[
https://issues.apache.org/jira/browse/UNOMI-945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Serge Huber reassigned UNOMI-945:
---------------------------------
Assignee: Serge Huber
> Small bug in context.json endpoint
> ----------------------------------
>
> Key: UNOMI-945
> URL: https://issues.apache.org/jira/browse/UNOMI-945
> Project: Apache Unomi
> Issue Type: Bug
> Affects Versions: unomi-3.0.0
> Reporter: Romain Gauthier
> Assignee: Serge Huber
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> h2. Problem
> In ContextJsonEndpoint.sanitizeValue(), when a condition parameter is a list,
> the code creates a clean copy (newValues) but returns the original list
> (values).
> So bad values inside lists (like parameter::… or script::…) are not removed.
> Code location :
> https://github.com/apache/unomi/blob/31fe93e4f0e79abe7d223d8d76dcd2ea437d3ab7/rest/src/main/java/org/apache/unomi/rest/endpoints/ContextJsonEndpoint.java#L361
> {code:java} return values; // wrong — should be: return newValues; {code}
> h2. Impact
> This affects /context.json when personalization sanitization is on (default
> setting).
> Filters with list parameters can pass even when they contain unsafe values.
> Simple string parameters work correctly.
> h2. Fix
> Change the return to newValues. Add a test with a list that contains a
> disallowed value.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)