Closed Bug 275529 Opened 20 years ago Closed 19 years ago

Extension Manager does not reject invalid GUIDs

Categories

(Toolkit :: Add-ons Manager, defect)

Product:
Toolkit
Component:
Add-ons Manager
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8final

People

(Reporter: jens.b, Assigned: jens.b)

References

Details

Attachments

(2 obsolete files) 

Currently, the Extension Manager does enforce valid version numbering for
packages, but not valid GUIDs. There are packages out there (also listed on
update.mozilla.org) that use stuff like {noia_yop-76b1-4bcf-aff9-90e1a5_win32},
which clearly violates the specification. This should be fixed soon, before more
authors rely on EM's misbehaviour.

Steps to reproduce:
1. Install the "Open link in..." extension from
https://addons.update.mozilla.org/extensions/moreinfo.php?application=firefox&id=379&vid=1211

Actual results:
Firefox installs the package without complaining.

Expected results:
Firefox should reject the package, because it uses the invalid GUID
"{openlink-0fa3-4886-8adf-24a3e6301ec5}".

Patch coming up.
Proposing patch. Should the malformed GUID should be shown to the user? With
this patch, the text wrapping in the error message looks a bit ugly.
Assignee: bugs → jens.b
Status: NEW → ASSIGNED
Attachment #169284 - Flags: review?(bsmedberg)
I seriously hope the Firefox team wontfixes this bug.
Blocks: 271270
IMO, the specification intends <em:id> to be globally unique value, a GUID
simply furthers that cause because of it's low chances of two authors using the
same one, (w/o copy/paste errors anyway). I don't see a valid reason why the
unique identifier must be a valid GUID, when Firefox doesn't depend on it being
valid, it depends on it being unique. Its used for the directory name under
extensions/ in user's profiles and in communications with the extension/theme
update service. The root issue here is obviously that some authors find the GUID
difficult to remember and find that adding human-readble aids to their items ID
assists them in development. If that causes no problems, then I don't see why
the ID can't be flexable, as it is now.

Though more importantly, the extensions/themes that users have installed..
ignoring authors and developers for a moment, are going to have their upgrade
path broken as far as E/T Update is concerned if the new items suddenly are
forced into having new GUIDs. With regard to UMO, the DB changes will cause the
old items to be not-found and therefore the users will still have versions that
will be defunct with Firefox 1.1, if they upgrade. and smooth migration will
fail to find an updated version, even if it exists. If authors update their
custom update.rdfs, the same should occur there as well. Is this change worth
breaking the update paths for the installed-user base for those items? 

And... Before you say the authors were at fault for using invalid GUIDs and
so-be-it. Consider the user who has no clue what a GUID is at all, who expects
things to work as-advertised. Without breakage caused by internal struggles over
the meaning of a specification within the organization that created the browser
they use.
I think some numbers would help here - whether we're talking about 10 or 100
affected packages could make a huge difference. Would you mind doing a statistic
about valid/invalid GUIDs in update.mozilla.org's database? (The appropriate
regex is at bug 271270 comment 4, but I'd be happy to help, provided you put up
a DB export containing all package IDs somewhere).
Valid to invalid is approximates 20:1, last time I poked this issue.
IMHO, notify and continue (or confirm) install is
the way to go, instead of screening out all
malformed ids.

(In reply to comment #1)
> Created an attachment (id=169284) [edit]

As long as ids are case sensitive,
it's not "clear-cut specification", anyway.
We can install
{DF8E5247-8E0A-4de6-B393-0735A39DFD80} and
{df8e5247-8e0a-4de6-b393-0735a39dfd80} at the same time.
GUIDs/UUIDs are, by definition, not case-sensitive. Whether the EM handles them
in a case-insensitive way is another matter, though... I'd love to try
installing two extensions with IDs differing only by case on a computer with a
case-insensitive file system. ;)
Attachment #169284 - Attachment is obsolete: true
Attachment #169766 - Flags: review?(bsmedberg)
Attachment #169284 - Flags: review?(bsmedberg)
Target Milestone: --- → Firefox1.1
Could this bug be extended to also reject extensions which GUID is the same as
GUID which belong to the one of mozilla applications (extra: nvu, netscape,
'new' mozilla suite...).
The warning could be sth like:
"%S could not install "%S" because its ID ("%S") is used by "%S". Please contact
the author about this problem."
I saw at least one case when author used FF GUID for his extension ID (either by
a mistake or lack of knowledge) and imagine what would happen if user would
install 2 such 'buggy' extensions...
Or I should file another bug ?
Flags: blocking-aviary1.1?
A GUID database for all extensions and themes would be an amazing. I has 
happened that someone used the same GUID as another extension and a searchable 
database would be a good idea. I could set up this on my server with a simple 
form to add the GUID, the name of the extension/theme, the type (theme for 
Firefox/Thunderbird...), The author and a link to a place where I could 
download it. Then there could be a regex search field so you could check if 
the GUID is in use.
It's a GUID... if you're using a guid-generating tool, the chances of a conflict
are in the 1/many billion range. But I'm leaning towards allowing these IDs to
be pretty strings (and even suggesting that authors use contractid-like strings):

@myextension.mozdev.org/1

I still need to work out some details with Ben about directory paths in the EM.
(In reply to comment #11)
> I'm leaning towards allowing these IDs to be pretty strings

Benjamin: I'm looking forward to having a final answer on the GUIDs-or-not
question soon, as it is a much discussed topic. Oh, and if you and Ben go for
pretty strings, I'd propose to have them not fully free-form, but with some
rules (e.g. startswith/contains @, "domain" with at least one dot, valid tld, at
least one slash etc.) This would prevent people from just using something simple
as "bettertabs".

