Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix handling of invalid and empty filter queries #22048

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Fix handling of invalid and empty filter queries #22048

wants to merge 10 commits into from
+75 −21

Conversation

paescuj
Copy link
Member

@paescuj paescuj commented Apr 2, 2024
edited

Scope

  • Filters can consist of empty rules ({}), which is valid according to the Filter type as well as the parseFilter() function
    • This case is now covered in applyQuery() by checking for undefined operators
  • If a filter query is invalid (either invalid JSON or invalid rules), the request should fail early with InvalidQueryError
    • Until now, invalid filter queries where passed along even if sanitization failed

Potential Risks / Drawbacks

  • As an alternative to throwing an error, we could also ignore invalid values (clear the filter value) and proceed with the request. That doesn't make much sense to me, though, as the client would assume a successful response to be filtered.

Review Notes / Questions

  • Sanitization fix applies to deep filter as well as this reuses the sanitization function recursively.
  • Examples for testing:
    • Invalid 
      filter=null
filter={"name": null}
filter={"name":}
...
    • Valid 
      filter=
filter={}
filter={"name": {}}
filter={"name": []}
...

Fixes #22042

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Apr 2, 2024
edited

🦋 Changeset detected

Latest commit: 745c735

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@directus/api Patch
directus Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@paescuj paescuj marked this pull request as ready for review April 7, 2024 20:28
@hanneskuettner
Copy link
Contributor

According to our types filter={"name": []} should not be a valid filter, as far as I understand them.

export type Filter = LogicalFilter | FieldFilter;

export type FieldFilter = {
	[field: string]: FieldFilterOperator | FieldValidationOperator | FieldFilter;
};

and neither FieldFilterOperator nor FieldValidationOperator are valid empty arrays.

@paescuj
Copy link
Member Author

paescuj commented Apr 30, 2024
edited

According to our types filter={"name": []} should not be a valid filter, as far as I understand them.

export type Filter = LogicalFilter | FieldFilter;

export type FieldFilter = {
	[field: string]: FieldFilterOperator | FieldValidationOperator | FieldFilter;
};

and neither FieldFilterOperator nor FieldValidationOperator are valid empty arrays.

Maybe 👀 This is out of scope for this PR, though, as it touches another part of the app and we would first have to decide

  • whether we indeed want to treat it as invalid input - the current behavior, which is to translate it into {} kinda makes sense to me...
  • what should happen (throw error, other fallback value, ...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hanneskuettner hanneskuettner Awaiting requested review from hanneskuettner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
🍰 Bug 📁 REST
Projects
Software Roadmap
Status: 🆕 Needs Triage
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

500 Internal Server Error when filtering with undefined value in _eq or _contains
2 participants
@paescuj @hanneskuettner