 |
|
Item8539: Func::saveAttachment fails silently on trunk if filename is tainted
Priority: Urgent
Current State: Closed
Released In:
Target Release: n/a
Current State: Closed
Released In:
Target Release: n/a
Applies To: Engine
Component: Store
Branches:
Component: Store
Branches:
Unit test on Trunk:
Running FuncTests
FuncTests::test_subweb_attachments
Attachment RCS Filename /var/www/SVN/foswiki/core/pub/TemporaryFuncTestWebFunc/SubWeb/BlahBlahBlah/blahblahblah.gif,v was not written to disk?***
Attachment file /var/www/SVN/foswiki/core/pub/TemporaryFuncTestWebFunc/SubWeb/BlahBlahBlah/blahblahblah.gif was not written to disk? at /var/www/SVN/foswiki/core/test/unit/FuncTests.pm line 399
FuncTests::test_subweb_attachments('FuncTests=HASH(0x84c6928)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 276
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x89a8468)', 'HASH(0x89a3b00)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 298
Unit::TestRunner::runOne('FuncTests=HASH(0x84c6928)', 'FuncTests', 'test_subweb_attachments') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 102
Unit::TestRunner::start('Unit::TestRunner=HASH(0x84a8768)', 'FuncTests::test_subweb_attachments') called at ../bin/TestRunner.pl line 118
at /var/www/SVN/foswiki/core/test/unit/FoswikiTestCase.pm line 25
FoswikiTestCase::__ANON__('\x{a}Attachment file /var/www/SVN/foswiki/core/pub/TemporaryFuncT...') called at /var/www/SVN/foswiki/core/lib/Unit/TestCase.pm line 142
Unit::TestCase::assert('FuncTests=HASH(0x84c6928)', undef, 'Attachment file /var/www/SVN/foswiki/core/pub/TemporaryFuncTe...') called at /var/www/SVN/foswiki/core/test/unit/FuncTests.pm line 399
FuncTests::test_subweb_attachments('FuncTests=HASH(0x84c6928)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 276
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x89a8468)', 'HASH(0x89a3b00)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 298
Unit::TestRunner::runOne('FuncTests=HASH(0x84c6928)', 'FuncTests', 'test_subweb_attachments') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 102
Unit::TestRunner::start('Unit::TestRunner=HASH(0x84a8768)', 'FuncTests::test_subweb_attachments') called
Unit test on Release:
Insecure dependency in open while running with -T switch at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Store/RcsFile.pm line 778.
at /var/www/SVN/foswiki/branches/Release01x00/core/test/unit/FoswikiTestCase.pm line 25
FoswikiTestCase::__ANON__('Insecure dependency in open while running with -T switch at /...') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Store/RcsFile.pm line 778
Foswiki::Store::RcsFile::saveStream('Foswiki::Store::RcsLite=HASH(0x8981738)', 'GLOB(0x898b0e0)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Store/RcsLite.pm line 491
Foswiki::Store::RcsLite::_addRevision('Foswiki::Store::RcsLite=HASH(0x8981738)', 1, 'GLOB(0x898b0e0)', 'Feasgar Bha', 'BaseUserMapping_666') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Store/RcsLite.pm line 466
Foswiki::Store::RcsLite::addRevisionFromStream('Foswiki::Store::RcsLite=HASH(0x8981738)', 'GLOB(0x898b0e0)', 'Feasgar Bha', 'BaseUserMapping_666') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Store.pm line 1077
Foswiki::Store::__ANON__() called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x899e2c8)', 'HASH(0x8a399b0)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Store.pm line 1082
Foswiki::Store::__ANON__() called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x898bb88)', 'HASH(0x898f098)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Store.pm line 1127
Foswiki::Store::saveAttachment('Foswiki::Store=HASH(0x87cc638)', 'TemporaryFuncTestWebFunc/SubWeb', 'BlahBlahBlah', 'blahblahblah.gif', 'BaseUserMapping_666', 'HASH(0x898bd18)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Func.pm line 1697
