[Buildbot] #2589: Waterfall help content spoofing

Buildbot trac trac at buildbot.net
Thu Oct 2 21:52:28 UTC 2014


#2589: Waterfall help content spoofing
-------------------+--------------------
Reporter:  wms     |       Owner:
    Type:  defect  |      Status:  new
Priority:  major   |   Milestone:  0.8.x
 Version:  0.8.8   |  Resolution:
Keywords:          |
-------------------+--------------------

Comment (by wms):

 Here's a patch against 0.8.9 for both the waterfall help and several uses
 of int() around the numbuilds param. I feel like there's probably a better
 fix by wrapping all uses of request.args.get() in a function that does
 some type checking and sanitizing, but this fixes the things mentioned
 here.

 {{{
 diff -ru buildbot.orig/status/web/builder.py
 buildbot/status/web/builder.py
 --- buildbot.orig/status/web/builder.py 2014-10-02 14:28:53.000000000
 -0700
 +++ buildbot/status/web/builder.py      2014-10-02 14:42:08.000000000
 -0700
 @@ -362,7 +362,10 @@
                  'properties': properties,
              })

 -        numbuilds = cxt['numbuilds'] = int(req.args.get('numbuilds',
 [self.numbuilds])[0])
 +        try:
 +            numbuilds = cxt['numbuilds'] = int(req.args.get('numbuilds',
 [self.numbuilds])[0])
 +        except:
 +            numbuilds = cxt['numbuilds'] = 10
          maxsearch = int(req.args.get('maxsearch', [200])[0])
          recent = cxt['recent'] = []
          for build in b.generateFinishedBuilds(
 diff -ru buildbot.orig/status/web/olpb.py buildbot/status/web/olpb.py
 --- buildbot.orig/status/web/olpb.py    2014-10-02 14:28:53.000000000
 -0700
 +++ buildbot/status/web/olpb.py 2014-10-02 14:42:26.000000000 -0700
 @@ -55,7 +55,10 @@

      def content(self, req, cxt):
          status = self.getStatus(req)
 -        numbuilds = int(req.args.get("numbuilds", [self.numbuilds])[0])
 +        try:
 +            numbuilds = int(req.args.get("numbuilds",
 [self.numbuilds])[0])
 +        except:
 +            numbuilds = 10
          builders = req.args.get("builder", [])
          branches = [b for b in req.args.get("branch", []) if b]

 @@ -104,7 +107,10 @@
          self.pageTitle = "Recent Builds of %s" % self.builder_name

      def content(self, req, cxt):
 -        numbuilds = int(req.args.get("numbuilds", [self.numbuilds])[0])
 +        try:
 +            numbuilds = int(req.args.get("numbuilds",
 [self.numbuilds])[0])
 +        except:
 +            numbuilds = 10
          branches = [b for b in req.args.get("branch", []) if b]

          # walk backwards through all builds of a single builder
 diff -ru buildbot.orig/status/web/status_json.py
 buildbot/status/web/status_json.py
 --- buildbot.orig/status/web/status_json.py     2014-10-02
 14:28:53.000000000 -0700
 +++ buildbot/status/web/status_json.py  2014-10-02 14:43:17.000000000
 -0700
 @@ -650,7 +650,10 @@
              builds = []
              builder_status = self.status.getBuilder(builderName)
              cache_size = builder_status.master.config.caches['Builds']
 -            numbuilds = int(request.args.get('numbuilds', [cache_size -
 1])[0])
 +            try:
 +                numbuilds = int(request.args.get('numbuilds', [cache_size
 - 1])[0])
 +            except:
 +                numbuilds = 10
              for i in range(1, numbuilds):
                  build_status = builder_status.getBuild(-i)
                  if not build_status or not build_status.isFinished():
 diff -ru buildbot.orig/status/web/waterfall.py
 buildbot/status/web/waterfall.py
 --- buildbot.orig/status/web/waterfall.py       2014-10-02
 14:28:53.000000000 -0700
 +++ buildbot/status/web/waterfall.py    2014-10-02 14:45:55.000000000
 -0700
 @@ -333,6 +333,8 @@
          current_reload_time = request.args.get("reload", ["none"])
          if current_reload_time:
              current_reload_time = current_reload_time[0]
 +        if not current_reload_time.isdigit():
 +            current_reload_time = "none"
          if current_reload_time not in [t[0] for t in times]:
              times.insert(0, (current_reload_time, current_reload_time))

 }}}

--
Ticket URL: <http://trac.buildbot.net/ticket/2589#comment:5>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation


More information about the bugs mailing list