Replacing .md file with same filename but with .yml extension does not create yaml based advisory

RESOLVED FIXED

Status

RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: abillings, Assigned: pmac)

Tracking

Production

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

2 years ago
Created attachment 8803165 [details]
mfsa2016-87.yml

I have a mfsa-2016-87.md in bedrock as an advisory. This was processed and went live on the website. I later replaced it with mfsa-2016-87.yml, which I was told should replace the existing markdown advisory with the yaml one once it is processed. Instead, it just deleted mfsa-2016-87, removing it from the index, and giving me a 404 on the URL. 

https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/

Attached are the two files used.
(Reporter)

Comment 1

2 years ago
Created attachment 8803166 [details]
mfsa2016-87.md
The advisory looks live to me.
Here's what happened:

1) the library saw that a file with the same base name (minus extension) was both added and removed. It then removed the entry in the db, and also tried to load the new file. Because the YAML file contained an empty record for "description" the processor got None for that key, but expected a string. So it failed to import the new file, leaving nothing in the DB for that MFSA ID. Since the .md file has since been restored, I was able to manually reimport all of the advisories and it is now back.

I need to do the following to make sure this doesn't happen again:

1) Ensure that if a file changes extension that it is seen only as modified, not removed and added.

2) Ensure that a valid YAML key doesn't break things if the value is None.

3) Add a check for None values to the linter to try to keep the files clean.
Assignee: nobody → pmac
Status: NEW → ASSIGNED

Comment 4

2 years ago
Commits pushed to master at https://github.com/mozilla/bedrock

https://github.com/mozilla/bedrock/commit/dae549b82c2de5ebd460c07956e07e8f03460314
Fix bug 1311863: Do not delete updated MFSA files

This can occur when a file extension changes. The MFSA ID will be
seen as updated and deleted. We now filter IDs that are modified
from those we'll delete so that even if the import of the new
file fails, it won't delete the old one.

https://github.com/mozilla/bedrock/commit/3d2661a72738f5bd61feb71c1080cd4be9197967
Merge pull request #4428 from pmac/mfsa-ensure-updated-not-deleted-1311863

Fix bug 1311863: Do not delete updated MFSA files

Updated

2 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.