Foswiki::Func::__ANON__() called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x8b0f198)', 'HASH(0x8971e60)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Foswiki/Func.pm line 1703
Foswiki::Func::saveAttachment('TemporaryFuncTestWebFunc/SubWeb', 'BlahBlahBlah', 'blahblahblah.gif', 'HASH(0x898bd18)') called at /var/www/SVN/foswiki/branches/Release01x00/core/test/unit/FuncTests.pm line 324
FuncTests::test_subweb_attachments('FuncTests=HASH(0x85c5680)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Unit/TestRunner.pm line 110
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x898e708)', 'HASH(0x899c420)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Unit/TestRunner.pm line 129
Unit::TestRunner::start('Unit::TestRunner=HASH(0x8369f90)', 'FuncTests::test_subweb_attachments') called
at /var/www/SVN/foswiki/branches/Release01x00/core/test/unit/FuncTests.pm line 336
FuncTests::test_subweb_attachments('FuncTests=HASH(0x85c5680)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Unit/TestRunner.pm line 110
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x898e708)', 'HASH(0x899c420)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Unit/TestRunner.pm line 129
Unit::TestRunner::start('Unit::TestRunner=HASH(0x8369f90)', 'FuncTests::test_subweb_attachments') called at ../bin/TestRunner.pl line 113
at /var/www/SVN/foswiki/branches/Release01x00/core/test/unit/FoswikiTestCase.pm line 25
FoswikiTestCase::__ANON__('\x{a}Insecure dependency in open while running with -T switch at ...') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Unit/TestCase.pm line 135
Unit::TestCase::assert('FuncTests=HASH(0x85c5680)', '', 'Insecure dependency in open while running with -T switch at /...') called at /var/www/SVN/foswiki/branches/Release01x00/core/test/unit/FuncTests.pm line 336
FuncTests::test_subweb_attachments('FuncTests=HASH(0x85c5680)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Unit/TestRunner.pm line 110
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x898e708)', 'HASH(0x899c420)') called at /var/www/SVN/foswiki/branches/Release01x00/core/lib/Unit/TestRunner.pm line 129
Unit::TestRunner::start('Unit::TestRunner=HASH(0x8369f90)', 'FuncTests::test_subweb_attachments') called
Trace from a different taint error: (This does not appear to be the same error. This happens when web name passed to saveAttachment is tainted.
Insecure dependency in open while running with -T switch at /var/www/SVN/foswiki/core/lib/Foswiki/Store/VC/Handler.pm line 806.
at /var/www/SVN/foswiki/core/test/unit/FoswikiTestCase.pm line 25
FoswikiTestCase::__ANON__('Insecure dependency in open while running with -T switch at /...') called at /var/www/SVN/foswiki/core/lib/Foswiki/Store/VC/Handler.pm line 806
Foswiki::Store::VC::Handler::saveFile('Foswiki::Store::VC::RcsLiteHandler=HASH(0x8b7be48)', '/var/www/SVN/foswiki/core/data/TemporaryFuncTestWebFuncAttbla...', 'BaseUserMapping_666\x{a}1266341280') called at /var/www/SVN/foswiki/core/lib/Foswiki/Store/VC/Handler.pm line 654
Foswiki::Store::VC::Handler::setLock('Foswiki::Store::VC::RcsLiteHandler=HASH(0x8b7be48)', 1, 'BaseUserMapping_666') called at /var/www/SVN/foswiki/core/lib/Foswiki/Store/VC/Store.pm line 311
Foswiki::Store::VC::Store::atomicLock('Foswiki::Store::RcsLite=HASH(0x8847868)', 'Foswiki::Meta=HASH(0x8a690c0)', 'BaseUserMapping_666') called at /var/www/SVN/foswiki/core/lib/Foswiki/Meta.pm line 1648
Foswiki::Meta::_atomicLock('Foswiki::Meta=HASH(0x8a690c0)', 'BaseUserMapping_666') called at /var/www/SVN/foswiki/core/lib/Foswiki/Meta.pm line 1560
