Closed Bug 1124437 Opened 5 years ago Closed 5 years ago

Backport upstream bug 1090275 to bmo/4.2 to whitelist webservice api methods

Categories

(bugzilla.mozilla.org :: API, defect)

Production
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: dkl, Assigned: glob)

References

Details

Attachments

(1 file, 1 obsolete file)

SSIA
Attached patch 1124437_1.patch (obsolete) — Splinter Review
taking because we need this asap, and dkl is likely to be busy with another upstream release.
Assignee: dkl → glob
Attachment #8552920 - Flags: review?(dylan)
Comment on attachment 8552920 [details] [diff] [review]
1124437_1.patch

Review of attachment 8552920 [details] [diff] [review]:
-----------------------------------------------------------------

r-

Tests pass and disallowed methods are forbidden from running. However, what I missed before is that there is no method bz_method_name() -- it is spelled _bz_method_name()
so this fails for the entirely wrong reason. And then there's ThrowCoreError instead of ThrowCodeError.

::: Bugzilla/WebService/Server/JSONRPC.pm
@@ +417,5 @@
>      }
>  
> +    # Only allowed methods to be used from our whitelist
> +    if (none { $_ eq $method} $pkg->PUBLIC_METHODS) {
> +        ThrowCoreError('unknown_method', { method => $self->bz_method_name });

Interesting typo here.
Attachment #8552920 - Flags: review?(dylan) → review-
Sorry bout this. I had actually done the work last night but I had to stop before I had finished testing everything. Thanks for taking it up.
Attached patch 1124437_2.patchSplinter Review
oops :)
Attachment #8552920 - Attachment is obsolete: true
Attachment #8553559 - Flags: review?(dylan)
Blocks: 1125208
Comment on attachment 8553559 [details] [diff] [review]
1124437_2.patch

Review of attachment 8553559 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan

with the note that I haven't exhaustively called every method. I did spot check and compare the public methods to the apparent public methods of the classes (especially in the case of extensions)
Attachment #8553559 - Flags: review?(dylan) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   cd92366..a748745  master -> master
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.