Closed
Bug 1012672
Opened 10 years ago
Closed 10 years ago
Make sure symbol uploads do not allow qcom-private files
Categories
(Socorro :: Webapp, task)
Socorro
Webapp
Tracking
(Not tracked)
RESOLVED
FIXED
89
People
(Reporter: kairo, Assigned: peterbe)
References
Details
In bug 916940, we monitored post-facto monitoring for qcom-private symbols, with the new architecture we just should deny symbol packages that contain any of those and inform the uploader about that. peterbe, I hope it's OK to assign this to you right away.
|
Assignee | |
Comment 1•10 years ago
|
||
Ted, See above. As you've been my guide and mentor on the symbols piece (me being just the web/api guy), can you help me with this bug. Does it mean I should read the contents of the zip and if it contains a certain filename I should reject the upload?
Flags: needinfo?(ted)
|
||
Comment 2•10 years ago
|
||
I'm going to punt this to bsmedberg, but I *believe* that's correct. It may be slightly more involved than that, bsmedberg should know.
Flags: needinfo?(ted) → needinfo?(benjamin)
|
||
Comment 3•10 years ago
|
||
If the symbol contents contain the string "qcom/proprietary" they it should be rejected.
Flags: needinfo?(benjamin)
|
|
||
Comment 4•10 years ago
|
||
This is in the symbol files themselves? That makes it slightly more involved, as I guessed. You need to scan the contents of every file within the zip file whose name ends with .sym and look for that string.
|
|
Assignee | |
Comment 5•10 years ago
|
||
(In reply to Ted Mielczarek [:ted.mielczarek] from comment #4) > This is in the symbol files themselves? That makes it slightly more > involved, as I guessed. You need to scan the contents of every file within > the zip file whose name ends with .sym and look for that string. Not a problem. I already scan the content as a pseudo test to see if it's a valid archive file.
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 6•10 years ago
|
||
PR https://github.com/mozilla/socorro/pull/2101
|
||
Comment 7•10 years ago
|
||
Commits pushed to master at https://github.com/mozilla/socorro https://github.com/mozilla/socorro/commit/235d29acdb4eaa981af93dc996778a59c15bbb8e fixes bug 1012672 - Make sure symbol uploads do not allow qcom-private files https://github.com/mozilla/socorro/commit/c7d7346b16e2d07fad48ea22833d01876abbbc69 Merge pull request #2101 from peterbe/bug-1012672-make-sure-symbol-uploads-do-not-allow-qcom-private-files fixes bug 1012672 - Make sure symbol uploads do not allow qcom-private files
|
|
||
Updated•10 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
Target Milestone: --- → 89
You need to log in
before you can comment on or make changes to this bug.
Description
•