3 : Assign a value for this attribute with "><svg
onload=\"alert('table');\"display=none>"Now this will result into an error with
500 saying "Something went wrong"
_Approach for resolving this :_
As the janusgraph has this check for special characters and our enumValue has
that double quotes in it it throws an illelagalArgumentException.
Now at Atlas end we are not handling the unexpected exception so we just have
to catch the Exception and throw it with proper error code and error-message
which helps user to understand the issue properly.And for that i have provided
the patch on RR.
Stack-trace:-
{noformat}
2020-06-19 17:05:32,390 ERROR - [pool-2-thread-7 -
37492d4b-63b4-4189-89c3-329b0566ae74:]
~ graph rollback due to exception (GraphTransactionInterceptor:167)
java.lang.IllegalArgumentException: Name contains reserved character ":
__type.edge.classitest."><svg onload="alert('table');" display=none>
at
com.google.common.base.Preconditions.checkArgument(Preconditions.java:163)
at
org.janusgraph.graphdb.types.system.SystemTypeManager.throwIfSystemName(SystemTypeManager.java:74)
at
org.janusgraph.graphdb.types.StandardRelationTypeMaker.name(StandardRelationTypeMaker.java:181)
at
org.janusgraph.graphdb.types.StandardRelationTypeMaker.<init>(StandardRelationTypeMaker.java:53)
at
org.janusgraph.graphdb.types.StandardEdgeLabelMaker.<init>(StandardEdgeLabelMaker.java:41)
at
org.janusgraph.graphdb.transaction.StandardJanusGraphTx.makeEdgeLabel(StandardJanusGraphTx.java:1052)
at
org.janusgraph.graphdb.transaction.StandardJanusGraphTx.getOrCreateEdgeLabel(StandardJanusGraphTx.java:1038)
at
org.janusgraph.graphdb.vertices.AbstractVertex.addEdge(AbstractVertex.java:167)
at
org.janusgraph.graphdb.vertices.AbstractVertex.addEdge(AbstractVertex.java:37)
at
org.apache.atlas.repository.graphdb.janus.AtlasJanusGraph.addEdge(AtlasJanusGraph.java:147)
at
org.apache.atlas.repository.store.graph.v2.AtlasTypeDefGraphStoreV2.addEdge(AtlasTypeDefGraphStoreV2.java:395)
at
org.apache.atlas.repository.store.graph.v2.AtlasTypeDefGraphStoreV2.getOrCreateEdge(AtlasTypeDefGraphStoreV2.java:387)
at
org.apache.atlas.repository.store.graph.v2.AtlasStructDefStoreV2.addReferencesForAttribute(AtlasStructDefStoreV2.java:523)
at
org.apache.atlas.repository.store.graph.v2.AtlasStructDefStoreV2.updateVertexAddReferences(AtlasStructDefStoreV2.java:471)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.updateVertexAddReferences(AtlasClassificationDefStoreV2.java:338)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.updateByGuid(AtlasClassificationDefStoreV2.java:254)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.update(AtlasClassificationDefStoreV2.java:183)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.update(AtlasClassificationDefStoreV2.java:48)
at
org.apache.atlas.repository.store.graph.AtlasTypeDefGraphStore.updateGraphStore(AtlasTypeDefGraphStore.java:1029)
at
org.apache.atlas.repository.store.graph.AtlasTypeDefGraphStore.updateTypesDef(AtlasTypeDefGraphStore.java:481)
{noformat}
was:
The issue :
The enumValue which we assigned "><svg
onload=\"alert('table');\"display=none>" has double quotes in it.the
janusgraph's class SystemTypeManager.java has RESERVED_CHARS = new char[]\{'{',
'}', '"', '\u001e'}; into it.
How to reproduce it ? Steps to reproduce :
Step 1 : Create an enum e.g enumXSS.Step 2 : create a classification with some
attribute of type enumXSS.Step 3 : Assign a value for this attribute with
"><svg onload=\"alert('table');\"display=none>"Now this will result into an
error with 500 saying "Something went wrong"
Approach for resolving this :
As the janusgraph has this check for special characters and our enumValue has
that double quotes in it it throws an illelagalArgumentException.
Now at Atlas end we are not handling the unexpected exception so we just have
to catch the Exception and throw it with proper error code and error-message
which helps user to understand the issue properly.And for that i have provided
the patch on RR.
