Bug 1249730 - Running reports produces different errors each time
Running reports produces different errors each time
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: -- Unknown (Show other bugs)
5.5.0
Unspecified Unspecified
high Severity medium
: GA
: 5.5.0
Assigned To: Gregg Tanzillo
Ramesh A
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-03 12:28 EDT by Ramesh A
Modified: 2015-12-08 08:25 EST (History)
2 users (show)

See Also:
Fixed In Version: 5.5.0.8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-08 08:25:33 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ramesh A 2015-08-03 12:28:12 EDT
Description of problem:
Running different reports from appliance throws different errors for each report.  For example the below mentioned report was seen while running the report " Offline VMs with Snapshots"

Not sure if it related to BZ#1249670

Version-Release number of selected component (if applicable):
master.20150803085357_e08ddc8 

How reproducible:
Very

Steps to Reproduce:
1. Navigate to Cloud Intelligence ==> Reports ==> Reports.  Choose a report and Queue it.  (eg. All Reports ==> Operations ==> Virtual Machines ==> Offline VMs with Snapshots)


Actual results:
Below mentioned error is seen in evm.log file

Expected results:
Should not throw any error messages in evm.log file

Additional info:
evm.log
========
[----] I, [2015-08-03T10:49:58.545764 #4502:109b98c]  INFO -- : MIQ(MiqTask#update_status) Task: [16] [Active] [Ok] [Generating report]
[----] E, [2015-08-03T10:49:58.923462 #4502:109b98c] ERROR -- : [SecurityError]: Insecure operation - eval  Method:[rescue in _async_generate_table]
[----] E, [2015-08-03T10:49:58.923763 #4502:109b98c] ERROR -- : /var/www/miq/vmdb/app/models/condition.rb:195:in `eval'
/var/www/miq/vmdb/app/models/condition.rb:195:in `block in _subst_find'
/var/www/miq/vmdb/app/models/condition.rb:195:in `call'
/var/www/miq/vmdb/app/models/condition.rb:195:in `_subst_find'
/var/www/miq/vmdb/app/models/condition.rb:102:in `block in subst'
/var/www/miq/vmdb/app/models/condition.rb:102:in `gsub!'
/var/www/miq/vmdb/app/models/condition.rb:102:in `subst'
/var/www/miq/vmdb/app/models/rbac.rb:504:in `matches_search_filters?'
/var/www/miq/vmdb/app/models/rbac.rb:417:in `block in search'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:132:in `reject'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:132:in `public_send'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:132:in `method_missing'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:99:in `method_missing'
/var/www/miq/vmdb/app/models/rbac.rb:417:in `search'
/var/www/miq/vmdb/app/models/miq_report/generator.rb:275:in `_generate_table'
/var/www/miq/vmdb/app/models/miq_report/generator.rb:173:in `block in generate_table'
/var/www/miq/vmdb/app/models/user.rb:330:in `with_userid'
/var/www/miq/vmdb/app/models/miq_report/generator.rb:173:in `generate_table'
/var/www/miq/vmdb/app/models/miq_report/generator/async.rb:93:in `_async_generate_table'
/var/www/miq/vmdb/app/models/miq_queue.rb:345:in `block in deliver'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:89:in `block in timeout'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:34:in `block in catch'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:34:in `catch'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:34:in `catch'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:104:in `timeout'
/var/www/miq/vmdb/app/models/miq_queue.rb:341:in `deliver'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:107:in `deliver_queue_message'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:135:in `deliver_message'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:152:in `block in do_work'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:146:in `loop'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:146:in `do_work'
/var/www/miq/vmdb/lib/workers/worker_base.rb:328:in `block in do_work_loop'
/var/www/miq/vmdb/lib/workers/worker_base.rb:325:in `loop'
/var/www/miq/vmdb/lib/workers/worker_base.rb:325:in `do_work_loop'
/var/www/miq/vmdb/lib/workers/worker_base.rb:146:in `run'
/var/www/miq/vmdb/lib/workers/worker_base.rb:127:in `start'
/var/www/miq/vmdb/lib/workers/worker_base.rb:24:in `start_worker'
/var/www/miq/vmdb/lib/workers/bin/worker.rb:3:in `<top (required)>'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/runner.rb:60:in `load'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/runner.rb:60:in `<top (required)>'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:123:in `require'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:123:in `require_command!'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:90:in `runner'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands.rb:17:in `<top (required)>'
/var/www/miq/vmdb/bin/rails:4:in `require'
/var/www/miq/vmdb/bin/rails:4:in `<main>'
[----] W, [2015-08-03T10:49:59.057286 #4502:109b98c]  WARN -- : <AuditFailure> MIQ(Async.rescue in _async_generate_table) userid: [admin] - Insecure operation - eval
[----] E, [2015-08-03T10:49:59.108467 #4502:109b98c] ERROR -- : MIQ(MiqQueue#deliver) Message id: [4971], Error: [Insecure operation - eval]
[----] E, [2015-08-03T10:49:59.108710 #4502:109b98c] ERROR -- : [SecurityError]: Insecure operation - eval  Method:[rescue in deliver]
[----] E, [2015-08-03T10:49:59.108809 #4502:109b98c] ERROR -- : /var/www/miq/vmdb/app/models/condition.rb:195:in `eval'
/var/www/miq/vmdb/app/models/condition.rb:195:in `block in _subst_find'
/var/www/miq/vmdb/app/models/condition.rb:195:in `call'
/var/www/miq/vmdb/app/models/condition.rb:195:in `_subst_find'
/var/www/miq/vmdb/app/models/condition.rb:102:in `block in subst'
/var/www/miq/vmdb/app/models/condition.rb:102:in `gsub!'
/var/www/miq/vmdb/app/models/condition.rb:102:in `subst'
/var/www/miq/vmdb/app/models/rbac.rb:504:in `matches_search_filters?'
/var/www/miq/vmdb/app/models/rbac.rb:417:in `block in search'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:132:in `reject'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:132:in `public_send'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:132:in `method_missing'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/activerecord-4.2.3/lib/active_record/relation/delegation.rb:99:in `method_missing'
/var/www/miq/vmdb/app/models/rbac.rb:417:in `search'
/var/www/miq/vmdb/app/models/miq_report/generator.rb:275:in `_generate_table'
/var/www/miq/vmdb/app/models/miq_report/generator.rb:173:in `block in generate_table'
/var/www/miq/vmdb/app/models/user.rb:330:in `with_userid'
/var/www/miq/vmdb/app/models/miq_report/generator.rb:173:in `generate_table'
/var/www/miq/vmdb/app/models/miq_report/generator/async.rb:93:in `_async_generate_table'
/var/www/miq/vmdb/app/models/miq_queue.rb:345:in `block in deliver'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:89:in `block in timeout'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:34:in `block in catch'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:34:in `catch'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:34:in `catch'
/opt/rubies/ruby-2.2.2/lib/ruby/2.2.0/timeout.rb:104:in `timeout'
/var/www/miq/vmdb/app/models/miq_queue.rb:341:in `deliver'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:107:in `deliver_queue_message'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:135:in `deliver_message'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:152:in `block in do_work'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:146:in `loop'
/var/www/miq/vmdb/lib/workers/queue_worker_base.rb:146:in `do_work'
/var/www/miq/vmdb/lib/workers/worker_base.rb:328:in `block in do_work_loop'
/var/www/miq/vmdb/lib/workers/worker_base.rb:325:in `loop'
/var/www/miq/vmdb/lib/workers/worker_base.rb:325:in `do_work_loop'
/var/www/miq/vmdb/lib/workers/worker_base.rb:146:in `run'
/var/www/miq/vmdb/lib/workers/worker_base.rb:127:in `start'
/var/www/miq/vmdb/lib/workers/worker_base.rb:24:in `start_worker'
/var/www/miq/vmdb/lib/workers/bin/worker.rb:3:in `<top (required)>'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/runner.rb:60:in `load'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/runner.rb:60:in `<top (required)>'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:123:in `require'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:123:in `require_command!'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:90:in `runner'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
/opt/rubies/ruby-2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands.rb:17:in `<top (required)>'
/var/www/miq/vmdb/bin/rails:4:in `require'
/var/www/miq/vmdb/bin/rails:4:in `<main>'
Comment 3 Gregg Tanzillo 2015-08-18 09:06:01 EDT
Pull request: https://github.com/ManageIQ/manageiq/pull/3806
Comment 5 CFME Bot 2015-10-27 00:59:19 EDT
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/7f2e2f0851c15668dd780676e85f9aa781acb06b

