Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve "Failed to find..." messages (20.08) #1395

Merged
merged 5 commits into from
Jan 21, 2021
Merged

Improve "Failed to find..." messages (20.08) #1395

merged 5 commits into from
Jan 21, 2021

Conversation

timopollmeier
Copy link
Member

@timopollmeier timopollmeier commented Jan 20, 2021
edited
Loading

What:
This fixes the following issues with the "Failed to find..." messages.

  1. If a SecInfo entry cannot be found by ID or name, the error message will
    say it cannot find the given ID or name instead of a message that the
    type could not be found.
  2. XML escaping is applied to the error messages.
  3. Error messages if a filter given by filt_id cannot be found now say "filter"
    instead of using the type of the get_ command.

Why:

  1. The previous message was misleading and should only be used if
    an invalid info_type was used.
  2. When requesting a name or id with quote marks and possibly other
    reserved characters, the response would be invalid.
  3. The message was wrong and misleading.

How did you test it:

  1. Tested by requesting a nonexistent CPE via GSA.
  2. Tested by requesting a an id containing a quote mark via gvm-cli.

Checklist:

@timopollmeier
Improve get_info "Failed to find..." message
fc01f50 
If a SecInfo entry cannot be found by ID or name, the error message will
say it cannot find the given ID or name instead of a misleading message
that the type could not be found.
@timopollmeier
Add improved get_info error message to CHANGELOG
b34580e
@timopollmeier timopollmeier marked this pull request as ready for review January 20, 2021 14:25
mattmundell
mattmundell requested changes Jan 20, 2021
View reviewed changes
src/gmp.c
get_info_data->type,
if (send_find_error_to_client ("get_info",
get_info_data->name
? "name"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this would break if name/id contained a ".

It was safe for type because it's checked above.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a general issue with send_find_error_to_client that was only avoided so far because of the id validation in GSA, so I'll change that function to XML escape the input.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue should be addressed with 9504567.

@timopollmeier timopollmeier marked this pull request as draft January 21, 2021 07:41
@timopollmeier
Use XML-escaping in send_find_error_to_client
9504567 
This ensures the error messages work if reserved characters are used in
the requested id or name.
@timopollmeier timopollmeier changed the title Improve get_info "Failed to find..." message (20.08) Improve "Failed to find..." messages (20.08) Jan 21, 2021
@timopollmeier
Update CHANGELOG for "Failed to find" messages
50adcc9
@timopollmeier
Fix filt_id "Failed to find filter" messages
d522fec 
Some of the messages used the type of the get_... command instead of
"filter" when the filter given by filt_id could not be found.
@timopollmeier timopollmeier marked this pull request as ready for review January 21, 2021 10:06
@mattmundell mattmundell merged commit b61053a into greenbone:gvmd-20.08 Jan 21, 2021
@timopollmeier timopollmeier added the backport-to-main This pull request will be ported to the master branch label Feb 8, 2021
@mergify mergify bot mentioned this pull request Feb 8, 2021
Merged
timopollmeier added a commit that referenced this pull request Feb 8, 2021
@timopollmeier
Merge pull request #1413 from greenbone/mergify/bp/master/pr-1395
c02001b 
Improve "Failed to find..." messages (20.08) (bp #1395)
@timopollmeier timopollmeier deleted the get_info-404-message branch October 15, 2021 10:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmundell mattmundell mattmundell approved these changes

Assignees
No one assigned
Labels
backport-to-main This pull request will be ported to the master branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timopollmeier @mattmundell