Closed Bug 808583 Opened 13 years ago Closed 13 years ago

Autolog does not sanitize hg pushlog data

Categories

(Testing Graveyard :: Autolog, defect)

x86
All
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bc, Assigned: bc)

Details

Attachments

(1 file)

Autolog does not sanitize hg pushlog data commit http://hg.mozilla.org/mozilla-central/rev/aea5ae9d8762 contains a message Bug 709954 - Fix assertion failure "!cx->isExceptionPending()" with invalid regexp in <input pattern>; r=bz The <input pattern> is displayed in the autolog display as an input box. A minimal change is: --- a/autolog_server.py +++ b/autolog_server.py @@ -588,17 +588,17 @@ class AutologServer(object): pushes[testgroup['revision']] = { 'id': '%s-%s' % (testgroup['tree'], testgroup['revision']), 'tree': testgroup['tree'], 'date': dateutil.parser.parse(changeset['committer']['date']).strftime("%s"), 'pusher': changeset['committer']['name'], 'patches': [{ 'rev': testgroup['revision'], 'author': changeset['committer']['name'], - 'desc': changeset['message'], + 'desc': changeset['message'].replace('<', '&lt;'), 'tags': { 'length': 0, 'prevObject': { 'length': 0 } } }] } @@ -649,17 +649,17 @@ class AutologServer(object): # used by TBPL. # XXX correctly populate tags # XXX include files in push info? toprev = '0' for commit in push_data[testgroup['tree']][pushid]['changesets'][::-1]: pushes[testgroup['revision']]['patches'].append({ 'rev': commit['node'][0:12], 'author': commit['author'], - 'desc': commit['desc'], + 'desc': commit['desc'].replace('<', '&lt;'), 'tags': { 'length': 0, 'prevObject': { 'length': 0 } } }) toprev = pushes[testgroup['revision']]['patches'][0]['rev'] to be safe though, we might want to sanitize the other properties of the patches dict.
Attached patch patchSplinter Review
Attachment #681859 - Flags: review?(jgriffin)
Comment on attachment 681859 [details] [diff] [review] patch Review of attachment 681859 [details] [diff] [review]: ----------------------------------------------------------------- Cool, thanks Bob.
Attachment #681859 - Flags: review?(jgriffin) → review+
Status: NEW → RESOLVED
Closed: 13 years ago
QA Contact: bclary
Resolution: --- → FIXED
Assignee: nobody → bclary
QA Contact: bclary
Product: Testing → Testing Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: