Closed
Bug 1334133
Opened 8 years ago
Closed 8 years ago
SystemAddons and GMP blobs don't validate vendors/addons correctly
Categories
(Release Engineering Graveyard :: Applications: Balrog (backend), defect, P2)
Release Engineering Graveyard
Applications: Balrog (backend)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: tzimmermann, Assigned: anjul.ten)
References
Details
(Whiteboard: [lang=python][ready][good first bug])
Attachments
(3 files)
STR:
I uploaded an incorrect JSON file for a release to Balrog.
Expected result:
Balrog rejects the file.
Actual result:
Balrog accepted the file and created a release without complaining. This lead to an exception when querying for updates.
Error log:
balrogpub_1 | {"EnvVersion": "2.0", "Type": "auslib.web.base", "Severity": 3, "Fields": {"message": "Exception on /update/3/SensorWeb/1/default/cc3200/en_US/release/default/default/default/update.xml [GET]", "traceback": "Uncaught exception:\n File \"/usr/local/lib/python2.7/site-packages/flask/app.py\", line 1817, in wsgi_app\n response = self.full_dispatch_request()\n File \"/usr/local/lib/python2.7/site-packages/flask/app.py\", line 1477, in full_dispatch_request\n rv = self.handle_user_exception(e)\n File \"/usr/local/lib/python2.7/site-packages/flask/app.py\", line 1381, in handle_user_exception\n reraise(exc_type, exc_value, tb)\n File \"/usr/local/lib/python2.7/site-packages/flask/app.py\", line 1475, in full_dispatch_request\n rv = self.dispatch_request()\n File \"/usr/local/lib/python2.7/site-packages/flask/app.py\", line 1461, in dispatch_request\n return self.view_functions[rule.endpoint](**req.view_args)\n File \"/usr/local/lib/python2.7/site-packages/flask/views.py\", line 84, in view\n return self.dispatch_request(*args, **kwargs)\n File \"/usr/local/lib/python2.7/site-packages/flask/views.py\", line 149, in dispatch_request\n return meth(*args, **kwargs)\n File \"./auslib/web/views/client.py\", line 114, in get\n app.config[\"SPECIAL_FORCE_HOSTS\"]))\n File \"./auslib/blobs/sensorweb.py\", line 63, in getInnerXML\n platformData[\"filesize\"], vendorInfo[\"version\"]))\n<type 'exceptions.KeyError'>\nKeyError('version',)\n", "requestid": 140377448634320, "error": "KeyError('version',)"}, "Timestamp": 1485443280593899008, "Logger": "Balrog", "Hostname": "dafccf2cbcd5", "Pid": 44}
balrogpub_1 | 2017-01-26 15:08:00,593 - ERROR - PID: 44 - Request: 140377448634320 - auslib.web.base.log_exception#1423: Exception on /update/3/SensorWeb/1/default/cc3200/en_US/release/default/default/default/update.xml [GET]
balrogpub_1 | Traceback (most recent call last):
balrogpub_1 | File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1817, in wsgi_app
balrogpub_1 | response = self.full_dispatch_request()
balrogpub_1 | File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1477, in full_dispatch_request
balrogpub_1 | rv = self.handle_user_exception(e)
balrogpub_1 | File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1381, in handle_user_exception
balrogpub_1 | reraise(exc_type, exc_value, tb)
balrogpub_1 | File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
balrogpub_1 | rv = self.dispatch_request()
balrogpub_1 | File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
balrogpub_1 | return self.view_functions[rule.endpoint](**req.view_args)
balrogpub_1 | File "/usr/local/lib/python2.7/site-packages/flask/views.py", line 84, in view
balrogpub_1 | return self.dispatch_request(*args, **kwargs)
balrogpub_1 | File "/usr/local/lib/python2.7/site-packages/flask/views.py", line 149, in dispatch_request
balrogpub_1 | return meth(*args, **kwargs)
balrogpub_1 | File "./auslib/web/views/client.py", line 114, in get
balrogpub_1 | app.config["SPECIAL_FORCE_HOSTS"]))
balrogpub_1 | File "./auslib/blobs/sensorweb.py", line 63, in getInnerXML
balrogpub_1 | platformData["filesize"], vendorInfo["version"]))
balrogpub_1 | KeyError: 'version'
balrogpub_1 | [pid: 44|app: 0|req: 1/1] 172.17.0.1 () {40 vars in 914 bytes} [Thu Jan 26 15:08:00 2017] GET /update/3/SensorWeb/1/default/cc3200/en_US/release/default/default/default/update.xml => generated 291 bytes in 40 msecs (HTTP/1.1 500) 2 headers in 84 bytes (1 switches on core 0)
balrogagent_1 | 2017-01-26 15:08:14,015 - DEBUG - root.run_agent#22: Looking for active scheduled changes for endpoint rules...