Foswiki::Meta::saveAs('Foswiki::Meta=HASH(0x8a690c0)') called at /var/www/SVN/foswiki/core/lib/Foswiki/Meta.pm line 2217
Foswiki::Meta::attach('Foswiki::Meta=HASH(0x8a690c0)', 'name', 'bleagh.sniff', 'filesize', 16, 'filedate', 1266341280, 'comment', '<nop>DirectedGraphPlugin: DOT graph', ...) called at /var/www/SVN/foswiki/core/lib/Foswiki/Func.pm line 1724
Foswiki::Func::__ANON__() called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x84cf070)', 'HASH(0x89834e0)') called at /var/www/SVN/foswiki/core/lib/Foswiki/Func.pm line 1728
Foswiki::Func::saveAttachment('TemporaryFuncTestWebFuncAttblah/SubWeb', 'BlahBlahBlah', 'bleagh.sniff', 'HASH(0x89a1020)') called at /var/www/SVN/foswiki/core/test/unit/FuncTests.pm line 363
FuncTests::test_attachments('FuncTests=HASH(0x86f19f0)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 275
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x83b2da8)', 'HASH(0x93203c8)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 297
Unit::TestRunner::runOne('FuncTests=HASH(0x86f19f0)', 'FuncTests', undef) called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 101
Unit::TestRunner::start('Unit::TestRunner=HASH(0x84bf820)', 'FuncTests.pm') called
at /var/www/SVN/foswiki/core/test/unit/FuncTests.pm line 374
FuncTests::test_attachments('FuncTests=HASH(0x86f19f0)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 275
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x83b2da8)', 'HASH(0x93203c8)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 297
Unit::TestRunner::runOne('FuncTests=HASH(0x86f19f0)', 'FuncTests', undef) called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 101
Unit::TestRunner::start('Unit::TestRunner=HASH(0x84bf820)', 'FuncTests.pm') called at ../bin/TestRunner.pl line 120
at /var/www/SVN/foswiki/core/test/unit/FoswikiTestCase.pm line 25
FoswikiTestCase::__ANON__('\x{a}Insecure dependency in open while running with -T switch at ...') called at /var/www/SVN/foswiki/core/lib/Unit/TestCase.pm line 142
Unit::TestCase::assert('FuncTests=HASH(0x86f19f0)', '', 'Insecure dependency in open while running with -T switch at /...') called at /var/www/SVN/foswiki/core/test/unit/FuncTests.pm line 374
FuncTests::test_attachments('FuncTests=HASH(0x86f19f0)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 275
Unit::TestRunner::__ANON__() called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 379
eval {...} called at /var/www/SVN/foswiki/core/lib/CPAN/lib/Error.pm line 371
Error::subs::try('CODE(0x83b2da8)', 'HASH(0x93203c8)') called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 297
Unit::TestRunner::runOne('FuncTests=HASH(0x86f19f0)', 'FuncTests', undef) called at /var/www/SVN/foswiki/core/lib/Unit/TestRunner.pm line 101
Unit::TestRunner::start('Unit::TestRunner=HASH(0x84bf820)', 'FuncTests.pm') called
-- GeorgeClark - 16 Feb 2010
oh wow - lets mark this as urgent and see if Crawford has a quick fix.
-- SvenDowideit - 11 Apr 2010
Very strange; the test fails when run under -T, despite the fact that none of the data in the test is actually tainted! Investigating....
-- CrawfordCurrie - 18 Apr 2010
Another (tm)wiki mess sorted out; the doc and the code were at odds as to whether errors should be handled by exceptions or by messages.
-- CrawfordCurrie - 18 Apr 2010
ItemTemplate edit
| Summary | Func::saveAttachment fails silently on trunk if filename is tainted |
| ReportedBy | GeorgeClark |
| Codebase | trunk |
| SVN Range | |
| AppliesTo | Engine |
| Component | Store |
| Priority | Urgent |
| CurrentState | Closed |
| WaitingFor | |
| Checkins | distro:0baa91d8ff06 distro:5a87e1645a4a |
| TargetRelease | n/a |
| ReleasedIn |
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r7 - 18 Apr 2010, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy