History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: QB-2041
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Robin Shen
Reporter: Andrew Beck
Votes: 1
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
QuickBuild

Rest API can generate non valid xml responses when there are errors

Created: 02/May/14 11:34 AM   Updated: 14/May/14 01:29 AM
Component/s: None
Affects Version/s: 5.1.12
Fix Version/s: 5.1.25

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown
Environment:
Operating System Linux 3.2.0-4-amd64, amd64
JVM Java HotSpot(TM) 64-Bit Server VM 1.7.0_25, Oracle Corporation
QuickBuild Version 5.1.12 - Sat Feb 15 09:38:20 GMT 2014
Total Memory 15.68 GB
Used Memory 8.80 GB
Configurations 52034


 Description  « Hide
When the server is having authentication issues not related to Quickbuild it can generate not well formed XML in response to Rest API queries

The & in the errorMessage needs to be encoded or wrapped in CDATA

E.g. a query of
https://quickbuild/rest/configurations?parent_id=10242&recursive=true
Generate an XML response that include the following XML snippet

{code:xml}
  <com.pmease.quickbuild.model.Configuration>
    <id>165682</id>
    <disabled>false</disabled>
    <parent>10242</parent>
    <name>skype.stratus.config.namespace</name>
    <description>Stratus namespaced configuration library</description>
    <statusDate>2014-05-02T11:08:57.380+01:00</statusDate>
    <errorMessage>javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580&#0;]
caused by: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580&#0;]</errorMessage>
    <pluginSettingDOMs/>
    <data>
      <entry>
        <string>mavenGavs</string>
        <linked-hash-set>
          <com.pmease.quickbuild.plugin.builder.maven.Gav>
            <groupId>skype.stratus.config</groupId>
            <artifactId>namespace</artifactId>
            <version>1.0</version>
          </com.pmease.quickbuild.plugin.builder.maven.Gav>
        </linked-hash-set>
      </entry>
    </data>
    <stepDOMs/>
    <repositoryDOMs/>
    <aggregationDOMs/>
    <variables/>
    <notifications/>
    <promotions/>
  </com.pmease.quickbuild.model.Configuration>
{code}

This means the XML parser reading this data fails

 All   Comments   Work Log   Change History      Sort Order:
[ Permlink | « Hide ]
Robin Shen [03/May/14 01:21 AM]
QB does able to encode the character "&" in resulting XML. And I verified it to be true when requesting the XML directly into a file. The reason you are seeing this probably because that you are viewing this in browser, and the browser automatically converts "&amp;" to "&" for readability.

[ Permlink | « Hide ]
Andrew Beck [05/May/14 02:54 PM]
So this config Id is not showing the problem now but another one is, so downloaded the curl with curl e.g.
curl -k -u username:password -o curl.xml "https://quickbuild/rest/configurations?parent_id=48976&recursive=true"

The XML snippet from this is

  <com.pmease.quickbuild.model.Configuration>
    <id>48986</id>
    <disabled>false</disabled>
    <parent>48976</parent>
    <name>skype.portal</name>
    <description>The Portal</description>
    <statusDate>2014-05-05T14:37:53.708+01:00</statusDate>
    <errorMessage>javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580&#0;]
caused by: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580&#0;]</errorMessage>
    <pluginSettingDOMs/>
    <data>
      <entry>
        <string>mavenGavs</string>
        <linked-hash-set>
          <com.pmease.quickbuild.plugin.builder.maven.Gav>
            <groupId>skype</groupId>
            <artifactId>portal</artifactId>
            <version>1.73-SNAPSHOT</version>
          </com.pmease.quickbuild.plugin.builder.maven.Gav>
        </linked-hash-set>
      </entry>
    </data>
    <stepDOMs/>
    <repositoryDOMs/>
    <aggregationDOMs/>
    <variables/>
    <notifications/>
    <promotions/>
  </com.pmease.quickbuild.model.Configuration>

So XML syntax check again gives that there is an invalid character on line with for the errorMessage element

This was originally picked up by a user running a script against the Rest API.
It is therefore not a browser converting &amp to &

[ Permlink | « Hide ]
Robin Shen [06/May/14 01:29 AM]
Which database are you using?

[ Permlink | « Hide ]
Andrew Beck [06/May/14 10:14 AM]
MySQL 5.5.28

[ Permlink | « Hide ]
Robin Shen [06/May/14 11:29 PM]
Can you please take a mysql dump of your database and send to [robin AT pmease DOT com]? I am wondering what character is actaully storing in database as every & has been encoded correctly at my side. If you care about the sensitive information, you may reproduce this with simple configurations in a demo database to send me the dump.


Powered by Atlassian JIRA™ the Professional Issue Tracker. (Standard Edition, Version: 3.7.4-#189) - Bug/feature request - Contact Administrators