java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>

Atlassian JIRA | Jaime Silveira [Atlassian] | 1 year ago
  1. 0

    In some pages, Bamboo shows the authors of commits, even if they're not local users. If their not associated with a user, they are shown like this: !branch_author.png|thumbnail! We can see if follows this patterns: Display name <user@domain.com> When clicking this user, we get this 'Internal Server Error Page': !error_page.png|thumbnail! The following stacktrace is shown: {noformat} java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com> at com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss(RequestCacheThreadLocal.java:157) at com.atlassian.bamboo.util.RequestCacheThreadLocal.putHttpRequest(RequestCacheThreadLocal.java:145) at com.atlassian.bamboo.util.RequestCacheThreadLocal.setRequestCache(RequestCacheThreadLocal.java:53) at com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) {noformat} Since it says it's a 'Dangerous string detected', it seems that the URL is the problem. The accessed URL is as follows: {noformat} https://instance.atlassian.net/builds/browse/author/Display%20Name%20<user@domain.com> {noformat} We can see that the URL contains the '<' and '>' characters. Maybe these are badly interpreted by Bamboo. *Steps to Reproduce* # Have a plan connected to a repository in Bamboo # Commit to the repository with a user that doesn't exist in Bamboo (and not associated with any), the plan will run a build # This user will appear in may pages in Bamboo as the commit author (it will have a '<' and '>' in its name), you can find it in the build page under 'Commits' for example. Once found, click it *Expected Behavior* * Either some information about the user is shown or a message saying it doesn't exist in Bamboo *Actual Behavior* * An Internal Server Error Page is shown

    Atlassian JIRA | 1 year ago | Jaime Silveira [Atlassian]
    java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>
  2. 0

    In some pages, Bamboo shows the authors of commits, even if they're not local users. If their not associated with a user, they are shown like this: !branch_author.png|thumbnail! We can see if follows this patterns: Display name <user@domain.com> When clicking this user, we get this 'Internal Server Error Page': !error_page.png|thumbnail! The following stacktrace is shown: {noformat} java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com> at com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss(RequestCacheThreadLocal.java:157) at com.atlassian.bamboo.util.RequestCacheThreadLocal.putHttpRequest(RequestCacheThreadLocal.java:145) at com.atlassian.bamboo.util.RequestCacheThreadLocal.setRequestCache(RequestCacheThreadLocal.java:53) at com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) {noformat} Since it says it's a 'Dangerous string detected', it seems that the URL is the problem. The accessed URL is as follows: {noformat} https://instance.atlassian.net/builds/browse/author/Display%20Name%20<user@domain.com> {noformat} We can see that the URL contains the '<' and '>' characters. Maybe these are badly interpreted by Bamboo. *Steps to Reproduce* # Have a plan connected to a repository in Bamboo # Commit to the repository with a user that doesn't exist in Bamboo (and not associated with any), the plan will run a build # This user will appear in may pages in Bamboo as the commit author (it will have a '<' and '>' in its name), you can find it in the build page under 'Commits' for example. Once found, click it *Expected Behavior* * Either some information about the user is shown or a message saying it doesn't exist in Bamboo *Actual Behavior* * An Internal Server Error Page is shown

    Atlassian JIRA | 1 year ago | Jaime Silveira [Atlassian]
    java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>
  3. 0

    PartitionedFilter is not a PortableObject

    Oracle Community | 7 years ago | 704908
    java.lang.IllegalArgumentException: unknown user type: com.tangosol.util.filter.PartitionedFilter
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Performance of Coherence POF vs Java Seriailization..

    Oracle Community | 8 years ago | 692356
    java.lang.IllegalArgumentException: unknown user type: pof.POFSerializable
  6. 0

    Error while starting coherence server

    Oracle Community | 4 years ago | 878913
    java.io.IOException: unknown user type: com.tangosol.run.xml.SimpleElement

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.IllegalArgumentException

      Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>

      at com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss()
    2. com.atlassian.bamboo
      RequestCacheThreadLocalFilter.doFilter
      1. com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss(RequestCacheThreadLocal.java:157)
      2. com.atlassian.bamboo.util.RequestCacheThreadLocal.putHttpRequest(RequestCacheThreadLocal.java:145)
      3. com.atlassian.bamboo.util.RequestCacheThreadLocal.setRequestCache(RequestCacheThreadLocal.java:53)
      4. com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:31)
      4 frames
    3. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    4. com.atlassian.core
      HeaderSanitisingFilter.doFilter
      1. com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:32)
      1 frame
    5. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    6. com.atlassian.plugin
      DelegatingPluginFilter$1.doFilter
      1. com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
      2. com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70)
      2 frames