source package names are leaked from private PPAs
Bug #1574807 reported by
Chris J Arges
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
High
|
Colin Watson | ||
Bug Description
Source package names have no security attached such that publishing them into a private PPA exposes that name to be targeted via other bugs. A method to check publications in the package picker is needed to ensure it can't pick packages that are only published in private PPAs.
Test case:
1) Create private PPA
2) Publish new source package with unique name : 'privatepackage'
3) File a bug with a completely unrelated public project
4) Pick a package and search for 'privatepackage'
Here we expect 'privatepackage' will not be visible. but currently it is.
Related branches
lp:~cjwatson/launchpad/fix-dsp-vocab-picker
- William Grant: Approve (code)
-
Diff: 781 lines (+216/-173)12 files modifiedlib/lp/app/javascript/picker/picker_patcher.js (+4/-2)
lib/lp/app/javascript/picker/tests/test_picker_patcher.js (+35/-2)
lib/lp/app/widgets/popup.py (+14/-1)
lib/lp/app/widgets/templates/distributionsourcepackage-picker.pt (+29/-0)
lib/lp/app/widgets/templates/form-picker-macros.pt (+1/-1)
lib/lp/app/widgets/tests/test_launchpadtarget.py (+2/-12)
lib/lp/app/widgets/tests/test_popup.py (+33/-7)
lib/lp/bugs/browser/tests/test_bugalsoaffects.py (+1/-18)
lib/lp/bugs/browser/widgets/bugtask.py (+11/-2)
lib/lp/registry/tests/test_distributionsourcepackage_vocabulary.py (+45/-92)
lib/lp/registry/vocabularies.py (+29/-35)
lib/lp/services/webapp/configure.zcml (+12/-1)
lp:~cjwatson/launchpad/bugtaskeditview-spn-dsp-vocab
- William Grant: Approve (code)
-
Diff: 173 lines (+70/-16)3 files modifiedlib/lp/bugs/browser/bugtask.py (+27/-4)
lib/lp/bugs/browser/tests/test_bugtask.py (+42/-11)
lib/lp/bugs/browser/widgets/bugtask.py (+1/-1)
lp:~cjwatson/launchpad/distribution-filebug-dsp-vocab
- William Grant: Approve (code)
-
Diff: 750 lines (+363/-75)9 files modifieddatabase/sampledata/current-dev.sql (+1/-1)
database/sampledata/current.sql (+1/-1)
lib/lp/bugs/browser/bugtarget.py (+48/-20)
lib/lp/bugs/browser/tests/test_bugtarget_filebug.py (+22/-2)
lib/lp/bugs/browser/widgets/bugtask.py (+46/-5)
lib/lp/bugs/doc/bugtask-package-widget.txt (+128/-23)
lib/lp/bugs/tests/test_doc.py (+26/-1)
lib/lp/registry/tests/test_distributionsourcepackage_vocabulary.py (+52/-3)
lib/lp/registry/vocabularies.py (+39/-19)
lp:~cjwatson/launchpad/git-repository-target-widget-dsp-vocab
- William Grant: Approve (code)
-
Diff: 113 lines (+35/-4)2 files modifiedlib/lp/code/browser/widgets/gitrepositorytarget.py (+12/-2)
lib/lp/code/browser/widgets/tests/test_gitrepositorytargetwidget.py (+23/-2)
lp:~cjwatson/launchpad/productseries-ubuntupkg-dsp-vocab
- William Grant: Approve (code)
-
Diff: 526 lines (+164/-86)7 files modifiedlib/lp/app/widgets/popup.py (+85/-1)
lib/lp/bugs/browser/bugtracker.py (+2/-2)
lib/lp/bugs/browser/widgets/bugtask.py (+11/-74)
lib/lp/registry/browser/productseries.py (+33/-4)
lib/lp/registry/browser/tests/test_packaging.py (+20/-3)
lib/lp/registry/tests/test_distributionsourcepackage_vocabulary.py (+11/-0)
lib/lp/registry/vocabularies.py (+2/-2)
lp:~cjwatson/launchpad/potemplate-dsp-vocab
- William Grant: Approve (code)
-
Diff: 583 lines (+347/-28)8 files modifiedlib/lp/app/widgets/popup.py (+8/-0)
lib/lp/app/widgets/templates/distributionsourcepackage-picker.pt (+5/-0)
lib/lp/bugs/browser/widgets/bugtask.py (+1/-2)
lib/lp/bugs/doc/bugtask-package-widget.txt (+18/-21)
lib/lp/translations/browser/potemplate.py (+51/-2)
lib/lp/translations/browser/tests/test_potemplate_views.py (+68/-3)
lib/lp/translations/browser/widgets/potemplate.py (+62/-0)
lib/lp/translations/browser/widgets/tests/test_potemplate.py (+134/-0)
lp:~cjwatson/launchpad/translation-import-queue-entry-dsp-vocab
- William Grant: Approve (code)
-
Diff: 315 lines (+192/-5)4 files modifiedlib/lp/translations/browser/tests/test_translationimportqueueentry.py (+46/-2)
lib/lp/translations/browser/translationimportqueue.py (+34/-3)
lib/lp/translations/browser/widgets/tests/test_translationimportqueue.py (+78/-0)
lib/lp/translations/browser/widgets/translationimportqueue.py (+34/-0)
| Changed in launchpad: | |
| status: | New → In Progress |
| importance: | Undecided → High |
| assignee: | nobody → Colin Watson (cjwatson) |
| tags: |
added: qa-ok removed: qa-needstesting |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #2 |
| tags: |
added: qa-needstesting removed: qa-ok |
| tags: |
added: qa-ok removed: qa-needstesting |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #3 |
| tags: |
added: qa-needstesting removed: qa-ok |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Colin Watson (cjwatson) wrote | #4 |
| tags: |
added: qa-ok removed: qa-needstesting |
| Changed in launchpad: | |
| status: | Fix Committed → In Progress |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #5 |
| tags: |
added: qa-needstesting removed: qa-ok |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #6 |
| tags: |
added: qa-ok removed: qa-needstesting |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #7 |
| tags: |
added: qa-needstesting removed: qa-ok |
| tags: |
added: qa-ok removed: qa-needstesting |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #8 |
| tags: |
added: qa-needstesting removed: qa-ok |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #9 |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #10 |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #11 |
| tags: |
added: qa-ok removed: qa-needstesting |
| Changed in launchpad: | |
| status: | Fix Committed → Fix Released |
| information type: | Private Security → Public Security |
To post a comment you must log in.
r18104 in stable (http://