search

Infocaster / UrlTracker

An Umbraco package that tracks 404 not found results and helps you redirect visitors to the right page
https://infocaster.net/wat-we-doen/umbraco-plugins/301-url-tracker
MIT License
17 stars 12 forks source link

RegEx parse error crash Umbraco #164

Closed joenjia-ccs closed 9 months ago

joenjia-ccs commented 9 months ago

enter an invalid Regex causing an unhandled error thus crash Umbraco website _Using version: 10.2.1 _Umbraco version: 10.6.1

To Reproduce Steps to reproduce the behavior:

  1. Go to umbraco back office '/Umbraco'
  2. Goto Content Url Tracker back office UI
  3. Add a new redirect record
  4. Enter Regex as '?utm_source=dmo&utm_medium=email&utm_campaign=dmobasic&utm_content=header'
  5. Enter target Url to any thing like 'https://www.google.com'
  6. Check 'Forward query string'
  7. Try to access the Umbraco website, it is crashed, got a 500 error response
  8. Check the error log got an Unhandled error message: {"@t":"2023-11-23T22:30:13.2950412Z","@mt":"Connection ID \"{ConnectionId}\", Request ID \"{TraceIdentifier}\": An unhandled exception was thrown by the application.","@l":"Error","@x":"System.Text.RegularExpressions.RegexParseException: Invalid pattern '?utm_source=dmo&utm_medium=email&utm_campaign=dmobasic&utm_content=header' at offset 1. Quantifier {x,y} following nothing. ......

Expected behavior website run even there is a Regex error on Url Tracker

Desktop (please complete the following information):

Strong suggest encapsulating any error in the extension not pop up to Umbraco.

D-Inventor commented 9 months ago

Hi @joenjia-ccs ! Thank you very much for reaching out. Your report is very clear, I'm going to investigate the issue and will give you an update when I have some results!

joris-peters commented 9 months ago

Hi @joenjia-ccs ! Version 10.3.2-beta0001 has been released with a fix for this issue, could you try it out and see if it works?

joenjia-ccs commented 9 months ago

tested this version on my machine, 1) Regex validation will block any Regex start with "?" 2) even in database the sourceRegex field has this invalid value, the Umbraco still running well, but seems no any error log created even I enabled the logging on UrlTracker

joris-peters commented 9 months ago

Hi @joenjia-ccs Thanks for trying version 10.3.2-beta0001! We are happy to hear that the websites is running well despite the redirect with the invalid regex pattern.

We will consider adding logging. We have initially omitted logging because logging regex pattern errors in the request pipeline would potentially create thousands of log messages.

Regex patterns cannot start with the "?" character so I feel it is appropriate that such patterns trigger a validation error. We are happy to hear your thoughts about this.