Last modified: 2012-11-28 13:50:04 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T38519, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 36519 - Validate data structure
Validate data structure
Status: VERIFIED FIXED
Product: MediaWiki extensions
Classification: Unclassified
WikidataRepo (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Wikidata bugs
: testme
Depends on:
Blocks: 36431
  Show dependency treegraph
 
Reported: 2012-05-04 14:51 UTC by jeblad
Modified: 2012-11-28 13:50 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description jeblad 2012-05-04 14:51:12 UTC 
In the present version of Wikidata it is possible to add all kinds of stuff into an item by creating a valid JSON structure and saving it. This could create serious problems with data integrity and consistency.

There are several ways to clean up the structure, and one of the simplest is perhaps to traverse the structure and flag those branches and leafs that can't be somehow validated as legal. Note that the focus should be on letting a legal structure pass after successful tests, and not on failing an illegal one.
Comment 1 denny vrandecic 2012-05-08 10:58:20 UTC 
This is only true for the wbsetitem module, right? All other modules are safe?
Comment 2 jeblad 2012-05-08 13:09:00 UTC 
It will only happen if a module (or whatever else) can create an object that is later unserialized. In the module wbsetitem this is done regularly, but will be removed at some point in the future. If its not removed and/or some other module (or special page) allow unserialization (typically because it allow bulk upload to be unserialized) it will be necessary to have a cleanup and/or validation routine.
Comment 3 denny vrandecic 2012-05-08 13:14:00 UTC 
Do you mind if I rename the bug then to "Validate data structure"? As far as I understand it, this would be sufficient to perform such a validation before actually commiting a save?
Comment 4 Jeroen De Dauw 2012-05-08 13:24:39 UTC 
This ties in with the isValid method I proposed at the secondary storage consistency bug. Need to be added to Content class.
Comment 5 denny vrandecic 2012-05-08 13:49:10 UTC 
This is right. I rename this bug and make it at the same time a dependency for the Bug #36431 the one about the secondary storage.
Comment 6 jeblad 2012-05-08 15:05:28 UTC 
Seems to be more appropriate as it is really more about data integrity than data security. Unless unserialize is allowed to do some strange things, or that interpretation of the data structure do some strange things.
Comment 7 jeblad 2012-07-09 11:37:38 UTC 
The module wbsetitem is changed in https://gerrit.wikimedia.org/r/#/c/14762/ so it is somewhat more difficult to create weird structures. The item itself should although validate its internal structure before save, even if all API modules now tries to be more strict on whats goes into the item.
Comment 8 denny vrandecic 2012-07-27 13:30:21 UTC 
Add a test for trying not well-defined inputs.
Comment 9 jeblad 2012-08-24 10:06:19 UTC 
Fixed in the new tests for the API.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links