[tor-bugs] #6708 [pyonionoo]: Pyonionoo returns code 500 for a few parameters
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Sep 27 16:20:12 UTC 2012
#6708: Pyonionoo returns code 500 for a few parameters
--------------------------+-------------------------------------------------
Reporter: karsten | Owner: gsathya
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: pyonionoo | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
--------------------------+-------------------------------------------------
Comment(by gsathya):
Replying to [comment:24 karsten]:
> Hrmm, I ran into a problem with the new lookup code. Please see commit
b6eae77 in my
[https://gitweb.torproject.org/user/karsten/pyonionoo.git/shortlog/refs/heads/bug_6708
bug_6708 branch].
{{{
We currently mix AND and OR conditions in the SELECT statement without
correctly parethesizing them. This could lead to surprising results
when combining the lookup parameter with other parameters.
}}}
I was wondering about this as well. I tried a couple of test cases and it
seemed to work so I decided to leave it as such. But, it's definitely
better to be safe than sorry. This is much better.
Couple of things -
* The lookup parameter should accept only the full 40 char fingerprint or
hashed_fingerprint. It shouldn't work otherwise. This isn't explicitly
stated on the Onionoo spec, but this is how Onionoo behaves. (Change the
spec maybe?) Using {{{%% %s%%}}} makes it work with <40 char strings.
{{{%% %s}}} should fix it. We should also check the length in
handlers/arguments.py and return a 400 if it's <40 chars. Hmm, maybe we
should validate the other input lengths as well(like country). Possibly
make this a separate ticket?
* I don't see why hashed_fingerprint and fingerprint need to be case
insensitive anymore.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6708#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list