New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong arguments position in a log message #67

Merged
merged 1 commit into from May 16, 2015

Conversation

Projects
None yet
4 participants
@guewen
Member

guewen commented May 15, 2015

No description provided.

@sbidoul

This comment has been minimized.

Show comment
Hide comment
@sbidoul

sbidoul May 15, 2015

Member

👍

So you managed to trigger that warning?

Member

sbidoul commented May 15, 2015

👍

So you managed to trigger that warning?

@guewen

This comment has been minimized.

Show comment
Hide comment
@guewen

guewen May 15, 2015

Member

So you managed to trigger that warning?

Yes! :-)
I was investigating #68 and called the controller directly on a job such as /connector/runjob?job_uuid=e3ecfa2e-e425-481c-bc0d-3d1cc64f2c02

Member

guewen commented May 15, 2015

So you managed to trigger that warning?

Yes! :-)
I was investigating #68 and called the controller directly on a job such as /connector/runjob?job_uuid=e3ecfa2e-e425-481c-bc0d-3d1cc64f2c02

@guewen

This comment has been minimized.

Show comment
Hide comment
@guewen

guewen May 15, 2015

Member

BTW would it be "dangerous" if we allowed to call the controller directly on pending jobs?

Member

guewen commented May 15, 2015

BTW would it be "dangerous" if we allowed to call the controller directly on pending jobs?

@sbidoul

This comment has been minimized.

Show comment
Hide comment
@sbidoul

sbidoul May 15, 2015

Member

BTW would it be "dangerous" if we allowed to call the controller directly
on pending jobs?

Someone knowing uuids could then start any job. An external attacker would have to guess uuids to do any harm so maybe it's not dangerous indeed. In that case the worst he could do is a DoS by launching many jobs at once.

Are uuids guessable? If not we could maybe skip the enqueued state.

-sbi

Member

sbidoul commented May 15, 2015

BTW would it be "dangerous" if we allowed to call the controller directly
on pending jobs?

Someone knowing uuids could then start any job. An external attacker would have to guess uuids to do any harm so maybe it's not dangerous indeed. In that case the worst he could do is a DoS by launching many jobs at once.

Are uuids guessable? If not we could maybe skip the enqueued state.

-sbi

@guewen

This comment has been minimized.

Show comment
Hide comment
@guewen

guewen May 15, 2015

Member

I would say very difficult to predict, if possible, but they are not designed in the aim to be unpredictable. Anyway, I was thinking about that when I was debugging, just to check if jobs were runnable, but I see no real application otherwise. So maybe we can discuss about that again if we have a concrete use case for that.

Member

guewen commented May 15, 2015

I would say very difficult to predict, if possible, but they are not designed in the aim to be unpredictable. Anyway, I was thinking about that when I was debugging, just to check if jobs were runnable, but I see no real application otherwise. So maybe we can discuss about that again if we have a concrete use case for that.

@lmignon

This comment has been minimized.

Show comment
Hide comment
@lmignon

lmignon May 16, 2015

Contributor

👍

Contributor

lmignon commented May 16, 2015

👍

@pedrobaeza

This comment has been minimized.

Show comment
Hide comment
@pedrobaeza

pedrobaeza May 16, 2015

Contributor

👍

Contributor

pedrobaeza commented May 16, 2015

👍

pedrobaeza added a commit that referenced this pull request May 16, 2015

Merge pull request #67 from guewen/jobrunner-log-args
Wrong arguments position in a log message

@pedrobaeza pedrobaeza merged commit aa5cf84 into OCA:8.0 May 16, 2015

2 checks passed

ci/runbot runbot build 2946869-67-d35183 (runtime 71s)
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment