Search: Validate script query is run with a single script (#29304)

rjernst · rjernst · commit 0c97d1bcbda6 · 2018-03-29T22:11:30.000-07:00
The parsing code for script query currently silently skips by any tokens
it does not know about within its parsing loop. The only token it does
not catch is an array, which means pasing multiple scripts in via an
array will cause the last script to be parsed and one, silently dropping
the others. This commit adds validation that arrays are not seen while
parsing.
diff --git a/server/src/main/java/org/elasticsearch/index/query/ScriptQueryBuilder.java b/server/src/main/java/org/elasticsearch/index/query/ScriptQueryBuilder.java
@@ -113,6 +113,12 @@ public static ScriptQueryBuilder fromXContent(XContentParser parser) throws IOEx
                 } else {
                     throw new ParsingException(parser.getTokenLocation(), "[script] query does not support [" + currentFieldName + "]");
                 }
+            } else {
+                if (token != XContentParser.Token.START_ARRAY) {
+                    throw new AssertionError("Impossible token received: " + token.name());
+                }
+                throw new ParsingException(parser.getTokenLocation(),
+                    "[script] query does not support an array of scripts. Use a bool query with a clause per script instead.");
             }
         }
 
diff --git a/server/src/test/java/org/elasticsearch/index/query/ScriptQueryBuilderTests.java b/server/src/test/java/org/elasticsearch/index/query/ScriptQueryBuilderTests.java
@@ -20,7 +20,7 @@
 package org.elasticsearch.index.query;
 
 import org.apache.lucene.search.Query;
-import org.elasticsearch.index.query.ScriptQueryBuilder.ScriptQuery;
+import org.elasticsearch.common.ParsingException;
 import org.elasticsearch.script.MockScriptEngine;
 import org.elasticsearch.script.Script;
 import org.elasticsearch.script.ScriptType;
@@ -32,6 +32,7 @@
 import java.util.Map;
 import java.util.Set;
 
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.instanceOf;
 
 public class ScriptQueryBuilderTests extends AbstractQueryTestCase<ScriptQueryBuilder> {
@@ -89,6 +90,25 @@ public void testFromJson() throws IOException {
         assertEquals(json, "5", parsed.script().getIdOrCode());
     }
 
+    public void testArrayOfScriptsException() {
+        String json =
+            "{\n" +
+                "  \"script\" : {\n" +
+                "    \"script\" : [ {\n" +
+                "      \"source\" : \"5\",\n" +
+                "      \"lang\" : \"mockscript\"\n" +
+                "    },\n" +
+                "    {\n" +
+                "      \"source\" : \"6\",\n" +
+                "      \"lang\" : \"mockscript\"\n" +
+                "    }\n ]" +
+                "  }\n" +
+                "}";
+
+        ParsingException e = expectThrows(ParsingException.class, () -> parseQuery(json));
+        assertThat(e.getMessage(), containsString("does not support an array of scripts"));
+    }
+
     @Override
     protected Set<String> getObjectsHoldingArbitraryContent() {
         //script_score.script.params can contain arbitrary parameters. no error is expected when

Original file line number	Diff line number	Diff line change
`@@ -113,6 +113,12 @@ public static ScriptQueryBuilder fromXContent(XContentParser parser) throws IOEx`
`113`	`113`	`} else {`
`114`	`114`	`throw new ParsingException(parser.getTokenLocation(), "[script] query does not support [" + currentFieldName + "]");`
`115`	`115`	`}`
	`116`	`+ } else {`
	`117`	`+ if (token != XContentParser.Token.START_ARRAY) {`
	`118`	`+ throw new AssertionError("Impossible token received: " + token.name());`
	`119`	`+ }`
	`120`	`+ throw new ParsingException(parser.getTokenLocation(),`
	`121`	`+ "[script] query does not support an array of scripts. Use a bool query with a clause per script instead.");`
`116`	`122`	`}`
`117`	`123`	`}`
`118`	`124`