RESOLVED FIXED 223262
[resultsdbpy] Return new-style commits 
https://bugs.webkit.org/show_bug.cgi?id=223262
Summary [resultsdbpy] Return new-style commits
Jonathan Bedard
Reported 2021-03-16 10:40:22 PDT
When requesting commit information, the results database should return new-styled commits containing identifiers.
Attachments
Patch (112.01 KB, patch)
2021-03-25 14:06 PDT, Jonathan Bedard 		no flags
DetailsFormatted DiffDiff
Patch (118.55 KB, patch)
2021-03-26 13:28 PDT, Jonathan Bedard 		no flags
DetailsFormatted DiffDiff
Patch (119.73 KB, patch)
2021-03-29 11:47 PDT, Jonathan Bedard 		no flags
DetailsFormatted DiffDiff
Patch (120.85 KB, patch)
2021-03-29 16:37 PDT, Jonathan Bedard 		no flags
DetailsFormatted DiffDiff
Patch for landing (1.80 KB, patch)
2021-03-30 11:25 PDT, Jonathan Bedard 		no flags
DetailsFormatted DiffDiff
Patch for landing (1.80 KB, patch)
2021-03-30 11:40 PDT, Jonathan Bedard 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-03-16 10:40:37 PDT
<rdar://problem/75483361>
Jonathan Bedard
Comment 2 2021-03-25 14:06:44 PDT
Created attachment 424278 [details] Patch
Jonathan Bedard
Comment 3 2021-03-26 13:28:37 PDT
Created attachment 424399 [details] Patch
Jonathan Bedard
Comment 4 2021-03-29 11:47:06 PDT
Created attachment 424554 [details] Patch
dewei_zhu
Comment 5 2021-03-29 12:01:39 PDT
Comment on attachment 424554 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=424554&action=review r=me > Tools/Scripts/libraries/resultsdbpy/resultsdbpy/controller/commit_controller.py:32 > + if bool(ref) + bool(uuid) + bool(timestamp) > 1: Is this equivalent to `any([ref, uuid, timestamp])`? > Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/remote/git_hub.py:-26 > -from datetime import datetime Why do we defer the import here?
Jonathan Bedard
Comment 6 2021-03-29 13:11:05 PDT
Comment on attachment 424554 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=424554&action=review >> Tools/Scripts/libraries/resultsdbpy/resultsdbpy/controller/commit_controller.py:32 >> + if bool(ref) + bool(uuid) + bool(timestamp) > 1: > > Is this equivalent to `any([ref, uuid, timestamp])`? Not quite. We need at most one of these arguments. >> Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/remote/git_hub.py:-26 >> -from datetime import datetime > > Why do we defer the import here? Because date time is a bit of a mess, and we can end up having trouble installing the module on some Python 2 configurations. Since we only need it for testing, it makes the most sense to defer the import.
Zhifei Fang
Comment 7 2021-03-29 15:11:36 PDT
Comment on attachment 424554 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=424554&action=review > Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/commit.js:114 > + &#60<a href="mailto:${escapeHTML(cell.commit.author.emails[0])}">${escapeHTML(cell.commit.author.emails[0])}</a>&#62 <br>` : ''} Since the author.email is in an attribute, just escape html tag may not be enough, it can be easily inject something like this: " onMouseover= "javascript:alert('You are hacked!') Then you will end up with something like <a href="mailto:" onmouseover="alert('You are hacked')"> Need to consider " as welll, it can easily close href and create a new attribute, and easily inject with some unwanted code > Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/timeline.js:195 > + &#60<a href="mailto:${escapeHTML(node.label.author.emails[0])}">${escapeHTML(node.label.author.emails[0])}</a>&#62` : ''} Ditto
Jonathan Bedard
Comment 8 2021-03-29 16:37:41 PDT
Created attachment 424601 [details] Patch
EWS
Comment 9 2021-03-29 19:27:30 PDT
Committed r275195: <https://commits.webkit.org/r275195> All reviewed patches have been landed. Closing bug and clearing flags on attachment 424601 [details].
Jonathan Bedard
Comment 10 2021-03-30 11:25:55 PDT
Reopening to attach new patch.
Jonathan Bedard
Comment 11 2021-03-30 11:25:57 PDT
Created attachment 424664 [details] Patch for landing
EWS
Comment 12 2021-03-30 11:26:35 PDT
ChangeLog entry in Tools/ChangeLog contains OOPS!.
Jonathan Bedard
Comment 13 2021-03-30 11:40:57 PDT
Created attachment 424666 [details] Patch for landing
EWS
Comment 14 2021-03-30 12:17:44 PDT
Committed r275226: <https://commits.webkit.org/r275226> All reviewed patches have been landed. Closing bug and clearing flags on attachment 424666 [details].
Note You need to log in before you can comment on or make changes to this bug.