Closed Bug 170986 Opened 21 years ago Closed 21 years ago

General Summary reports don't work for me with taint checking

Categories

(Bugzilla :: Reporting/Charting, defect)

Product:
Bugzilla
Component:
Reporting/Charting
Version:
2.17
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: thomas+mozilla, Assigned: gerv)

References

(
URL
)

Details

Attachments

(1 file, 1 obsolete file)

Patch v.2
1.60 KB, patch
bbaetz
: review+
bbaetz
: review+
Details | Diff | Splinter Review 
When I try to run the new general summary reports code from bug 12282, I get
taint checking errors:

http://bugzilla.mycompany.com/query.cgi?format=report-table

gives me:

[Thu Sep 26 12:07:48 2002] query.cgi: Use of uninitialized value in
concatenation (.) at /Library/Perl/darwin/Template/Provider.pm line 574.
[Thu Sep 26 12:07:48 2002] query.cgi: compiled template : Insecure dependency in
require while running with -T switch at
/Library/Perl/darwin/Template/Provider.pm line 573.
[Thu Sep 26 12:07:48 2002] query.cgi:
[Thu Sep 26 12:07:49 2002] query.cgi: Use of uninitialized value in
concatenation (.) at /Library/Perl/darwin/Template/Provider.pm line 574.
[Thu Sep 26 12:07:49 2002] query.cgi: compiled template : Insecure dependency in
require while running with -T switch at
/Library/Perl/darwin/Template/Provider.pm line 573.
[Thu Sep 26 12:07:49 2002] query.cgi:

If I turn off taint checking (remove the -T), that page loads, but then when I
generate a report, report.cgi says:

Software error:

Attempted to send tainted string 'SELECT  map_products.name,
map_assigned_to.login_name, COUNT(DISTINCT ugmap.group_id) AS cntuseringroups, 
COUNT(DISTINCT bgmap.group_id) AS cntbugingroups,  ((COUNT(DISTINCT ccmap.who)
AND cclist_accessible)   OR ((bugs.reporter = 1) AND bugs.reporter_accessible) 
 OR bugs.assigned_to = 1 ) AS canseeanyway  FROM bugs, profiles AS
map_assigned_to, products AS map_products LEFT JOIN bug_group_map AS bgmap  ON
bgmap.bug_id = bugs.bug_id  LEFT JOIN user_group_map AS ugmap  ON bgmap.group_id
= ugmap.group_id  AND ugmap.user_id = 1  AND ugmap.isbless = 0 LEFT JOIN cc AS
ccmap  ON ccmap.who = 1 AND ccmap.bug_id = bugs.bug_id  WHERE bugs.assigned_to =
map_assigned_to.userid AND bugs.product_id = map_products.id AND
(bugs.bug_status = 'NEW' OR bugs.bug_status = 'ASSIGNED' OR bugs.bug_status =
'REOPENED') GROUP BY bugs.bug_id  HAVING cntuseringroups = cntbugingroups OR
canseeanyway' to the database at globals.pl line 220.

For help, please send mail to the webmaster ([no address given]), giving this
error message and the time and date of the error. 

Once I disable taint checking on both of the scripts, it works great. Here is my
 checksetup output for reference:

Checking perl modules ...
Checking for       AppConfig (v1.52)   ok: found v1.52
Checking for       CGI::Carp (any)     ok: found v1.23
Checking for    Data::Dumper (any)     ok: found v2.101
Checking for     Date::Parse (any)     ok: found v2.23
Checking for             DBI (v1.13)   ok: found v1.30
Checking for      DBD::mysql (v1.2209) ok: found v2.1017
Checking for      File::Spec (v0.82)   ok: found v0.82
Checking for        Template (v2.07)   ok: found v2.08
Checking for      Text::Wrap (v2001.0131) ok: found v2001.0929

The following Perl modules are optional:
Checking for              GD (v1.19)    not found
Checking for     Chart::Base (v0.99)    not found
Checking for     XML::Parser (any)      not found

If you you want to see graphical bug dependency charts, you may install
the optional libgd and the Perl modules GD-1.19 and Chart::Base-0.99b, e.g. by
running (as root)

   perl -MCPAN -e'install "LDS/GD-1.19.tar.gz"'
   perl -MCPAN -e'install "N/NI/NINJAZ/Chart-0.99b.tar.gz"'

If you want to use the bug import/export feature to move bugs to or from
other bugzilla installations, you will need to install the XML::Parser module by
running (as root)

   perl -MCPAN -e'install "XML::Parser"'

Checking user setup ...
Precompiling templates ...
Checking for    MySQL Server (v3.23.6) ok: found v3.23.51


and perl -V output:

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
  Platform:
    osname=darwin, osvers=6.0, archname=darwin
    uname='darwin fisheye 6.0 darwin kernel version 5.2: mon jun 17 09:55:14 pdt
2002; root:xnu-201-14.rootsxnu-201-14.objrelease_ppc power macintosh powerpc '
    config_args='-ds -e -Dprefix=/usr -Dccflags=-g  -pipe  -Dldflags='
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=undef d_sfio=undef uselargefiles=define 
    use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
bbaetz: is this GetFormat being broken?

Gerv
The first part of it, probably, yes.

Try trick_tainting the vars after you s// them, in getformat.
Attached patch Patch v.1 (obsolete) — Splinter Review 
Uses m// instead of s/// in GetFormat and fixes Throw*Error to actually copy in
the extra_vars (the cunning code we copied from a newsgroup doesn't seem to
work).

Gerv
Attached patch Patch v.2Splinter Review 
Patch v.2 - different approach.

Gerv
Attachment #100783 - Attachment is obsolete: true
Comment on attachment 100785 [details] [diff] [review]
Patch v.2

Yeah, this works. This may be a TT2.07 vs 2.08 thing, I guess (for you not
seeing this)
Attachment #100785 - Flags: review+
Fixed.

Checking in globals.pl;
/cvsroot/mozilla/webtools/bugzilla/globals.pl,v  <--  globals.pl
new revision: 1.205; previous revision: 1.204
done
Checking in CGI.pl;
/cvsroot/mozilla/webtools/bugzilla/CGI.pl,v  <--  CGI.pl
new revision: 1.178; previous revision: 1.177
done

Gerv
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
OS: MacOS X → All
Hardware: Macintosh → All
Target Milestone: --- → Bugzilla 2.18
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.