Closed Bug 170986 Opened 22 years ago Closed 22 years ago

General Summary reports don't work for me with taint checking

Categories

(Bugzilla :: Reporting/Charting, defect)

2.17
defect
Not set
normal

Tracking

()

RESOLVED FIXED
Bugzilla 2.18

People

(Reporter: thomas+mozilla, Assigned: gerv)

References

()

Details

Attachments

(1 file, 1 obsolete file)

When I try to run the new general summary reports code from bug 12282, I get taint checking errors: http://bugzilla.mycompany.com/query.cgi?format=report-table gives me: [Thu Sep 26 12:07:48 2002] query.cgi: Use of uninitialized value in concatenation (.) at /Library/Perl/darwin/Template/Provider.pm line 574. [Thu Sep 26 12:07:48 2002] query.cgi: compiled template : Insecure dependency in require while running with -T switch at /Library/Perl/darwin/Template/Provider.pm line 573. [Thu Sep 26 12:07:48 2002] query.cgi: [Thu Sep 26 12:07:49 2002] query.cgi: Use of uninitialized value in concatenation (.) at /Library/Perl/darwin/Template/Provider.pm line 574. [Thu Sep 26 12:07:49 2002] query.cgi: compiled template : Insecure dependency in require while running with -T switch at /Library/Perl/darwin/Template/Provider.pm line 573. [Thu Sep 26 12:07:49 2002] query.cgi: If I turn off taint checking (remove the -T), that page loads, but then when I generate a report, report.cgi says: Software error: Attempted to send tainted string 'SELECT map_products.name, map_assigned_to.login_name, COUNT(DISTINCT ugmap.group_id) AS cntuseringroups, COUNT(DISTINCT bgmap.group_id) AS cntbugingroups, ((COUNT(DISTINCT ccmap.who) AND cclist_accessible) OR ((bugs.reporter = 1) AND bugs.reporter_accessible) OR bugs.assigned_to = 1 ) AS canseeanyway FROM bugs, profiles AS map_assigned_to, products AS map_products LEFT JOIN bug_group_map AS bgmap ON bgmap.bug_id = bugs.bug_id LEFT JOIN user_group_map AS ugmap ON bgmap.group_id = ugmap.group_id AND ugmap.user_id = 1 AND ugmap.isbless = 0 LEFT JOIN cc AS ccmap ON ccmap.who = 1 AND ccmap.bug_id = bugs.bug_id WHERE bugs.assigned_to = map_assigned_to.userid AND bugs.product_id = map_products.id AND (bugs.bug_status = 'NEW' OR bugs.bug_status = 'ASSIGNED' OR bugs.bug_status = 'REOPENED') GROUP BY bugs.bug_id HAVING cntuseringroups = cntbugingroups OR canseeanyway' to the database at globals.pl line 220. For help, please send mail to the webmaster ([no address given]), giving this error message and the time and date of the error. Once I disable taint checking on both of the scripts, it works great. Here is my checksetup output for reference: Checking perl modules ... Checking for AppConfig (v1.52) ok: found v1.52 Checking for CGI::Carp (any) ok: found v1.23 Checking for Data::Dumper (any) ok: found v2.101 Checking for Date::Parse (any) ok: found v2.23 Checking for DBI (v1.13) ok: found v1.30 Checking for DBD::mysql (v1.2209) ok: found v2.1017 Checking for File::Spec (v0.82) ok: found v0.82 Checking for Template (v2.07) ok: found v2.08 Checking for Text::Wrap (v2001.0131) ok: found v2001.0929 The following Perl modules are optional: Checking for GD (v1.19) not found Checking for Chart::Base (v0.99) not found Checking for XML::Parser (any) not found If you you want to see graphical bug dependency charts, you may install the optional libgd and the Perl modules GD-1.19 and Chart::Base-0.99b, e.g. by running (as root) perl -MCPAN -e'install "LDS/GD-1.19.tar.gz"' perl -MCPAN -e'install "N/NI/NINJAZ/Chart-0.99b.tar.gz"' If you want to use the bug import/export feature to move bugs to or from other bugzilla installations, you will need to install the XML::Parser module by running (as root) perl -MCPAN -e'install "XML::Parser"' Checking user setup ... Precompiling templates ... Checking for MySQL Server (v3.23.6) ok: found v3.23.51 and perl -V output: Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration: Platform: osname=darwin, osvers=6.0, archname=darwin uname='darwin fisheye 6.0 darwin kernel version 5.2: mon jun 17 09:55:14 pdt 2002; root:xnu-201-14.rootsxnu-201-14.objrelease_ppc power macintosh powerpc ' config_args='-ds -e -Dprefix=/usr -Dccflags=-g -pipe -Dldflags=' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
bbaetz: is this GetFormat being broken? Gerv
The first part of it, probably, yes. Try trick_tainting the vars after you s// them, in getformat.
Attached patch Patch v.1 (obsolete) — Splinter Review
Uses m// instead of s/// in GetFormat and fixes Throw*Error to actually copy in the extra_vars (the cunning code we copied from a newsgroup doesn't seem to work). Gerv
Attached patch Patch v.2Splinter Review
Patch v.2 - different approach. Gerv
Attachment #100783 - Attachment is obsolete: true
Comment on attachment 100785 [details] [diff] [review] Patch v.2 Yeah, this works. This may be a TT2.07 vs 2.08 thing, I guess (for you not seeing this)
Attachment #100785 - Flags: review+
Fixed. Checking in globals.pl; /cvsroot/mozilla/webtools/bugzilla/globals.pl,v <-- globals.pl new revision: 1.205; previous revision: 1.204 done Checking in CGI.pl; /cvsroot/mozilla/webtools/bugzilla/CGI.pl,v <-- CGI.pl new revision: 1.178; previous revision: 1.177 done Gerv
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
OS: MacOS X → All
Hardware: Macintosh → All
Target Milestone: --- → Bugzilla 2.18
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: