Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
As a user with limited group visibility, when running a report for ALL groups the entire result set is queried. The results are subsequently loaded into memory and are filtered based on their permissions. This allows the user to initiate much more expensive queries that can have a significantly negative effect on service health.
An example:
The guest user is granted permission to see only the Default Group, which is empty, on a server with an extremely large number of build results in other groups. An anonymous user visits the server and runs an open build report (ALL groups, ALL statuses).
What you would expect: The anonymous user finds exactly what is visible to them by browsing the project group: there are no results. Because there are no results, the query is answered quickly.
What actually happens: the entire build result table is scanned resulting in an extremely long query (due to the large number of build results). Also, prior to the work on CONTINUUM-2746, which uses range queries to load results in batches, this would crash the system with an OutOfMemoryError.
The essence of the issue is that users can cause an effect that is disproportional to their privilege. Ideally, users should only be able to affect the system by accessing resources they actually have permission to see (scanning only rows they have access to).
Attachments
Issue Links
- relates to
-
-
- Closed
-