Closed
Bug 1012672
Opened 11 years ago
Closed 10 years ago
Make sure symbol uploads do not allow qcom-private files
Categories
(Socorro :: Webapp, task)
Socorro
Webapp
Tracking
(Not tracked)
RESOLVED
FIXED
89
People
(Reporter: kairo, Assigned: peterbe)
References
Details
In bug 916940, we monitored post-facto monitoring for qcom-private symbols, with the new architecture we just should deny symbol packages that contain any of those and inform the uploader about that.
peterbe, I hope it's OK to assign this to you right away.
Assignee | ||
Comment 1•11 years ago
|
||
Ted,
See above. As you've been my guide and mentor on the symbols piece (me being just the web/api guy), can you help me with this bug. Does it mean I should read the contents of the zip and if it contains a certain filename I should reject the upload?
Flags: needinfo?(ted)
Comment 2•10 years ago
|
||
I'm going to punt this to bsmedberg, but I *believe* that's correct. It may be slightly more involved than that, bsmedberg should know.
Flags: needinfo?(ted) → needinfo?(benjamin)
Comment 3•10 years ago
|
||
If the symbol contents contain the string "qcom/proprietary" they it should be rejected.
Flags: needinfo?(benjamin)
Comment 4•10 years ago
|
||
This is in the symbol files themselves? That makes it slightly more involved, as I guessed. You need to scan the contents of every file within the zip file whose name ends with .sym and look for that string.
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to Ted Mielczarek [:ted.mielczarek] from comment #4)
> This is in the symbol files themselves? That makes it slightly more
> involved, as I guessed. You need to scan the contents of every file within
> the zip file whose name ends with .sym and look for that string.
Not a problem. I already scan the content as a pseudo test to see if it's a valid archive file.
Status: NEW → ASSIGNED
Assignee | ||
Comment 6•10 years ago
|
||
Comment 7•10 years ago
|
||
Commits pushed to master at https://github.com/mozilla/socorro
https://github.com/mozilla/socorro/commit/235d29acdb4eaa981af93dc996778a59c15bbb8e
fixes bug 1012672 - Make sure symbol uploads do not allow qcom-private files
https://github.com/mozilla/socorro/commit/c7d7346b16e2d07fad48ea22833d01876abbbc69
Merge pull request #2101 from peterbe/bug-1012672-make-sure-symbol-uploads-do-not-allow-qcom-private-files
fixes bug 1012672 - Make sure symbol uploads do not allow qcom-private files
Updated•10 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Target Milestone: --- → 89
You need to log in
before you can comment on or make changes to this bug.
Description
•