(In reply to comment #10)
> A GUID database for all extensions and themes (...)

Marius, this bug is about rejecting *invalid* (meaning malformed) GUIDs, not
*conflicting* GUIDs. As Benjamin wrote, proper usage of GUID-generating tools
results in a near-zero possibility of collisions.

(In reply to comment #9)
> Could this bug be extended to also reject extensions which GUID is the same as
> GUID which belong to the one of mozilla applications

Przemyslaw, this should be a separate bug. However, I guess it's very likely to
be WONTFIXed, as it either requires a hard-coded list of the GUIDs of other
products (which will never include the whole set), or an on-line service, which
is overkill. (OTOH, you can just try filing it, I'm not the one who decides)
Please keep in mind that there already is a database of all of these GUIDs;
they're in UMO.

If you change the size of the GUID to allow it to be longer, it will impact UMO.
 The nice thing about GUIDs is that they follow a specific format, are of
constant length, and are easily generated.

If the concern is the name of the folder on disk, then maybe that shouldn't be
based on the GUID.  Perhaps some name space can be used and all extensions from
one author could go into that same namespaced folder.
Alan, the concern is not the filename on disk, it's the fact that GUIDs are not
readable. If UMO has fixed-length fields, I will need to talk to them about
making it a varchar or somesuch instead. UMO currently holds invalid GUIDs, so
I'm pretty  sure that they aren't doing rigorous guid checking.
You're referring to bug 271270 and bug 273550
(In reply to comment #14)
> If UMO has fixed-length fields, I will need to talk to them about
> making it a varchar or somesuch instead. UMO currently holds invalid GUIDs, so
> I'm pretty  sure that they aren't doing rigorous guid checking.

The GUID field is a varchar(50), so no problems here.

Note that the request to change UMO so it enforces valid GUIDs - bug 271270 - is
blocked by this bug.
This bug was fixed by a checkin for bug 286034 .

Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050426
Firefox/1.0+
(In reply to comment #17)
> This bug was fixed by a checkin for bug 286034 .

Can you point to the section in LXR that does this?


Would be nice: 
{forecast-7E9B-4d49-8831-A227C80A7AD3}
{prefbutt-E113-4f5f-B052-EDB33FE943FF}
and everyone would be happy (there's not much choice between A and F to make the
extension more recognizable)!

The two "examples" in comment 20 are very bad and should not be allowed: if you
have something GUID-like, it should be a GUID, generated properly by a guidgen
tool, not a hand-edited text string that is likely not to be unique.

My current thinking (after 1.1a) is to allow two forms of "id":

{GUID}                       (a real GUID)
@myextension.mozdev.org;1    (something vaguely contractid-like)

The second form would need to avoid characters that shouldn't be in filesystems,
so it will allow only the following characters:

a-z 0-9 - . @ , ; _

So I think a decent regex would be:
m/^(\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\}|\@[a-z0-9\.\-\@;_]+)$/i

Does this make sense?
Another idea for an ID would be this fix form:

makelink@rory.parle
tabx@stephen.clavering
smoothwheel@avi.halachmi
externalapp@torisugari

I think this kind of human-readable ID is more user friendly than digits.
Just an idea. Please ignore this comment if not usable.




The patch I posted in bug 293461 "fixes" this so that email-like IDs can be used
in addition to {GUID}s
Attachment #169766 - Flags: review?(benjamin)
(In reply to comment #23)
> The patch I posted in bug 293461 "fixes" this so that email-like IDs can be used
> in addition to {GUID}s

could you please give an example of an email-like IDs
Attachment #169766 - Attachment is obsolete: true
Fixed by bsmedberg in bug 293461, resolving.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Depends on: 293461
Resolution: --- → FIXED
Sorry, I wasn't aware of the new possibility (see comment #23 ) for a long time.
There are problems with extensions with human readable names:
All renamed extensions show up, also the chrome shows up, but most of them don't
(fully) work.

I tried renaming Search Button 0.4.8:
http://www.extensionsmirror.nl/index.php?showtopic=95  
Make Link 2.0.1: http://www.extensionsmirror.nl/index.php?showtopic=64  and
Paste Happy 0.6.1: http://www.extensionsmirror.nl/index.php?showtopic=531  

Only Paste Happy seems to work. Make Link works partially (only "Configure...")
and the Search Button does show up, but doesn't work.
I see the same when installing an xpi via my desktop with a changed id: it
installs but doesn't work entirely.

I appreciate this new feature very much. Thanks for that. Makes it much easier
for me to edit extensions. 
Only Makelink and Searchbutton seem to have problems, the rest was due to a
spoiled registration.
Flags: blocking-aviary1.1?
Blocks: 307517
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: