Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refs #36219 - allow loading HashWithIndifferentAccess from YAML #9782

Merged
merged 1 commit into from Aug 1, 2023
Merged

Refs #36219 - allow loading HashWithIndifferentAccess from YAML #9782

merged 1 commit into from Aug 1, 2023

Conversation

evgeni
Copy link
Member

@evgeni evgeni commented Jul 28, 2023

Fixes: c9b82a5

@theforeman-bot
Copy link
Member

Issues: #36219

@evgeni evgeni mentioned this pull request Jul 28, 2023
Merged
evgeni
evgeni commented Jul 28, 2023
View reviewed changes
app/models/report.rb
@@ -62,7 +62,7 @@ def self.inherited(child)
# extracts serialized metrics and keep them as a hash_with_indifferent_access
def metrics
return {} if self[:metrics].nil?
YAML.safe_load(read_metrics).with_indifferent_access
YAML.safe_load(read_metrics, permitted_classes: [ActiveSupport::HashWithIndifferentAccess]).with_indifferent_access
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The alternative solution would be to make read_metrics not return HWIA, but I wasn't sure the mangling in that function is the only way for the data to get HWIA header, so this seemed safer.

@ofedoren
Copy link
Member

A dumb question: since these errors are hard to catch before they come, isn't it better to define permitted classes as a constant and use it everywhere we use safe_load?.. Something like https://github.com/ofedoren/foreman/blob/develop/config/application.rb#L181

@evgeni
Copy link
Member Author

evgeni commented Jul 28, 2023

I guess? I was first aiming at fixing the nightly issue (which it does, even if I don't understand why the existing tests didn't catch it before).

@evgeni
Copy link
Member Author

evgeni commented Jul 31, 2023

[test katello]

ekohl
ekohl approved these changes Jul 31, 2023
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A dumb question: since these errors are hard to catch before they come, isn't it better to define permitted classes as a constant and use it everywhere we use safe_load?.. Something like https://github.com/ofedoren/foreman/blob/develop/config/application.rb#L181

I think in general you want to limit it as much as possible.

@ekohl
Copy link
Member

ekohl commented Jul 31, 2023

Not sure if this Katello failure is related. I wouldn't think it is.

[2023-07-31T19:03:20.150Z] Cancelling nested steps due to timeout
[2023-07-31T19:03:20.244Z] Sending interrupt signal to process
[2023-07-31T19:03:25.704Z] AccessPermissionsTest#test_0799_route foreman_tasks/api/tasks/callback should have a permission that grants access rake aborted!
[2023-07-31T19:03:25.704Z] SignalException: SIGTERM

@evgeni
Copy link
Member Author

evgeni commented Aug 1, 2023

almost sure it isn't

[test katello]

@ekohl
Copy link
Member

ekohl commented Aug 1, 2023

Doesn't look like it, merging.

@ekohl ekohl merged commit 45afc2e into theforeman:develop Aug 1, 2023
6 of 7 checks passed
@evgeni evgeni deleted the i36219 branch August 1, 2023 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@evgeni @theforeman-bot @ofedoren @ekohl