Yes. Please create jiras and attach patches. Tests are highly appreciated.
On Mon, Jan 28, 2019 at 4:49 PM César Rodríguez <
cesar.rodrig...@diffblue.com> wrote:
> Hi there,
>
> We analyzed the source code of Apache Solr and found a number of
> issues that we would like to report. We configured Solr using the
> films collection from the quick start tutorial [2]. For every issue
> that we found we can provide a request URL for which Solr returns an
> HTTP 500 error (usually due to an uncaught exception).
>
> Please find below two example issues we found, together with an
> explanation of the cause and a patch fixing the bug (attached patches
> pass the unit tests). The issues we would like to report are similar
> to those. We found them with help from Diffblue Microservice Testing
> [1].
>
> We would like to know:
> * Should we open JIRA tickets for each one of them?
> * We can provide a URL that triggers the problem, a stack trace, and
> information about the server setup. What other information would you
> like to see?
>
> I look forward to your response.
>
> Best regards,
> César
>
> PS. If this question is not suitable for this list, please indicate
> where to follow up.
>
> === Issue 1: Null pointer exception due to unhandled case in
> ComplexPhraseQueryParser ===
>
> Assume that we request the following URL:
>
> /solr/films/select?q={!complexphrase}genre:"-om*"
>
> Handling this query involves constructing a SpanQuery, which happens
> in the rewrite method of ComplexPhraseQueryParser. In particular, the
> expression is decomposed into a BooleanQuery, which has exactly one
> clause, namely the negative clause -genre:”om*”. The rewrite method
> then further transforms this into a SpanQuery; in this case, it goes
> into the path that handles complex queries with both positive and
> negative clauses. It extracts the subset of positive clauses - note
> that this set of clauses is empty for this query. The positive clauses
> are then combined into a SpanNearQuery (around line 340), which is
> then used to build a SpanNotQuery.
>
> Further down the line, the field attribute of the SpanNearQuery is
> accessed and used as an index into a TreeMap. But since we had an
> empty set of positive clauses, the SpanNearQuery does not have its
> field attribute set, so we get a null here - this leads to an
> exception.
>
> A possible fix would be to detect the situation where we have an empty
> set of positive clauses and include a single synthetic clause that
> matches either everything or nothing. See attached file
> 0001-Fix-NullPointerException.patch.
>
> === Issue 2: StringIndexOutOfBoundsException when expanding macros ===
>
> Assume that we request the following URL:
>
> /solr/films/select?a=${${b}}
>
> Parameter macro expansion [3] seems to take place in
> org.apache.solr.request.macro.MacroExpander._expand(String val).
> However, this method throws a StringIndexOutOfBoundsException for the
> URL above. From reading the code it seems that macros are not expanded
> inside curly brackets ${...}, and so the “${b}” inside “${${b}}”
> should not be expanded. But the function seems to fail to detect this
> specific case and graciously refuse to expand it. Instead, it
> unexpectedly throws the exception. A possible fix could be updating
> the ‘idx’ variable when the StrParser detects that no valid identifier
> can be found inside the brackets. See attached file
> 0001-Macro-expander-fail-gracefully-on-unsupported-syntax.patch.
>
> References:
> [1] https://www.diffblue.com/labs/
> [2] https://lucene.apache.org/solr/guide/7_6/solr-tutorial.html
> [3] http://yonik.com/solr-query-parameter-substitution/
>
> --
> Diffblue Limited, a company registered in England and Wales number
> 09958102, with its registered office at Ramsey House, 10 St. Ebbes Street,
> Oxford, OX1 1PT, England
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
--
Sincerely yours
Mikhail Khludnev