Stack-trace:-
{noformat}
2020-06-19 17:05:32,390 ERROR - [pool-2-thread-7 -
37492d4b-63b4-4189-89c3-329b0566ae74:]
~ graph rollback due to exception (GraphTransactionInterceptor:167)
java.lang.IllegalArgumentException: Name contains reserved character ":
__type.edge.classitest."><svg onload="alert('table');" display=none>
at
com.google.common.base.Preconditions.checkArgument(Preconditions.java:163)
at
org.janusgraph.graphdb.types.system.SystemTypeManager.throwIfSystemName(SystemTypeManager.java:74)
at
org.janusgraph.graphdb.types.StandardRelationTypeMaker.name(StandardRelationTypeMaker.java:181)
at
org.janusgraph.graphdb.types.StandardRelationTypeMaker.<init>(StandardRelationTypeMaker.java:53)
at
org.janusgraph.graphdb.types.StandardEdgeLabelMaker.<init>(StandardEdgeLabelMaker.java:41)
at
org.janusgraph.graphdb.transaction.StandardJanusGraphTx.makeEdgeLabel(StandardJanusGraphTx.java:1052)
at
org.janusgraph.graphdb.transaction.StandardJanusGraphTx.getOrCreateEdgeLabel(StandardJanusGraphTx.java:1038)
at
org.janusgraph.graphdb.vertices.AbstractVertex.addEdge(AbstractVertex.java:167)
at
org.janusgraph.graphdb.vertices.AbstractVertex.addEdge(AbstractVertex.java:37)
at
org.apache.atlas.repository.graphdb.janus.AtlasJanusGraph.addEdge(AtlasJanusGraph.java:147)
at
org.apache.atlas.repository.store.graph.v2.AtlasTypeDefGraphStoreV2.addEdge(AtlasTypeDefGraphStoreV2.java:395)
at
org.apache.atlas.repository.store.graph.v2.AtlasTypeDefGraphStoreV2.getOrCreateEdge(AtlasTypeDefGraphStoreV2.java:387)
at
org.apache.atlas.repository.store.graph.v2.AtlasStructDefStoreV2.addReferencesForAttribute(AtlasStructDefStoreV2.java:523)
at
org.apache.atlas.repository.store.graph.v2.AtlasStructDefStoreV2.updateVertexAddReferences(AtlasStructDefStoreV2.java:471)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.updateVertexAddReferences(AtlasClassificationDefStoreV2.java:338)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.updateByGuid(AtlasClassificationDefStoreV2.java:254)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.update(AtlasClassificationDefStoreV2.java:183)
at
org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.update(AtlasClassificationDefStoreV2.java:48)
at
org.apache.atlas.repository.store.graph.AtlasTypeDefGraphStore.updateGraphStore(AtlasTypeDefGraphStore.java:1029)
at
org.apache.atlas.repository.store.graph.AtlasTypeDefGraphStore.updateTypesDef(AtlasTypeDefGraphStore.java:481)
{noformat}
> Error while creating enum Attribute with special characters.
> ------------------------------------------------------------
>
> Key: ATLAS-3853
> URL: https://issues.apache.org/jira/browse/ATLAS-3853
> Project: Atlas
> Issue Type: Bug
> Reporter: Mayank Jain
> Assignee: Mayank Jain
> Priority: Major
> Attachments: errorStackTrace.txt
>
>
>
> _The issue :_
> The enumValue which we assigned "><svg
> onload=\"alert('table');\"display=none>" has double quotes in it.the
> janusgraph's class SystemTypeManager.java has RESERVED_CHARS = new char[]{'
> {', '}
> ', '"', '\u001e'}; into it.
> _How to reproduce it ? Steps to reproduce :_
> Step 1 : Create an enum e.g enumXSS.
> Step 2 : create a classification with some attribute of type enumXSS.
> Step 3 : Assign a value for this attribute with "><svg
> onload=\"alert('table');\"display=none>"Now this will result into an error
> with 500 saying "Something went wrong"
> _Approach for resolving this :_
> As the janusgraph has this check for special characters and our enumValue has
> that double quotes in it it throws an illelagalArgumentException.
> Now at Atlas end we are not handling the unexpected exception so we just have
> to catch the Exception and throw it with proper error code and error-message
> which helps user to understand the issue properly.And for that i have
> provided the patch on RR.
>
> Stack-trace:-
> {noformat}
> 2020-06-19 17:05:32,390 ERROR - [pool-2-thread-7 -
> 37492d4b-63b4-4189-89c3-329b0566ae74:]
> ~ graph rollback due to exception (GraphTransactionInterceptor:167)
> java.lang.IllegalArgumentException: Name contains reserved character ":
> __type.edge.classitest."><svg onload="alert('table');" display=none>
> at
> com.google.common.base.Preconditions.checkArgument(Preconditions.java:163)
> at
> org.janusgraph.graphdb.types.system.SystemTypeManager.throwIfSystemName(SystemTypeManager.java:74)
> at
> org.janusgraph.graphdb.types.StandardRelationTypeMaker.name(StandardRelationTypeMaker.java:181)
> at
> org.janusgraph.graphdb.types.StandardRelationTypeMaker.<init>(StandardRelationTypeMaker.java:53)
> at
> org.janusgraph.graphdb.types.StandardEdgeLabelMaker.<init>(StandardEdgeLabelMaker.java:41)
> at
> org.janusgraph.graphdb.transaction.StandardJanusGraphTx.makeEdgeLabel(StandardJanusGraphTx.java:1052)
> at
> org.janusgraph.graphdb.transaction.StandardJanusGraphTx.getOrCreateEdgeLabel(StandardJanusGraphTx.java:1038)
> at
> org.janusgraph.graphdb.vertices.AbstractVertex.addEdge(AbstractVertex.java:167)
> at
> org.janusgraph.graphdb.vertices.AbstractVertex.addEdge(AbstractVertex.java:37)
> at
> org.apache.atlas.repository.graphdb.janus.AtlasJanusGraph.addEdge(AtlasJanusGraph.java:147)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasTypeDefGraphStoreV2.addEdge(AtlasTypeDefGraphStoreV2.java:395)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasTypeDefGraphStoreV2.getOrCreateEdge(AtlasTypeDefGraphStoreV2.java:387)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasStructDefStoreV2.addReferencesForAttribute(AtlasStructDefStoreV2.java:523)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasStructDefStoreV2.updateVertexAddReferences(AtlasStructDefStoreV2.java:471)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.updateVertexAddReferences(AtlasClassificationDefStoreV2.java:338)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.updateByGuid(AtlasClassificationDefStoreV2.java:254)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.update(AtlasClassificationDefStoreV2.java:183)
> at
> org.apache.atlas.repository.store.graph.v2.AtlasClassificationDefStoreV2.update(AtlasClassificationDefStoreV2.java:48)
> at
> org.apache.atlas.repository.store.graph.AtlasTypeDefGraphStore.updateGraphStore(AtlasTypeDefGraphStore.java:1029)
> at
> org.apache.atlas.repository.store.graph.AtlasTypeDefGraphStore.updateTypesDef(AtlasTypeDefGraphStore.java:481)
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
