Closed
Bug 1034535
Opened 10 years ago
Closed 10 years ago
Strip some elements in the shipt-it form
Categories
(Release Engineering :: Release Automation: Other, defect, P3)
Release Engineering
Release Automation: Other
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Sylvestre, Assigned: Sylvestre)
References
Details
(Whiteboard: [shipit])
Attachments
(1 file)
1.03 KB,
patch
|
bhearsum
:
review+
|
Details | Diff | Splinter Review |
During yesterday build (30b7), I added a trailing whitespace (bad copy and paste). This broke the build. The attached patch strip some inputs of the form to make sure that won't happen again.
Attachment #8450878 -
Flags: review?(rail)
Attachment #8450878 -
Flags: review?(nthomas)
Attachment #8450878 -
Flags: review?(bhearsum)
Comment 2•10 years ago
|
||
Comment on attachment 8450878 [details] [diff] [review] 0001-Strip-some-elements-of-the-form.patch I'll defer to the ship-it gurus.
Attachment #8450878 -
Flags: review?(nthomas)
Comment 3•10 years ago
|
||
Comment on attachment 8450878 [details] [diff] [review] 0001-Strip-some-elements-of-the-form.patch Review of attachment 8450878 [details] [diff] [review]: ----------------------------------------------------------------- Leaving this for bhearsum. BTW, can we use form validation instead of stripping characters (what may not help in some cases). I remember once we submitted a revision with some Unicode characters at the end.
Attachment #8450878 -
Flags: review?(rail)
Comment 4•10 years ago
|
||
Comment on attachment 8450878 [details] [diff] [review] 0001-Strip-some-elements-of-the-form.patch Review of attachment 8450878 [details] [diff] [review]: ----------------------------------------------------------------- (In reply to Rail Aliiev [:rail] from comment #3) > Comment on attachment 8450878 [details] [diff] [review] > 0001-Strip-some-elements-of-the-form.patch > > Review of attachment 8450878 [details] [diff] [review]: > ----------------------------------------------------------------- > > Leaving this for bhearsum. > > BTW, can we use form validation instead of stripping characters (what may > not help in some cases). I remember once we submitted a revision with some > Unicode characters at the end. Yeah, I remember that. That was specifically with the revision field IIRC. I think it would be good to have better validation, but I don't think we should block this on that. ::: kickoff/model.py @@ +44,3 @@ > self.buildNumber = buildNumber > + self.branch = branch.strip() > + self.mozillaRevision = mozillaRevision.strip() Is there a reason you're only stripping these 3 fields? It seems like any <input type="text"> could be vulnerable to the same issues. Probably the l10n changesests field as well...
Updated•10 years ago
|
Flags: needinfo?(sledru)
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to Ben Hearsum [:bhearsum] from comment #4) > Comment on attachment 8450878 [details] [diff] [review] > 0001-Strip-some-elements-of-the-form.patch > > Review of attachment 8450878 [details] [diff] [review]: > ----------------------------------------------------------------- > > (In reply to Rail Aliiev [:rail] from comment #3) > > Comment on attachment 8450878 [details] [diff] [review] > > 0001-Strip-some-elements-of-the-form.patch > > > > Review of attachment 8450878 [details] [diff] [review]: > > ----------------------------------------------------------------- > > > > Leaving this for bhearsum. > > > > BTW, can we use form validation instead of stripping characters (what may > > not help in some cases). I remember once we submitted a revision with some > > Unicode characters at the end. > > Yeah, I remember that. That was specifically with the revision field IIRC. I > think it would be good to have better validation, but I don't think we > should block this on that. A regexp checking the size + hexadecimal ? > ::: kickoff/model.py > @@ +44,3 @@ > > self.buildNumber = buildNumber > > + self.branch = branch.strip() > > + self.mozillaRevision = mozillaRevision.strip() > > Is there a reason you're only stripping these 3 fields? It seems like any > <input type="text"> could be vulnerable to the same issues. Probably the > l10n changesests field as well... I already fixed the l10n changeset ( cf cset c98e6e75b7ae78338a4fcb18dcb88c074e605077 ) Other are integer (for example, the build number), so, automagic casting I guess
Flags: needinfo?(sledru)
Comment 6•10 years ago
|
||
(In reply to Sylvestre Ledru [:sylvestre] from comment #5) > (In reply to Ben Hearsum [:bhearsum] from comment #4) > > Comment on attachment 8450878 [details] [diff] [review] > > 0001-Strip-some-elements-of-the-form.patch > > > > Review of attachment 8450878 [details] [diff] [review]: > > ----------------------------------------------------------------- > > > > (In reply to Rail Aliiev [:rail] from comment #3) > > > Comment on attachment 8450878 [details] [diff] [review] > > > 0001-Strip-some-elements-of-the-form.patch > > > > > > Review of attachment 8450878 [details] [diff] [review]: > > > ----------------------------------------------------------------- > > > > > > Leaving this for bhearsum. > > > > > > BTW, can we use form validation instead of stripping characters (what may > > > not help in some cases). I remember once we submitted a revision with some > > > Unicode characters at the end. > > > > Yeah, I remember that. That was specifically with the revision field IIRC. I > > think it would be good to have better validation, but I don't think we > > should block this on that. > A regexp checking the size + hexadecimal ? Probably...but that might be best off in another bug.
Updated•10 years ago
|
Attachment #8450878 -
Flags: review?(bhearsum) → review+
Assignee | ||
Comment 8•10 years ago
|
||
Do I have the permission ? :)
Flags: needinfo?(sledru) → needinfo?(bhearsum)
Assignee | ||
Comment 9•10 years ago
|
||
Merged. Sorry. I forgot to add Bug: and r=. I was testing the push and I cannot force the update http://git.mozilla.org/?p=build/release-kickoff.git;a=commit;h=001a10a4926c58ee1664c1438229b5fd8119a59c
Assignee: nobody → sledru
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(bhearsum)
Resolution: --- → FIXED
Comment 10•10 years ago
|
||
This still needs to be deployed before it takes effect. I'll do that sometime in the near future, don't have time to right now.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 11•10 years ago
|
||
This was pushed to production today.
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•