search

elastic / elasticsearch

Free and Open Source, Distributed, RESTful Search Engine
https://www.elastic.co/products/elasticsearch
Other
69.91k stars 24.73k forks source link

_search payload resulting in JsonParseException #114142

Open tteofili opened 2 weeks ago

tteofili commented 2 weeks ago

The following error has been observed as a result of a _search call, resulting in HTTP 500 response.

com.fasterxml.jackson.core.JsonParseException: Unrecognized character escape '*' (code 42)
 at [Source: (org.elasticsearch.common.bytes.BytesReferenceStreamInput); line: 1, column: 40]
    at com.fasterxml.jackson.core@2.17.2/com.fasterxml.jackson.core.JsonParser._constructReadException(JsonParser.java:2648)
    at com.fasterxml.jackson.core@2.17.2/com.fasterxml.jackson.core.base.ParserBase._handleUnrecognizedCharacterEscape(ParserBase.java:1376)
    at com.fasterxml.jackson.core@2.17.2/com.fasterxml.jackson.core.json.UTF8StreamJsonParser._decodeEscaped(UTF8StreamJsonParser.java:3377)
    at com.fasterxml.jackson.core@2.17.2/com.fasterxml.jackson.core.json.UTF8StreamJsonParser._finishString2(UTF8StreamJsonParser.java:2565)
    at com.fasterxml.jackson.core@2.17.2/com.fasterxml.jackson.core.json.UTF8StreamJsonParser._finishAndReturnString(UTF8StreamJsonParser.java:2520)
    at com.fasterxml.jackson.core@2.17.2/com.fasterxml.jackson.core.json.UTF8StreamJsonParser.getText(UTF8StreamJsonParser.java:294)
    at org.elasticsearch.xcontent.impl@9.0.0/org.elasticsearch.xcontent.provider.json.JsonXContentParser.text(JsonXContentParser.java:111)
    at org.elasticsearch.xcontent@9.0.0/org.elasticsearch.xcontent.FilterXContentParser.text(FilterXContentParser.java:95)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.index.query.QueryStringQueryBuilder.fromXContent(QueryStringQueryBuilder.java:691)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.search.SearchModule.lambda$registerQuery$24(SearchModule.java:1287)
    at org.elasticsearch.xcontent@9.0.0/org.elasticsearch.xcontent.NamedXContentRegistry.parseNamedObject(NamedXContentRegistry.java:149)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.index.query.AbstractQueryBuilder$1.namedObject(AbstractQueryBuilder.java:403)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.index.query.AbstractQueryBuilder.parseInnerQueryBuilder(AbstractQueryBuilder.java:437)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.index.query.AbstractQueryBuilder.parseTopLevelQuery(AbstractQueryBuilder.java:411)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.search.builder.SearchSourceBuilder.parseXContent(SearchSourceBuilder.java:1418)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.search.builder.SearchSourceBuilder.parseXContent(SearchSourceBuilder.java:1299)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.action.search.RestSearchAction.parseSearchRequest(RestSearchAction.java:182)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.action.search.RestSearchAction.lambda$prepareRequest$1(RestSearchAction.java:121)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.RestRequest.withContentOrSourceParamParserOrNull(RestRequest.java:579)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.action.search.RestSearchAction.prepareRequest(RestSearchAction.java:120)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:104)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.RestController$1.onResponse(RestController.java:501)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.RestController$1.onResponse(RestController.java:495)
    at org.elasticsearch.security@9.0.0/org.elasticsearch.xpack.security.rest.SecurityRestFilter.doHandleRequest(SecurityRestFilter.java:89)
    at org.elasticsearch.security@9.0.0/org.elasticsearch.xpack.security.rest.SecurityRestFilter.lambda$intercept$0(SecurityRestFilter.java:81)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.action.ActionListener$2.onResponse(ActionListener.java:257)
    at org.elasticsearch.security@9.0.0/org.elasticsearch.xpack.security.authc.support.SecondaryAuthenticator.lambda$authenticateAndAttachToContext$3(SecondaryAuthenticator.java:99)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.action.ActionListenerImplementations$ResponseWrappingActionListener.onResponse(ActionListenerImplementations.java:247)
    at org.elasticsearch.security@9.0.0/org.elasticsearch.xpack.security.authc.support.SecondaryAuthenticator.authenticate(SecondaryAuthenticator.java:109)
    at org.elasticsearch.security@9.0.0/org.elasticsearch.xpack.security.authc.support.SecondaryAuthenticator.authenticateAndAttachToContext(SecondaryAuthenticator.java:90)
    at org.elasticsearch.security@9.0.0/org.elasticsearch.xpack.security.rest.SecurityRestFilter.intercept(SecurityRestFilter.java:75)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:495)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:659)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:340)
    at org.elasticsearch.serverless.rest@9.0.0/co.elastic.elasticsearch.serverless.rest.ServerlessRestController.dispatchRequest(ServerlessRestController.java:133)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:488)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:584)
    at org.elasticsearch.server@9.0.0/org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:461)
    at org.elasticsearch.transport.netty4@9.0.0/org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.handlePipelinedRequest(Netty4HttpPipeliningHandler.java:166)
    at org.elasticsearch.transport.netty4@9.0.0/org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:145)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
    at org.elasticsearch.transport.netty4@9.0.0/org.elasticsearch.http.netty4.Netty4HttpAggregator.channelRead(Netty4HttpAggregator.java:52)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at org.elasticsearch.transport.netty4@9.0.0/org.elasticsearch.http.netty4.Netty4HttpHeaderValidator.channelRead(Netty4HttpHeaderValidator.java:74)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.handler@4.1.109.Final/io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1475)
    at io.netty.handler@4.1.109.Final/io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338)
    at io.netty.handler@4.1.109.Final/io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
    at io.netty.codec@4.1.109.Final/io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.transport@4.1.109.Final/io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
    at io.netty.transport@4.1.109.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.transport@4.1.109.Final/io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
    at io.netty.transport@4.1.109.Final/io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
    at io.netty.transport@4.1.109.Final/io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
    at io.netty.transport@4.1.109.Final/io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689)
    at io.netty.transport@4.1.109.Final/io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652)
    at io.netty.transport@4.1.109.Final/io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
    at io.netty.common@4.1.109.Final/io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
    at io.netty.common@4.1.109.Final/io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at java.base/java.lang.Thread.run(Thread.java:1570)

this happened in context similar to #113867 .

elasticsearchmachine commented 2 weeks ago

Pinging @elastic/es-search (Team:Search)

benwtrent commented 2 weeks ago

Indeed, querystringquery parser should return a bad-request not a 500.

henriquepaes1 commented 2 weeks ago

Hey @benwtrent! May I work on this issue?

benwtrent commented 2 weeks ago

@henriquepaes1 sure, you can take a pass at it :). It might be good to look at AbstractQueryBuilder.parseInnerQueryBuilder to capture all weird parsing failures from all queries as I am sure this isn't the only one.

henriquepaes1 commented 2 weeks ago

Okay! Do you have some examples of queries that would break the logic?

benwtrent commented 2 weeks ago

Nope :)