Page 1 of 1
Sanitize inputs for Oolite-manifests.plist
Posted: Wed Sep 01, 2021 3:07 am
by Ramen
So we had an issue today where someone accidentally forgot to escape a quote properly and the entire plist became invalid. I think it would be a good idea to make sure that doesn't happen again.
Re: Sanitize inputs for Oolite-manifests.plist
Posted: Wed Sep 01, 2021 3:40 pm
by hiran
Ramen wrote: ↑Wed Sep 01, 2021 3:07 am
So we had an issue today where someone accidentally forgot to escape a quote properly and the entire plist became invalid. I think it would be a good idea to make sure that doesn't happen again.
Well, that's what syntax errors are about. They can come at runtime.
I think a better aproach would be to harden Oolite so it can handle the situation and guide the user.
What was the outcome BTW? How does Oolite behave is "the entire plist is invalid"?
Re: Sanitize inputs for Oolite-manifests.plist
Posted: Wed Sep 01, 2021 7:51 pm
by Ramen
hiran wrote: ↑Wed Sep 01, 2021 3:40 pm
What was the outcome BTW? How does Oolite behave is "the entire plist is invalid"?
It rejects the entire OXP list and defaults to the old one. As for hardening, yeah that's kind of what I meant, maybe I didn't say that clearly enough.
Re: Sanitize inputs for Oolite-manifests.plist
Posted: Thu Sep 02, 2021 3:14 pm
by Cmdr James
Maybe Im a bit OCD about this, but we shouldnt try to work around things like unmatched or wrongly escaped quotes, this is a recipe for flaky half working code which mysteriously stops working from time to time.
We should simply log the error clearly or better provide an easy to use OXP validation tool which supports development by clearly identifying issues.
Re: Sanitize inputs for Oolite-manifests.plist
Posted: Thu Sep 02, 2021 8:02 pm
by hiran
Ramen wrote: ↑Wed Sep 01, 2021 7:51 pm
hiran wrote: ↑Wed Sep 01, 2021 3:40 pm
What was the outcome BTW? How does Oolite behave is "the entire plist is invalid"?
It rejects the entire OXP list and defaults to the old one. As for hardening, yeah that's kind of what I meant, maybe I didn't say that clearly enough.
Then I had understood you wrongly. Since you mentioned "ensure this does not happen again" I thought we ensure there are no more OXPs with syntactically wrong plist files. Which is something we should strive for but it is different from hardening Oolite to handle the situation.