New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize BuildCommand.output by removing NULL characters #4552

Merged
merged 3 commits into from Aug 24, 2018

Conversation

Projects
None yet
3 participants
@humitos
Member

humitos commented Aug 21, 2018

PostgreSQL doesn't support NULL (\x00) characters on TextFields.

Django 2.0 introduces a new validator that doesn't allow NULL characters to reach the database:

https://code.djangoproject.com/ticket/28201

This commit just replaces the NULL characters of the stdout and stder from the command ran by '' (empty string) to avoid conflicts when saving them into the database.

Closes #3900

Sanitize BuildCommand.output by removing NULL characters
PostgreSQL doesn't support NULL (\x00) characters on TextFields.

Django 2.0 introduces a new validator that doesn't allow NULL
characters to reach the database:

https://code.djangoproject.com/ticket/28201

This commit just replaces the NULL characters of the stdout and stder
from the command ran by '' (empty string) to avoid conflicts when
saving them into the database.

@humitos humitos requested a review from rtfd/core Aug 21, 2018

@humitos

This comment has been minimized.

Show comment
Hide comment
@humitos

humitos Aug 22, 2018

Member

I didn't find an easy way to test this.

I wrote a test like this

    def test_null_output(self):
        """Include NULL (\x00) characters on command output."""
        cmd = BuildCommand(['/bin/bash', '-c', 'echo -n H\0i'])
        cmd.run()
        self.assertEqual(cmd.output, 'Hi')

but it fails with an exception like

ValueError: embedded null byte
Member

humitos commented Aug 22, 2018

I didn't find an easy way to test this.

I wrote a test like this

    def test_null_output(self):
        """Include NULL (\x00) characters on command output."""
        cmd = BuildCommand(['/bin/bash', '-c', 'echo -n H\0i'])
        cmd.run()
        self.assertEqual(cmd.output, 'Hi')

but it fails with an exception like

ValueError: embedded null byte
@stsewd

This comment has been minimized.

Show comment
Hide comment
@stsewd

stsewd Aug 23, 2018

Member

hmm, what about wrapping the clean step in a function like clean_output? That way you can test that (very short test anyway), and also we will have only one place with a comment p:

Member

stsewd commented Aug 23, 2018

hmm, what about wrapping the clean step in a function like clean_output? That way you can test that (very short test anyway), and also we will have only one place with a comment p:

@humitos

This comment has been minimized.

Show comment
Hide comment
@humitos

humitos Aug 23, 2018

Member

@stsewd thanks for the suggestion! I added a method into the BuildCommand class, update a test to check the amount of calls to it when running a command, and another test to check that method in particular.

What do you think?

Member

humitos commented Aug 23, 2018

@stsewd thanks for the suggestion! I added a method into the BuildCommand class, update a test to check the amount of calls to it when running a command, and another test to check that method in particular.

What do you think?

@stsewd

stsewd approved these changes Aug 23, 2018

Looks great!

# Mock BuildCommand.sanitized_output just to count the amount of calls,
# but use the original method to behaves as real
original_sanitized_output = cmd.sanitize_output
with patch('readthedocs.doc_builder.environments.BuildCommand.sanitize_output') as sanitize_output: # noqa

This comment has been minimized.

@stsewd

stsewd Aug 23, 2018

Member

We don't run the linter on tests files, so, it doesn't matter having a # noqa comment p:

@stsewd

stsewd Aug 23, 2018

Member

We don't run the linter on tests files, so, it doesn't matter having a # noqa comment p:

This comment has been minimized.

@humitos

humitos Aug 23, 2018

Member

🙈

@humitos
@agjohnson

LGTM

@agjohnson agjohnson merged commit c4be596 into master Aug 24, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@agjohnson agjohnson deleted the humitos/cmd/sanitize-output branch Aug 24, 2018

humitos added a commit that referenced this pull request Aug 30, 2018

Sanitize command output when running under DockerBuildEnvironment
In #4552 I fixed this for LocalBuildEnvironment but I forget to do
exactly the same for Docker. This is what this commit does.

agjohnson added a commit that referenced this pull request Aug 30, 2018

Sanitize command output when running under DockerBuildEnvironment (#4591
)

In #4552 I fixed this for LocalBuildEnvironment but I forget to do
exactly the same for Docker. This is what this commit does.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment