Skip to content

ESB-1154 refactored error handling, updated tests#346

Open
MEM2677 wants to merge 7 commits into
release/7.5from
ESB-1154
Open

ESB-1154 refactored error handling, updated tests#346
MEM2677 wants to merge 7 commits into
release/7.5from
ESB-1154

Conversation

@MEM2677

@MEM2677 MEM2677 commented Jul 2, 2026

Copy link
Copy Markdown
Member

Stacktrace replaced with a WARN

Instead of asserting an exception is thrown, each test now asserts the executed Solr query equals +(entity_group:free) — i.e., the malicious field was dropped entirely and only the safe access-control clause reached Solr.

@MEM2677 MEM2677 requested a review from ffalqui July 2, 2026 13:48
@MEM2677 MEM2677 changed the title ESB-1154 refacotred error handling, updated tests ESB-1154 refactored error handling, updated tests Jul 2, 2026
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

PUBLICATION for COMMIT ID ``

IMG/TAG: entando/entando-de-app-tomcat:7.5.0-ESB-1154-PR346
IMG/SHA: entando/entando-de-app-tomcat@sha256:05ac88bf88f9338492508af85f4964d94bb7fee4d32fa830fb2f634d3774ce6d

@MEM2677

MEM2677 commented Jul 7, 2026

Copy link
Copy Markdown
Member Author

Only one exception is reported, and displays the following error:

Schermata del 2026-07-07 11-14-07

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

PUBLICATION for COMMIT ID ``

IMG/TAG: entando/entando-de-app-tomcat:7.5.0-ESB-1154-PR346
IMG/SHA: entando/entando-de-app-tomcat@sha256:4134c1c64f3fbc1664f3698120c916e07a98374052b7e1711ac76a3ec157eeca

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

PUBLICATION for COMMIT ID ``

IMG/TAG: entando/entando-de-app-tomcat:7.5.0-ESB-1154-PR346
IMG/SHA: entando/entando-de-app-tomcat@sha256:ededca01c9a7d6552e486935eebb36306801f2f1d8b84cf34793de964fd5440f

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

PUBLICATION for COMMIT ID ``

IMG/TAG: entando/entando-de-app-tomcat:7.5.0-ESB-1154-PR346
IMG/SHA: entando/entando-de-app-tomcat@sha256:8113f3bf4be07523d9ca2103c98d1e8afdfb0f86064d4d2779a9716b85ea2c38

@sonarqubecloud

sonarqubecloud Bot commented Jul 7, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

PUBLICATION for COMMIT ID ``

IMG/TAG: entando/entando-de-app-tomcat:7.5.0-ESB-1154-PR346
IMG/SHA: entando/entando-de-app-tomcat@sha256:a6f371f518dad7b74e095389c1d39c99ce5438cbd926a1327c419f8223f69d4e

@MEM2677

MEM2677 commented Jul 8, 2026

Copy link
Copy Markdown
Member Author

Release Notes

ESB-1154 — Advanced Content Search: hardened filter handling

Component: solr-pluginAdvContentSearchController
(GET /api/plugins/advcontentsearch/contents, GET /api/plugins/advcontentsearch/facetedcontents)

Summary

Malformed and empty search filters no longer cause the endpoint to fail with HTTP 500
(RuntimeException: "Error: Key required"). Filter input is now validated and handled
explicitly.

Behavior changes (all previously resulted in HTTP 500)

  • Filter with a value/criteria but no field to search on (no attribute, no entityAttr,
    and not a full-text filter) → now HTTP 400 Bad Request (error code 101,
    filtering.filter.attr.name.invalid). The request is rejected rather than silently executed,
    so a mistyped filter can no longer return a broader result set than intended.
  • Empty placeholder filters (e.g. sparse indexing such as filters[99] leaving
    filters[0..98] empty, or an auto-grown/blank filter with no field and no value) → now
    ignored; the request proceeds with its remaining valid filters and returns HTTP 200.
    A WARN is logged for each discarded filter.
  • Full-text filter with a null attribute (filters[i].fullText=true carrying the term in
    value) → now HTTP 200; previously a NullPointerException / HTTP 500.

No change to successful requests

Valid requests are unaffected: returned content, result counts, ordering, faceting, and
pagination metadata are identical to previous releases. The only observable differences are the
error responses listed above.

Upgrade impact / client action

  • Clients that (incorrectly) relied on receiving a 500 for the cases above should expect
    400 or 200 accordingly.
  • Clients sending filters without a searchable attribute (other than full-text) will now
    receive a descriptive 400 — update those requests to include a valid attribute or
    entityAttr, or mark the filter fullText=true.
  • No API contract, request schema, or successful-response format changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant