Bug 602526

Jon, do you have a test instance you can point to https://bz-web2-test.devel.redhat.com and see what breaks?

Dave

(In reply to comment #1)
> Jon, do you have a test instance you can point to
> https://bz-web2-test.devel.redhat.com and see what breaks?
> 
> Dave    

Yes, it is running on errata-dev.lab.bos.redhat.com

Checking today, I'm seeing some large discrepancies between runQuery results and the same query in the webui, using the errata system credentials:

https://bz-web2-test.devel.redhat.com/buglist.cgi?query_format=advanced&field0-0-0=flagtypes.name&bug_status=NEW&type0-0-0=equals&value0-0-0=rhel-5.6.0%2B

== 154 bugs

query = {'value0-0-0' => 'rhel-5.6.0+', 'field0-0-0' => 'flagtypes.name', 'type0-0-0' => 'equals', 'bug_status' => 'NEW'}

bugs = Bugzilla::Rpc.new.runQuery(query)
 p bugs['bugs'].length
38438

 p bugs['sql']
"SELECT bugs.bug_id AS bug_id, map_products.name AS product, bugs.bug_severity AS bug_severity, bugs.priority AS priority, bugs.op_sys AS op_sys, map_assigned_to.login_name AS assigned_to, bugs.bug_status AS bug_status, bugs.resolution AS resolution, bugs.short_desc AS short_desc FROM bugs  INNER JOIN profiles AS map_assigned_to ON (bugs.assigned_to = map_assigned_to.userid) INNER JOIN products AS map_products ON (bugs.product_id = map_products.id) LEFT JOIN bug_status ON (bug_status.value = bugs.bug_status) LEFT JOIN priority ON (priority.value = bugs.priority) LEFT JOIN bug_group_map  ON bug_group_map.bug_id = bugs.bug_id  LEFT JOIN cc ON cc.bug_id = bugs.bug_id AND cc.who = 241731 WHERE (( bugs.bug_status IN ('NEW') )) AND bugs.creation_ts IS NOT NULL AND ((bug_group_map.group_id IS NULL) OR (bug_group_map.group_id IN (8,7,94,147,76,68,198,144,86,15,155,130,146,195,82,123,122,33,196,194,21,31,12,23,97,24,106,150,199,17,41,69,210,58,85,92,107,50,191,87,83,183,120,116,118,114,117,133,79,81,182,192,204,32,34,112,111,113,16,25,200,201,103,27,75,63,151,110,181,148,13,193,91,84,108,197,119,145,30,212,105,218,124,128,125,162,70,11,207,171,149,102,101,161,141,142,140,129,80,44,135,136,134,215,22,38,137,139,138,154,127,29,98,157,202,100,19,71,132,78,143,126,65,96,93,10,48,217,208,209,131,109,153,99,74,121,214,14,67,95))    OR (bugs.reporter_accessible = 1 AND bugs.reporter = 241731)     OR (bugs.cclist_accessible = 1 AND cc.who IS NOT NULL)     OR (bugs.assigned_to = 241731) OR (bugs.qa_contact = 241731) ) GROUP BY bugs.bug_id ORDER BY bug_status.sortkey,bug_status.value,priority.sortkey,priority.value,assigned_to,bug_id"

The issue is that in 3.6 now attempts to pre-taint the data coming from web service params. 

1. A function in Bugzilla::WebService::Util called taint_data() is called with all parameters passed to a web service method.

2. taint_data() calls  Test::Taint::_deeply_traverse(\&_delete_bad_keys,\@params);

3. _delete_bad_keys() looks at each hash key name and if it doesn't match ^\w+$ it deletes it.

_delete_bad_keys is removing the keys for boolean charts such as field0-0-0, type0-0-0 and value0-0-0 since it is checking for \w and the - characters do not match \w.

I am committing a fix for this in our tree and filing a bug upstream.

Dave

The fix is on bz-web2-test.devel.redhat.com now. Can you verify that this is working better now?

Dave

(In reply to comment #4)
> The fix is on bz-web2-test.devel.redhat.com now. Can you verify that this is
> working better now?
> 
> Dave    

Yes, it is returning the correct number of bugs now. Thanks!

Cool. I will leave this open for now as we will want to re-verify proper working order closer to release.

Dave

Jon Orris, we are hoping to upgrade to Bugzilla 3.6 this weekend. Would it be possible to do one more sanity check with the Errata Tool and Bugzilla to make sure all is still well in the next day or so? I do not want any surprises if I can help it.

Thanks
Dave

Been running more tests this week. All ET used functionality appears to be working properly.