vladbailescu
commented
8 months ago @NickSifniotis , what do you mean by WCM Foundation search facility and how is this related to the Core WCM Components?
Closed NickSifniotis closed 8 months ago
vladbailescu
commented
8 months ago @NickSifniotis , what do you mean by WCM Foundation search facility and how is this related to the Core WCM Components?
NickSifniotis
commented
8 months ago Well this is embarrassing. The class I'm referring to is com.day.cq.wcm.foundation.Search, which I see is not found in this repo at all.
vladbailescu
commented
8 months ago @NickSifniotis , I think that should be fixed in 6.4 (ref: CQ-4209280). Since 6.3 is no longer supported you will need to mitigate the issue by removing everything from queries that only contain special chars before calling com.day.cq.wcm.foundation.Search#setQuery(String)
Bug Report
Current Behavior We have a page component which uses the WCM Foundation search facility to search through sites for text / keyword matches.
Malformed user input to this component was found to cause the AEM instance to consume 100% CPU utilisation. Our prod instance was at 100% CPU utilisation for a week, before a forced restart terminated the runaway threads.
I repro'd the bug in our UAT environment. Passed the same user input through the component, and observed the CPU cycling spike instantly.
The following malformed search queries were tested and found to cause this behaviour:
There may be others. I didn't bother searching for more malformed strings once the cause was found.
Note that the characters ',' and '.' work ok when they form part of a larger text string. It's only when they are passed as a single character query to the search that this problem appears.
Expected behavior/code Not CPU saturation requiring a hard reset.
Environment
Possible Solution
Additional context / Screenshots Am acutely aware that AEM 6.3 is no longer supported.