java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>

Atlassian JIRA | Jaime Silveira [Atlassian] | 2 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    In some pages, Bamboo shows the authors of commits, even if they're not local users. If their not associated with a user, they are shown like this: !branch_author.png|thumbnail! We can see if follows this patterns: Display name <user@domain.com> When clicking this user, we get this 'Internal Server Error Page': !error_page.png|thumbnail! The following stacktrace is shown: {noformat} java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com> at com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss(RequestCacheThreadLocal.java:157) at com.atlassian.bamboo.util.RequestCacheThreadLocal.putHttpRequest(RequestCacheThreadLocal.java:145) at com.atlassian.bamboo.util.RequestCacheThreadLocal.setRequestCache(RequestCacheThreadLocal.java:53) at com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) {noformat} Since it says it's a 'Dangerous string detected', it seems that the URL is the problem. The accessed URL is as follows: {noformat} https://instance.atlassian.net/builds/browse/author/Display%20Name%20<user@domain.com> {noformat} We can see that the URL contains the '<' and '>' characters. Maybe these are badly interpreted by Bamboo. *Steps to Reproduce* # Have a plan connected to a repository in Bamboo # Commit to the repository with a user that doesn't exist in Bamboo (and not associated with any), the plan will run a build # This user will appear in may pages in Bamboo as the commit author (it will have a '<' and '>' in its name), you can find it in the build page under 'Commits' for example. Once found, click it *Expected Behavior* * Either some information about the user is shown or a message saying it doesn't exist in Bamboo *Actual Behavior* * An Internal Server Error Page is shown

    Atlassian JIRA | 2 years ago | Jaime Silveira [Atlassian]
    java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>
  2. 0

    In some pages, Bamboo shows the authors of commits, even if they're not local users. If their not associated with a user, they are shown like this: !branch_author.png|thumbnail! We can see if follows this patterns: Display name <user@domain.com> When clicking this user, we get this 'Internal Server Error Page': !error_page.png|thumbnail! The following stacktrace is shown: {noformat} java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com> at com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss(RequestCacheThreadLocal.java:157) at com.atlassian.bamboo.util.RequestCacheThreadLocal.putHttpRequest(RequestCacheThreadLocal.java:145) at com.atlassian.bamboo.util.RequestCacheThreadLocal.setRequestCache(RequestCacheThreadLocal.java:53) at com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70) {noformat} Since it says it's a 'Dangerous string detected', it seems that the URL is the problem. The accessed URL is as follows: {noformat} https://instance.atlassian.net/builds/browse/author/Display%20Name%20<user@domain.com> {noformat} We can see that the URL contains the '<' and '>' characters. Maybe these are badly interpreted by Bamboo. *Steps to Reproduce* # Have a plan connected to a repository in Bamboo # Commit to the repository with a user that doesn't exist in Bamboo (and not associated with any), the plan will run a build # This user will appear in may pages in Bamboo as the commit author (it will have a '<' and '>' in its name), you can find it in the build page under 'Commits' for example. Once found, click it *Expected Behavior* * Either some information about the user is shown or a message saying it doesn't exist in Bamboo *Actual Behavior* * An Internal Server Error Page is shown

    Atlassian JIRA | 2 years ago | Jaime Silveira [Atlassian]
    java.lang.IllegalArgumentException: Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>

    Root Cause Analysis

    1. java.lang.IllegalArgumentException

      Dangerous string detected: /builds//authors/viewAuthor.action?authorName=unknown <user@domain.com>

      at com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss()
    2. com.atlassian.bamboo
      RequestCacheThreadLocalFilter.doFilter
      1. com.atlassian.bamboo.util.RequestCacheThreadLocal.assertNoXss(RequestCacheThreadLocal.java:157)
      2. com.atlassian.bamboo.util.RequestCacheThreadLocal.putHttpRequest(RequestCacheThreadLocal.java:145)
      3. com.atlassian.bamboo.util.RequestCacheThreadLocal.setRequestCache(RequestCacheThreadLocal.java:53)
      4. com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:31)
      4 frames
    3. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    4. com.atlassian.core
      HeaderSanitisingFilter.doFilter
      1. com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:32)
      1 frame
    5. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    6. com.atlassian.plugin
      DelegatingPluginFilter$1.doFilter
      1. com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
      2. com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:70)
      2 frames