regression caused by bug 1090275 to whitelist webservice methods causes test failures with t/012throwables.t

RESOLVED FIXED in Bugzilla 4.0

Status

()

Bugzilla
WebService
--
major
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: dkl, Assigned: dkl)

Tracking

({regression})

Bugzilla 4.0
regression
Bug Flags:
approval +
approval5.0 +
approval4.4 +
approval4.2 +
approval4.0 +

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

2 years ago
the patch committed (and released) from bug 1090275 caused a regression. The change doesn't pass tests, and burned all the trees:

#   Failed test 'Bugzilla/WebService/Server/JSONRPC.pm has 1 error(s):
# user error tag 'unknown_method' is used at line(s) (410) but not defined for language(s): any'
#   at t/012throwables.t line 202.
# Looks like you failed 1 test of 217.

Moral of the story: Never release before Travis has finished all runs after patches are committed :( Just wish Travis was faster.

patch coming

dkl
(Assignee)

Updated

2 years ago
Keywords: relnote → regression
Summary: WebServices modules should maintain a whitelist of methods that are allowed instead of allowing access to any function imported into its namespace → regression caused by bug 1090275 to whitelist webservice methods causes test failures with t/012throwables.t
(Assignee)

Comment 1

2 years ago
Created attachment 8553162 [details] [diff] [review]
Patch for all versions v.1
Attachment #8553162 - Flags: review?(dylan)
Comment on attachment 8553162 [details] [diff] [review]
Patch for all versions v.1

Review of attachment 8553162 [details] [diff] [review]:
-----------------------------------------------------------------

I think this is the wrong patch?

r-
Attachment #8553162 - Flags: review?(dylan) → review-
(Assignee)

Comment 3

2 years ago
Created attachment 8553168 [details] [diff] [review]
Patch for all versions v.1

Correct patch. I blame the medication :)
Attachment #8553162 - Attachment is obsolete: true
Attachment #8553168 - Flags: review?(dylan)
Comment on attachment 8553168 [details] [diff] [review]
Patch for all versions v.1

Review of attachment 8553168 [details] [diff] [review]:
-----------------------------------------------------------------

For some reason, in JSONRPC the method name method name... err, that is, bz_method_name is prefixed with an _. This will still result in a 500 error.

::: Bugzilla/WebService/Server/JSONRPC.pm
@@ +390,4 @@
>  
>      # Only allowed methods to be used from our whitelist
>      if (none { $_ eq $method} $pkg->PUBLIC_METHODS) {
> +        ThrowCodeError('unknown_method', { method => $self->bz_method_name });

note: wrong method name, needs to be _bz_method_name().
Attachment #8553168 - Flags: review?(dylan) → review-
(Assignee)

Comment 5

2 years ago
Created attachment 8553176 [details] [diff] [review]
1124716_2.patch

Ugh. darn medication again.
Attachment #8553168 - Attachment is obsolete: true
Attachment #8553176 - Flags: review?(dylan)
Comment on attachment 8553176 [details] [diff] [review]
1124716_2.patch

Review of attachment 8553176 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan

a proper error message for JSONRPC!
Attachment #8553176 - Flags: review?(dylan) → review+
(Assignee)

Updated

2 years ago
Flags: blocking5.0?
Flags: blocking4.4.8?
Flags: blocking4.2.13?
Flags: blocking4.0.17?
Flags: approval?
Flags: approval5.0?
Flags: approval4.4?
Flags: approval4.2?
Flags: approval4.0?
there's no need to request blocking & approval at the same time for the same branch.

a=glob, please release this asap.
Flags: blocking5.0?
Flags: blocking4.4.8?
Flags: blocking4.4.8+
Flags: blocking4.2.13?
Flags: blocking4.0.17?
Flags: approval?
Flags: approval5.0?
Flags: approval5.0+
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.0?
Flags: approval4.0+
Flags: approval+

Updated

2 years ago
Flags: blocking4.4.8+ → approval4.2?
(Assignee)

Updated

2 years ago
Flags: approval4.2? → approval4.2+
(Assignee)

Comment 8

2 years ago
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   bb16842..b8575ad  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   ce8c9ca..cce0385  5.0 -> 5.0

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   25c0962..6d5669f  4.4 -> 4.4

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   7c58944..ecf2254  4.2 -> 4.2

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   c4dbb67..2ba0823  4.0 -> 4.0
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.