<< Back to previous view |
[QB-2041] Rest API can generate non valid xml responses when there are errors
|
|
Status: | Resolved |
Project: | QuickBuild |
Component/s: | None |
Affects Version/s: | 5.1.12 |
Fix Version/s: | 5.1.25 |
Type: | Bug | Priority: | Major |
Reporter: | Andrew Beck | Assigned To: | Robin Shen |
Resolution: | Fixed | Votes: | 1 |
Remaining Estimate: | Unknown | Time Spent: | Unknown |
Original Estimate: | Unknown | ||
Environment: |
Operating System Linux 3.2.0-4-amd64, amd64
JVM Java HotSpot(TM) 64-Bit Server VM 1.7.0_25, Oracle Corporation QuickBuild Version 5.1.12 - Sat Feb 15 09:38:20 GMT 2014 Total Memory 15.68 GB Used Memory 8.80 GB Configurations 52034 |
Description |
When the server is having authentication issues not related to Quickbuild it can generate not well formed XML in response to Rest API queries
The & in the errorMessage needs to be encoded or wrapped in CDATA E.g. a query of https://quickbuild/rest/configurations?parent_id=10242&recursive=true Generate an XML response that include the following XML snippet {code:xml} <com.pmease.quickbuild.model.Configuration> <id>165682</id> <disabled>false</disabled> <parent>10242</parent> <name>skype.stratus.config.namespace</name> <description>Stratus namespaced configuration library</description> <statusDate>2014-05-02T11:08:57.380+01:00</statusDate> <errorMessage>javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580�] caused by: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580�]</errorMessage> <pluginSettingDOMs/> <data> <entry> <string>mavenGavs</string> <linked-hash-set> <com.pmease.quickbuild.plugin.builder.maven.Gav> <groupId>skype.stratus.config</groupId> <artifactId>namespace</artifactId> <version>1.0</version> </com.pmease.quickbuild.plugin.builder.maven.Gav> </linked-hash-set> </entry> </data> <stepDOMs/> <repositoryDOMs/> <aggregationDOMs/> <variables/> <notifications/> <promotions/> </com.pmease.quickbuild.model.Configuration> {code} This means the XML parser reading this data fails |
Comments |
Comment by Robin Shen [ 03/May/14 01:21 AM ] |
QB does able to encode the character "&" in resulting XML. And I verified it to be true when requesting the XML directly into a file. The reason you are seeing this probably because that you are viewing this in browser, and the browser automatically converts "&" to "&" for readability. |
Comment by Andrew Beck [ 05/May/14 02:54 PM ] |
So this config Id is not showing the problem now but another one is, so downloaded the curl with curl e.g.
curl -k -u username:password -o curl.xml "https://quickbuild/rest/configurations?parent_id=48976&recursive=true" The XML snippet from this is <com.pmease.quickbuild.model.Configuration> <id>48986</id> <disabled>false</disabled> <parent>48976</parent> <name>skype.portal</name> <description>The Portal</description> <statusDate>2014-05-05T14:37:53.708+01:00</statusDate> <errorMessage>javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580�] caused by: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580�]</errorMessage> <pluginSettingDOMs/> <data> <entry> <string>mavenGavs</string> <linked-hash-set> <com.pmease.quickbuild.plugin.builder.maven.Gav> <groupId>skype</groupId> <artifactId>portal</artifactId> <version>1.73-SNAPSHOT</version> </com.pmease.quickbuild.plugin.builder.maven.Gav> </linked-hash-set> </entry> </data> <stepDOMs/> <repositoryDOMs/> <aggregationDOMs/> <variables/> <notifications/> <promotions/> </com.pmease.quickbuild.model.Configuration> So XML syntax check again gives that there is an invalid character on line with for the errorMessage element This was originally picked up by a user running a script against the Rest API. It is therefore not a browser converting & to & |
Comment by Robin Shen [ 06/May/14 01:29 AM ] |
Which database are you using? |
Comment by Andrew Beck [ 06/May/14 10:14 AM ] |
MySQL 5.5.28 |
Comment by Robin Shen [ 06/May/14 11:29 PM ] |
Can you please take a mysql dump of your database and send to [robin AT pmease DOT com]? I am wondering what character is actaully storing in database as every & has been encoded correctly at my side. If you care about the sensitive information, you may reproduce this with simple configurations in a demo database to send me the dump. |