[Buildbot-commits] [Buildbot] #631: IRC bot gives 'ValueError' when fed a singlequote
Buildbot
nobody at buildbot.net
Mon Mar 5 05:08:43 UTC 2012
#631: IRC bot gives 'ValueError' when fed a singlequote
------------------------+-----------------------
Reporter: tycho | Owner: ddunbar
Type: defect | Status: assigned
Priority: major | Milestone: 0.8.+
Version: 0.7.11 | Resolution:
Keywords: irc, sprint |
------------------------+-----------------------
Changes (by dustin):
* keywords: irc => irc, sprint
Old description:
> Example:
>
> <neunon> CrawlBuild, force build crawl-debug-x86_64-centos attempt to
> bomb with rvollmert's latest changes
> <CrawlBuild> Something bad happened (see logs): <type
> 'exceptions.ValueError'>
>
> Gives:
>
> 2009-10-22 00:45:22-0700 [IrcStatusBot,client] irc command force
> 2009-10-22 00:45:22-0700 [IrcStatusBot,client] Unhandled Error
> Traceback (most recent call last):
> File "/usr/lib/python2.6/site-
> packages/twisted/words/protocols/irc.py", line 1484, in lineReceived
> self.handleCommand(command, prefix, params)
> File "/usr/lib/python2.6/site-
> packages/twisted/words/protocols/irc.py", line 1496, in handleCommand
> method(prefix, params)
> File "/usr/lib/python2.6/site-
> packages/twisted/words/protocols/irc.py", line 1041, in irc_PRIVMSG
> self.privmsg(user, channel, message)
> File "/usr/lib/python2.6/site-
> packages/buildbot/status/words.py", line 724, in privmsg
> contact.handleMessage(message, user)
> --- <exception caught here> ---
> File "/usr/lib/python2.6/site-
> packages/buildbot/status/words.py", line 635, in handleMessage
> meth(args.strip(), who)
> File "/usr/lib/python2.6/site-
> packages/buildbot/status/words.py", line 380, in command_FORCE
> args = shlex.split(args) # TODO: this requires python2.3 or
> newer
> File "/usr/lib/python2.6/shlex.py", line 279, in split
> return list(lex)
> File "/usr/lib/python2.6/shlex.py", line 269, in next
> token = self.get_token()
> File "/usr/lib/python2.6/shlex.py", line 96, in get_token
> raw = self.read_token()
> File "/usr/lib/python2.6/shlex.py", line 172, in read_token
> raise ValueError, "No closing quotation"
> exceptions.ValueError: No closing quotation
>
> Should I be reporting this to Twisted or can you guys work around this?
>
> And uh, it looks to me like this is a route to a security hole if it's
> not escaping the singlequote.
New description:
Example:
{{{
<neunon> CrawlBuild, force build crawl-debug-x86_64-centos attempt to bomb
with rvollmert's latest changes
<CrawlBuild> Something bad happened (see logs): <type
'exceptions.ValueError'>
}}}
Gives:
{{{
2009-10-22 00:45:22-0700 [IrcStatusBot,client] irc command force
2009-10-22 00:45:22-0700 [IrcStatusBot,client] Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python2.6/site-
packages/twisted/words/protocols/irc.py", line 1484, in lineReceived
self.handleCommand(command, prefix, params)
File "/usr/lib/python2.6/site-
packages/twisted/words/protocols/irc.py", line 1496, in handleCommand
method(prefix, params)
File "/usr/lib/python2.6/site-
packages/twisted/words/protocols/irc.py", line 1041, in irc_PRIVMSG
self.privmsg(user, channel, message)
File "/usr/lib/python2.6/site-
packages/buildbot/status/words.py", line 724, in privmsg
contact.handleMessage(message, user)
--- <exception caught here> ---
File "/usr/lib/python2.6/site-
packages/buildbot/status/words.py", line 635, in handleMessage
meth(args.strip(), who)
File "/usr/lib/python2.6/site-
packages/buildbot/status/words.py", line 380, in command_FORCE
args = shlex.split(args) # TODO: this requires python2.3 or
newer
File "/usr/lib/python2.6/shlex.py", line 279, in split
return list(lex)
File "/usr/lib/python2.6/shlex.py", line 269, in next
token = self.get_token()
File "/usr/lib/python2.6/shlex.py", line 96, in get_token
raw = self.read_token()
File "/usr/lib/python2.6/shlex.py", line 172, in read_token
raise ValueError, "No closing quotation"
exceptions.ValueError: No closing quotation
}}}
Should I be reporting this to Twisted or can you guys work around this?
And uh, it looks to me like this is a route to a security hole if it's not
escaping the singlequote.
--
--
Ticket URL: <http://trac.buildbot.net/ticket/631#comment:11>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the Commits
mailing list