Checkbox

Merge lp:~pieq/checkbox/fix-1585556-sanitizing-comments into lp:checkbox

  1. fix-1585556-sanitizing-comments
  2. Merge into trunk
Proposed by Pierre Equoy
Status: Merged
Approved by: Sylvain Pineau
Approved revision: 4410
Merged at revision: 4412
Proposed branch: lp:~pieq/checkbox/fix-1585556-sanitizing-comments
Merge into: lp:checkbox
Diff against target: 47 lines (+18/-2)
2 files modified
plainbox/plainbox/impl/result.py (+15/-2)
plainbox/plainbox/impl/test_result.py (+3/-0)
To merge this branch: bzr merge lp:~pieq/checkbox/fix-1585556-sanitizing-comments
Reviewer Review Type Date Requested Status
Sylvain Pineau (community) Approve
Review via email: mp+298283@code.launchpad.net

Description of the change

Sanitize tester comments to avoid crashes when parsing submission file

When using checkbox-cli, tester who type special keys (like Escape, Page Up/Down, arrow keys, etc.) when entering a comment may leave undesirable characters sequences that may prevent submission files from being valid, hence blocking their process in C3.

The proposed merge simply escape the tester comments to avoid this.

Tested this way:

1. Run a test where you can input comments:

    plainbox run -i ".*miscellanea/tester-info"

2. press `c` to enter a comment, then press a few special keys like Esc, arrow keys, PgUp/PgDown keys, etc. then press Enter to validate

→ You can see right away that the comment has been sanitized

3. export the session as an xml file:

    plainbox session export -f xml -o /tmp/sub_afterfix.xml pbox-8twly66g

4. Check if the submission file is valid:

    cat /tmp/sub_afterfix.xml| plainbox dev parse submission

→ no problem \o/

(before, this last command would crash with output like this:)
----------------------------------------------------------------------
ERROR plainbox.parsers: Cannot parse input
Traceback (most recent call last):
  File "/home/pierre/dev/checkbox/plainbox/plainbox/impl/parsers.py", line 137, in parse_text_to_ast
    return self.parser_fn(text)
  File "/home/pierre/dev/checkbox/checkbox-support/checkbox_support/parsers/submission.py", line 1326, in parse_submission_text
    parser.run(TestRun, messages=messages)
  File "/home/pierre/dev/checkbox/checkbox-support/checkbox_support/parsers/submission.py", line 1307, in run
    tree = etree.parse(self.file, parser=parser)
  File "/usr/lib/python3.5/xml/etree/ElementTree.py", line 1184, in parse
    tree.parse(source, parser)
  File "/usr/lib/python3.5/xml/etree/ElementTree.py", line 602, in parse
    parser.feed(data)
  File "<string>", line None
xml.etree.ElementTree.ParseError: not well-formed (invalid token): line 21, column 41
----------------------------------------------------------------------

To post a comment you must log in.
Revision history for this message
Sylvain Pineau (sylvain-pineau) wrote :

The current CONTROL_CODE_RE_STR does not seem to clean the string from escape sequences (especially those ending with arrow/pagedown).

I'd try to add a new regex for a two step cleanup using this time this one:

'(\x9B|\x1B\[)[0-?]*[ -\/]*[@-~]'

Credits: http://stackoverflow.com/a/33925425/1154487

And we need a new unit test to check it works (and not regress)

review: Needs Fixing
lp:~pieq/checkbox/fix-1585556-sanitizing-comments updated
4410. By Pierre Equoy

plainbox: Sanitize tester comments to avoid crashes when parsing submission file

Revision history for this message
Pierre Equoy (pieq) wrote :

I used the regex provided by Sylvain instead of the original one. This one includes all the escape characters that `CONTROL_CODE_RE_STR` was taking care of, so we just need one regex to rule them all.

This time, the whole sequence is escaped, not only the first part.

I also added a unit test that is used in DiskJobResultTests and MemoryJobResultTests.

Revision history for this message
Sylvain Pineau (sylvain-pineau) wrote :

Perfect, thx.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'plainbox/plainbox/impl/result.py'
2--- plainbox/plainbox/impl/result.py 2015-10-29 20:11:51 +0000
3+++ plainbox/plainbox/impl/result.py 2016-06-27 07:57:01 +0000
4@@ -59,6 +59,11 @@
5 CONTROL_CODE_RE_STR = re.compile(
6 "(?![\n\r\t\v])[\u0000-\u001F]|[\u007F-\u009F]")
7
8+# Regular expression that matches ANSI Escape Sequences (e.g. arrow keys)
9+# For more info, see <http://stackoverflow.com/a/33925425>
10+#
11+# We use this to sanitize comments entered during testing
12+ANSI_ESCAPE_SEQ_RE_STR = re.compile("(\x9B|\x1B\[)[0-?]*[ -\/]*[@-~]")
13
14 # Tuple representing entries in the JobResult.io_log
15 # Each entry has three fields:
16@@ -370,8 +375,16 @@
17
18 @property
19 def comments(self):
20- """Get the comments of the test operator."""
21- return self._data.get('comments')
22+ """
23+ Get the comments of the test operator.
24+
25+ The comments are sanitized to remove control characters that would
26+ cause problems when parsing the submission file.
27+ """
28+ comments = self._data.get('comments')
29+ if comments:
30+ comments = ANSI_ESCAPE_SEQ_RE_STR.sub('', comments)
31+ return comments
32
33 @property
34 def return_code(self):
35
36=== modified file 'plainbox/plainbox/impl/test_result.py'
37--- plainbox/plainbox/impl/test_result.py 2016-05-16 18:10:14 +0000
38+++ plainbox/plainbox/impl/test_result.py 2016-06-27 07:57:01 +0000
39@@ -52,6 +52,9 @@
40 result = self.result_cls({})
41 self.assertIsNone(result.comments)
42
43+ def test_append_comments_with_invalid_chars(self):
44+ result = self.result_cls({'comments': '\x1b\x5b\x36\x7e'})
45+ self.assertEqual(result.comments, "")
46
47 class DiskJobResultTests(TestCase, CommonTestsMixIn):
48

Subscribers

People subscribed via source and target branches