[tor-bugs] #6708 [pyonionoo]: Pyonionoo returns code 500 for a few parameters

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Sep 27 18:15:43 UTC 2012 

#6708: Pyonionoo returns code 500 for a few parameters
--------------------------+-------------------------------------------------
    Reporter:  karsten    |       Owner:  gsathya       
        Type:  defect     |      Status:  needs_revision
    Priority:  normal     |   Milestone:                
   Component:  pyonionoo  |     Version:                
  Resolution:             |    Keywords:                
      Parent:             |      Points:                
Actualpoints:             |  
--------------------------+-------------------------------------------------

Comment(by karsten):

 Replying to [comment:26 gsathya]:
 > I was wondering about this as well. I tried a couple of test cases and
 it seemed to work so I decided to leave it as such. But, it's definitely
 better to be safe than sorry. This is much better.

 Great!

 > * The lookup parameter should accept only the full 40 char fingerprint
 or hashed_fingerprint. It shouldn't work otherwise. This isn't explicitly
 stated on the Onionoo spec, but this is how Onionoo behaves. (Change the
 spec maybe?) Using {{{%% %s%%}}} makes it work with <40 char strings.
 {{{%% %s}}} should fix it. We should also check the length in
 handlers/arguments.py and return a 400 if it's <40 chars. Hmm, maybe we
 should validate the other input lengths as well(like country). Possibly
 make this a separate ticket?

 You're right, the lookup parameter is only supposed to work for full
 fingerprints of 40 hex characters.  That's why the spec doesn't say
 "beginning of a fingerprint" like it does for the search parameter.  I
 made that more explicit though.

 But we shouldn't change the `"%% %s%%"` part, because that would break
 looking up the first fingerprint in the lookup field.  We should rather
 check that the parameter is 40 chars long before running the database
 query.

 Would you mind adding that check, and a similar check for the country
 parameter?  (I'm pretty much hosed with other stuff at the moment, and I
 don't want you to block on me until I have free cycles again.  Thanks!)

 By the way, I hope that we'll have an easier time spotting and fixing
 these bugs once we have good tests available.

 > * I don't see why hashed_fingerprint and fingerprint need to be case
 insensitive anymore.

 You're right, that's not necessary anymore.  Mind changing it back?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6708#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list