|
Reporter | |
Comment 1•8 years ago
|
||
Balrog release is 2.18
|
|
Reporter | |
Comment 2•8 years ago
|
||
|
|
Reporter | |
Comment 3•8 years ago
|
||
|
|
Reporter | |
Comment 4•8 years ago
|
||
Notice the different position of 'version'.
|
||
Updated•8 years ago
|
Attachment #8830737 -
Attachment mime type: application/x-yaml → text/plain
|
|
||
Updated•8 years ago
|
Attachment #8830738 -
Attachment mime type: application/json → text/plain
|
|
||
Updated•8 years ago
|
Attachment #8830739 -
Attachment mime type: application/json → text/plain
|
|
||
Comment 5•8 years ago
|
||
I'm assuming you've subclassed the base Blob class - can you put that code somewhere?
Based on the jsonschema you provided, I'm very surprised that the admin UI would let you create a blob without version being present at the vendor level of the json.
Flags: needinfo?(tzimmermann)
|
|
Reporter | |
Comment 6•8 years ago
|
||
I pushed it to https://github.com/tdz/balrog/tree/bug-1334133
Flags: needinfo?(tzimmermann)
|
|
||
Comment 7•8 years ago
|
||
Ah, I see the problem. GMP (and your blob) define a property with a specific name (vendorName, in the GMP case) at https://github.com/mozilla/balrog/blob/18d881ae973d366b990c56fbecd000892556b901/auslib/blobs/schemas/gmp.yml#L32. This means that the schema is looking for that precise key in the data structure, and not validating the subtree for other keys. What we need here instead is to use patternProperties, like we do in the apprelease blobs: https://github.com/mozilla/balrog/blob/18d881ae973d366b990c56fbecd000892556b901/auslib/blobs/schemas/apprelease-v7.yml#L73
SystemAddons is similarly broken: https://github.com/mozilla/balrog/blob/18d881ae973d366b990c56fbecd000892556b901/auslib/blobs/schemas/systemaddons.yml#L63
Thanks for reporting this!
Priority: -- → P2
Summary: Balrog accepts incorrect JSON files for releases → SystemAddons and GMP blobs don't validate vendors/addons correctly
Whiteboard: [lang=python][ready]
|
|
||
Updated•8 years ago
|
Whiteboard: [lang=python][ready] → [lang=python][ready][good first bug]
|
Assignee | |
Comment 8•8 years ago
|
||
I'm trying to fix this.
|
|
Assignee | |
Comment 9•8 years ago
|
||
I've created a pull request on github. Please verify my changes.
|
|
||
Updated•8 years ago
|
Assignee: nobody → anjul.ten
|
||
Comment 10•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/balrog
https://github.com/mozilla/balrog/commit/8f8057168b0ab13177468cac93b85af4cfcb2472
Bug 1334133. Possible fix for correct validation of vendors and addons in the GMP and SystemAddons blobs. r=bhearsum,aksareen (#257)
|
|
||
Comment 11•8 years ago
|
||
In production as of yesterday, thank you Anjul!
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
Product: Release Engineering → Release Engineering Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•