commit 7f2e2f0851c15668dd780676e85f9aa781acb06b
Author:     Gregg Tanzillo <gtanzill@redhat.com>
AuthorDate: Mon Aug 17 10:22:47 2015 -0400
Commit:     Gregg Tanzillo <gtanzill@redhat.com>
CommitDate: Mon Oct 26 22:35:17 2015 -0400

    Reinstated code that evaluates ruby expression in conditions.
    
    This is required for supporting find/check expressions that can be created in the reporting UI filter tab.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1249730

 app/models/condition.rb | 43 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)
Comment 6 CFME Bot 2015-10-27 00:59:25 EDT
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/af418714eb97e84d07def3e552012cd5fe24672f

commit af418714eb97e84d07def3e552012cd5fe24672f
Author:     Gregg Tanzillo <gtanzill@redhat.com>
AuthorDate: Mon Aug 17 10:31:20 2015 -0400
Commit:     Gregg Tanzillo <gtanzill@redhat.com>
CommitDate: Mon Oct 26 22:43:11 2015 -0400

    Robocop - updated to use stabby lambda.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1249730

 spec/models/condition_spec.rb | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
Comment 7 CFME Bot 2015-10-27 00:59:31 EDT
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/8a19b2de5d635e7084ee77f20c11202bce877033

commit 8a19b2de5d635e7084ee77f20c11202bce877033
Author:     Gregg Tanzillo <gtanzill@redhat.com>
AuthorDate: Tue Sep 1 14:37:56 2015 -0400
Commit:     Gregg Tanzillo <gtanzill@redhat.com>
CommitDate: Mon Oct 26 22:43:28 2015 -0400

    Restricted operator in check expression to one of == != < > <= >= to prevent unsafe operation.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1249730

 app/models/condition.rb       | 2 ++
 spec/models/condition_spec.rb | 5 +++++
 2 files changed, 7 insertions(+)
Comment 8 Ramesh A 2015-11-16 03:33:41 EST
Good to go.  Verified and working fine in 5.5.0.10-beta2.1.20151110134042_d6f5459
Comment 10 errata-xmlrpc 2015-12-08 08:25:33 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:2551

Note You need to log in before you can comment on or make changes to this bug.