#1 chisel 3 years ago

Comment by ~nilium on ~nilium/nilium

Wrong form.

REPORTED RESOLVED INVALID

#1 chisel 3 years ago

Ticket created by ~nilium on ~nilium/nilium

#1 sql: Unable to load query from file using @file 4 years ago

~nilium unassigned ~nilium from #1 on ~nilium/tools

#1 sql: Unable to load query from file using @file 4 years ago

Comment by ~nilium on ~nilium/tools

Fixed in 98a99f50db86c021f39554bacdfa61474411781a.

REPORTED RESOLVED FIXED

#1 sql: Unable to load query from file using @file 4 years ago

~nilium assigned ~nilium to #1 on ~nilium/tools

#1 sql: Unable to load query from file using @file 4 years ago

sql added by ~nilium on ~nilium/tools

#1 sql: Unable to load query from file using @file 4 years ago

Ticket created by ~nilium on ~nilium/tools

Queries cannot be loaded from files in the latest version of sql. This is likely due to a bug in how the parameter parsing was refactored to support concrete types and arrays, so the query parameter is no longer being passed through the file reading function.

#1 Add signing / encryption of cached data 4 years ago

on ~nilium/ghaccountsd

REPORTED RESOLVED FIXED

#1 Add signing / encryption of cached data 4 years ago

Ticket created by ~nilium on ~nilium/ghaccountsd

To avoid the case where someone modifies a cached item, there should be some way to either sign or encrypt (or both) cache data, and report when a cached item has been knowingly tampered with. Without this, it's possible to modify a cached item and insert, for example, an SSH key into a user record or fabricate an entire user.

It may be necessary to apply this broadly to memory caches as well as disk and memcache caches, but by the time someone is tampering with the memory cache, it's likely that they also have all the components needed to either fabricate realistic cache items or to simply point a ghaccountsd instance to a different token, organization, and team. So, memory caches aren't my main concern right now.

#246 Adding a git repository with a null/None description to a project returns a 500 error 4 years ago

Ticket created by ~nilium on ~sircmpwn/sr.ht

If you add a respository without a description (i.e., a request to /api/repos/$name has a null description field), this results in an 500 internal server error response. I'm not sure yet about what is returned via the API (if one exists), so this is partly through the sr.ht UI.

Not sure if this belongs under hub.sr.ht at the moment. Project creation happens on sr.ht itself, so wasn't clear on that.

This can be reproduced with the following:

1. Create a repository via the API without a description (just don't pass the field, it'll default to null instead of an empty string).[^1]

   When checking the repository via the API, its description should be null.

2. Create a project (e.g., on https://sr.ht).

3. Add the new repository to the project.

That should reproduce the error. I haven't dug around in the code or tried to run it myself yet, so unfortunately don't have much detail on this. Hopefully it's reproducible -- if not, I'll see if I can narrow it down further.

I also haven't tested to see if this applies to hg repositories.

Edit: Workaround for anyone encountering this, by the way, is to add a description to the repository (even if it's just an empty string).

[^1]: This also results in "None" showing in the UI when you edit the description, which might need to be a separate ticket if that's not intended.