[ 
https://issues.apache.org/jira/browse/UNOMI-945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Serge Huber reassigned UNOMI-945:
---------------------------------

    Assignee: Serge Huber

> Small bug in context.json endpoint
> ----------------------------------
>
>                 Key: UNOMI-945
>                 URL: https://issues.apache.org/jira/browse/UNOMI-945
>             Project: Apache Unomi
>          Issue Type: Bug
>    Affects Versions: unomi-3.0.0
>            Reporter: Romain Gauthier
>            Assignee: Serge Huber
>            Priority: Minor
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> h2. Problem
> In ContextJsonEndpoint.sanitizeValue(), when a condition parameter is a list, 
> the code creates a clean copy (newValues) but returns the original list 
> (values).
> So bad values inside lists (like parameter::… or script::…) are not removed.
> Code location : 
> https://github.com/apache/unomi/blob/31fe93e4f0e79abe7d223d8d76dcd2ea437d3ab7/rest/src/main/java/org/apache/unomi/rest/endpoints/ContextJsonEndpoint.java#L361
> {code:java} return values; // wrong — should be: return newValues; {code}
> h2. Impact
> This affects /context.json when personalization sanitization is on (default 
> setting).
> Filters with list parameters can pass even when they contain unsafe values. 
> Simple string parameters work correctly.
> h2. Fix
> Change the return to newValues. Add a test with a list that contains a 
> disallowed value.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to