Closed Bug 1124716 Opened 9 years ago Closed 9 years ago

regression caused by bug 1090275 to whitelist webservice methods causes test failures with t/012throwables.t

Categories

(Bugzilla :: WebService, defect)

defect
Not set
major

Tracking

()

RESOLVED FIXED
Bugzilla 4.0

People

(Reporter: dkl, Assigned: dkl)

References

Details

(Keywords: regression)

Attachments

(1 file, 2 obsolete files)

the patch committed (and released) from bug 1090275 caused a regression. The change doesn't pass tests, and burned all the trees:

#   Failed test 'Bugzilla/WebService/Server/JSONRPC.pm has 1 error(s):
# user error tag 'unknown_method' is used at line(s) (410) but not defined for language(s): any'
#   at t/012throwables.t line 202.
# Looks like you failed 1 test of 217.

Moral of the story: Never release before Travis has finished all runs after patches are committed :( Just wish Travis was faster.

patch coming

dkl
Keywords: relnoteregression
Summary: WebServices modules should maintain a whitelist of methods that are allowed instead of allowing access to any function imported into its namespace → regression caused by bug 1090275 to whitelist webservice methods causes test failures with t/012throwables.t
Attached patch Patch for all versions v.1 (obsolete) — Splinter Review
Attachment #8553162 - Flags: review?(dylan)
Comment on attachment 8553162 [details] [diff] [review]
Patch for all versions v.1

Review of attachment 8553162 [details] [diff] [review]:
-----------------------------------------------------------------

I think this is the wrong patch?

r-
Attachment #8553162 - Flags: review?(dylan) → review-
Attached patch Patch for all versions v.1 (obsolete) — Splinter Review
Correct patch. I blame the medication :)
Attachment #8553162 - Attachment is obsolete: true
Attachment #8553168 - Flags: review?(dylan)
Comment on attachment 8553168 [details] [diff] [review]
Patch for all versions v.1

Review of attachment 8553168 [details] [diff] [review]:
-----------------------------------------------------------------

For some reason, in JSONRPC the method name method name... err, that is, bz_method_name is prefixed with an _. This will still result in a 500 error.

::: Bugzilla/WebService/Server/JSONRPC.pm
@@ +390,4 @@
>  
>      # Only allowed methods to be used from our whitelist
>      if (none { $_ eq $method} $pkg->PUBLIC_METHODS) {
> +        ThrowCodeError('unknown_method', { method => $self->bz_method_name });

note: wrong method name, needs to be _bz_method_name().
Attachment #8553168 - Flags: review?(dylan) → review-
Attached patch 1124716_2.patchSplinter Review
Ugh. darn medication again.
Attachment #8553168 - Attachment is obsolete: true
Attachment #8553176 - Flags: review?(dylan)
Comment on attachment 8553176 [details] [diff] [review]
1124716_2.patch

Review of attachment 8553176 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan

a proper error message for JSONRPC!
Attachment #8553176 - Flags: review?(dylan) → review+
Flags: blocking5.0?
Flags: blocking4.4.8?
Flags: blocking4.2.13?
Flags: blocking4.0.17?
Flags: approval?
Flags: approval5.0?
Flags: approval4.4?
Flags: approval4.2?
Flags: approval4.0?
there's no need to request blocking & approval at the same time for the same branch.

a=glob, please release this asap.
Flags: blocking5.0?
Flags: blocking4.4.8?
Flags: blocking4.4.8+
Flags: blocking4.2.13?
Flags: blocking4.0.17?
Flags: approval?
Flags: approval5.0?
Flags: approval5.0+
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.0?
Flags: approval4.0+
Flags: approval+
Flags: blocking4.4.8+ → approval4.2?
Flags: approval4.2? → approval4.2+
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   bb16842..b8575ad  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   ce8c9ca..cce0385  5.0 -> 5.0

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   25c0962..6d5669f  4.4 -> 4.4

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   7c58944..ecf2254  4.2 -> 4.2

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   c4dbb67..2ba0823  4.0 -> 4.0
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: