Johannes Kloos created SOLR-13178:
-------------------------------------
Summary: ClassCastExceptions in o.a.s.request.json.ObjectUtil for
valid JSON inputs that are not objects
Key: SOLR-13178
URL: https://issues.apache.org/jira/browse/SOLR-13178
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: Server
Affects Versions: 7.5, master (9.0)
Environment: h2. Steps to reproduce
* Build commit ea2c8ba of Solr as described in the section below.
* Build the films collection as described below.
* {{Start the server using the command “./bin/solr start -f -p 8983 -s
/tmp/home”}}
* Request the URL above.
h2. Compiling the server
{{git clone [https://github.com/apache/lucene-solr
]cd lucene-solr
git checkout ea2c8ba
ant compile
cd solr
ant server}}
h2. Building the collection
We followed Exercise 2 from the quick start tutorial
([http://lucene.apache.org/solr/guide/7_5/solr-tutorial.html#exercise-2]) - for
reference, I have attached a copy of the database.
{{mkdir -p /tmp/home
echo '<?xml version="1.0" encoding="UTF-8" ?><solr></solr>' >
/tmp/home/solr.xml}}
In one terminal start a Solr instance in foreground:
./bin/solr start -f -p 8983 -s /tmp/home
In another terminal, create a collection of movies, with no shards and no
replication:
{{bin/solr create -c films
curl -X POST -H 'Content-type:application/json' --data-binary '\{"add-field":
{"name":"name", "type":"text_general", "multiValued":false, "stored":true}}'
[http://localhost:8983/solr/films/schema]}}
{{curl -X POST -H 'Content-type:application/json' --data-binary
'\{"add-copy-field" : {"source":"*","dest":"_text_"}}'
[http://localhost:8983/solr/films/schema]}}
{{./bin/post -c films example/films/films.json}}
Reporter: Johannes Kloos
Attachments: home.zip
We found this bug using Diffblue Microservice testing
Requesting any of the following URLs gives a 500 error due to a
ClassCastException in o.a.s.r.j.ObjectUtil.mergeObjects:
* [http://localhost:8983/solr/films/select?json=0]
* [http://localhost:8983/solr/films/select?json.facet=1&json.facet.field=x]
The error response is caused by uncaught ClassCastExceptions, such as (for the
first URL):
{\{ java.lang.ClassCastException: java.lang.Long cannot be cast to
java.util.Map}}
{{at
org.apache.solr.request.json.ObjectUtil.mergeObjects(ObjectUtil.java:108)}}
{{at org.apache.solr.request.json.RequestUtil.mergeJSON(RequestUtil.java:269)}}
{{at
org.apache.solr.request.json.RequestUtil.processParams(RequestUtil.java:180)}}
{{at
org.apache.solr.util.SolrPluginUtils.setDefaults(SolrPluginUtils.java:167)}}
{{at
org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:196)}}
{{[...]}}
{{The culprit seems to be the o.a.s.r.j.RequestUtil.mergeJSON method, in
particular the following fragment:}}
{{ Object o = ObjectBuilder.fromJSON(jsonStr);}}
{{ // zero-length strings or comments can cause this to be null (and a
zero-length string can result from a json content-type w/o a body)}}
{{ if (o != null) {}}
{{ ObjectUtil.mergeObjects(json, path, o, handler);}}
}
Note that o is an Object representing a JSON _value_, while SOLR seems to
expect that o holds a JSON _object_. But in the examples above, the JSON value
is a number (represented by a Long object) instead - this is, in fact, valid
JSON.
A possible fix could be to use the getObject method of ObjectUtil instead of
blindly calling fromJSON.
This bug was found using [Diffblue Microservices
Testing|http://www.diffblue.com/labs]. Find more information on this [test
campaign|https://www.diffblue.com/blog/2018/12/19/diffblue-microservice-testing-a-sneak-peek-at-our-early-product-and-results].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
