940022 - range_value on report list is not validated for sanity

Status: VERIFIED FIXED

(Socorro :: Webapp, task)

Description

[Peter Bengtsson [:peterbe]]

If the range_value is something enormous it will erroneously try to make a start_date based on it and that should be capped to 30 days anyways.

Comment 1

[Peter Bengtsson [:peterbe]]

Attachment: Github PR

Comment 2

[[github robot]]

Commit pushed to master at https://github.com/mozilla/socorro

https://github.com/mozilla/socorro/commit/b0303f0182680aefdfa5b19a5fe8b34e71b15214
fixes bug 940022 - range_value on report list is not validated for sanity, r=adrian

Comment 3

[Stephen Donner [:stephend] Not actively reading bugmail]

Is this [qa-] or [qa+], and if the latter, what are the steps?  Thanks!

Comment 4

[Peter Bengtsson [:peterbe]]

Steps to reproduce: Go to 
https://crash-stats.allizom.org/report/list?product=Firefox&query_search=signature&query_type=contains&reason_type=contains&date=2013-11-17&range_value=80000&range_unit=days&hang_type=any&process_type=any&signature=nsTHashtable%3CgfxFont%3A%3ACacheHashEntry%3E%3A%3As_ClearEntry(PLDHashTable*%2C+PLDHashEntryHdr*)

(note the `range_value=8000` in the URL)

Loading that should kick you out with a 400 error. 

(note2: I constructed the URL above from the sentry report but swapped it to the stage domain. If it doesn't work, find another such URL and make the range_value massive)

Comment 5

[Stephen Donner [:stephend] Not actively reading bugmail]

Verified FIXED; thanks:

https://crash-stats.allizom.org/report/list?product=Firefox&query_search=signature&query_type=contains&reason_type=contains&date=2013-11-17&range_value=80000&range_unit=days&hang_type=any&process_type=any&signature=nsTHashtable%3CgfxFont%3A%3ACacheHashEntry%3E%3A%3As_ClearEntry%28PLDHashTable*%2C+PLDHashEntryHdr

Comment 6

[Stephen Donner [:stephend] Not actively reading bugmail]

Attachment: Post-fix screenshot, on staging