Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64439

"positive-number" field validator accepts non valid java numbers

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:
    • Released As:
      Jenkins 2.274 - released 5 Jan 2021 and 2.277.1

      Description

      if you have a field that is using `<f:number clazz="positive-number" min="1" step="1" />` you can submit a garbage number as far as java is concerned without any formvalidation warning.

      this is because javascript validation treats `e` as the matmatical constant e (2.7182......)

      so you can enter `e` `3e` or lots of this.

      however Jenkins will then parse this usign standard java terms and well - `e` is not valid here, so you get a number format exception.

      For example create a job and select "Discard old builds" and enter "e" as the "days to keep builds.
      observe there are no formvalidation errors and save the form
      reconfigure the job and not that the value is missing.

        Attachments

          Issue Links

            Activity

            Hide
            benebsiny Benny Cheng added a comment -

            I've create a pull request here https://github.com/jenkinsci/jenkins/pull/5145 have a look at it please

            Show
            benebsiny Benny Cheng added a comment - I've create a pull request here https://github.com/jenkinsci/jenkins/pull/5145  have a look at it please
            Hide
            teilo James Nord added a comment -

            FYI not a regression.

            Show
            teilo James Nord added a comment - FYI not a regression.
            Hide
            fqueiruga Félix Queiruga Balado added a comment -

            I see now

            Show
            fqueiruga Félix Queiruga Balado added a comment - I see now
            Hide
            teilo James Nord added a comment - - edited

            it is not valid in java in Integer.parseInt

            > Parses the string argument as a signed decimal integer. The characters in the string must all be decimal digits, except that the first character may be an ASCII minus sign '-' ('\u002D') to indicate a negative value or an ASCII plus sign '+' ('\u002B') to indicate a positive value. The resulting integer value is returned, exactly as if the argument and the radix 10 were given as arguments to the parseInt(java.lang.String, int) method.

            Show
            teilo James Nord added a comment - - edited it is not valid in java in Integer.parseInt > Parses the string argument as a signed decimal integer. The characters in the string must all be decimal digits, except that the first character may be an ASCII minus sign '-' ('\u002D') to indicate a negative value or an ASCII plus sign '+' ('\u002B') to indicate a positive value. The resulting integer value is returned, exactly as if the argument and the radix 10 were given as arguments to the parseInt(java.lang.String, int) method.
            Hide
            fqueiruga Félix Queiruga Balado added a comment -

            Shouldn't e be validated as scientific notation? That's what the actual behaviour of those numbers in JS and Java are. AFAIK 1.2e1 is valid in both languages.

            Show
            fqueiruga Félix Queiruga Balado added a comment - Shouldn't  e  be validated as scientific notation? That's what the actual behaviour of those numbers in JS and Java are. AFAIK  1.2e1 is valid in both languages.

              People

              Assignee:
              benebsiny Benny Cheng
              Reporter:
              teilo James Nord
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: