[tor-bugs] #6708 [pyonionoo]: Pyonionoo returns code 500 for a few parameters

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Sep 27 16:20:12 UTC 2012 

#6708: Pyonionoo returns code 500 for a few parameters
--------------------------+-------------------------------------------------
    Reporter:  karsten    |       Owner:  gsathya     
        Type:  defect     |      Status:  needs_review
    Priority:  normal     |   Milestone:              
   Component:  pyonionoo  |     Version:              
  Resolution:             |    Keywords:              
      Parent:             |      Points:              
Actualpoints:             |  
--------------------------+-------------------------------------------------

Comment(by gsathya):

 Replying to [comment:24 karsten]:
 > Hrmm, I ran into a problem with the new lookup code.  Please see commit
 b6eae77 in my
 [https://gitweb.torproject.org/user/karsten/pyonionoo.git/shortlog/refs/heads/bug_6708
 bug_6708 branch].

 {{{
 We currently mix AND and OR conditions in the SELECT statement without
   correctly parethesizing them.  This could lead to surprising results
   when combining the lookup parameter with other parameters.
 }}}

 I was wondering about this as well. I tried a couple of test cases and it
 seemed to work so I decided to leave it as such. But, it's definitely
 better to be safe than sorry. This is much better.

 Couple of things -
 * The lookup parameter should accept only the full 40 char fingerprint or
 hashed_fingerprint. It shouldn't work otherwise. This isn't explicitly
 stated on the Onionoo spec, but this is how Onionoo behaves. (Change the
 spec maybe?) Using {{{%% %s%%}}} makes it work with <40 char strings.
 {{{%% %s}}} should fix it. We should also check the length in
 handlers/arguments.py and return a 400 if it's <40 chars. Hmm, maybe we
 should validate the other input lengths as well(like country). Possibly
 make this a separate ticket?

 * I don't see why hashed_fingerprint and fingerprint need to be case
 insensitive anymore.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6708#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list