[MAGNOLIA-7687] Solr Plugin does not sanitize query string Created: 19/Nov/19  Updated: 02/Apr/20

Status: Accepted
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Sebastian Kleine Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

The default magnolia solr search does not sanitize user input. We could do interesting things with search terms like

...?queryStr=%3Ca+href%3D%22lol+was+geht%22%3E+spielplatz+%3C%2Fa%3E+%3Cimg+src%3D%22irgendwas%22+onerror%3D%22window.location%3D%27https%3A%2F%2Fgoogle.de%3Fq%3Dxss%27%22%3E#%22%3E%20spielplatz%20%3C/a%3E

or showing an image and trying to link something in the recommendations (Vorschläge)

...?queryStr=%3Ca+href%3D%22www.google.de%22%3E+spielplatz+%3C%2Fa%3E+%3Cimg+src%3D%22https%3A%2F%2Fwww.genobroker-info.de%2Fdam%2Fjcr%3Aa7a45853-1c0e-4327-8639-8cc257b4a80d%2F321_Raiffeisen%2520Aulendorf%2520Logo%25204c1sp.png%22

We tried to sanitize the input by using the following code in the search model:

    public String getQueryStr() {
        String queryString = super.getQueryStr();
        String sanitizesQueryString = StringEscapeUtils.escapeHtml4(queryString);
        return sanitizesQueryString;
    }



 Comments   
Comment by Simon Lutz [ 21/Nov/19 ]

Hi skleine,

thanks a lot for opening this ticket and providing a suggestion. We will review your input and take next actions accordingly.

Best regards,
Simon

Comment by Sebastian Kleine [ 21/Nov/19 ]

Hello,

we realizes one thing with the escapeHtml4 -Method. This does escape german special characters (äöüß) as well. So for this the search does not work. We need to rethink our solution.

Best regards,
Sebastian

Generated at Mon Feb 12 04:25:57 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.