Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent panic on error whilst getting storage #13164

Merged
merged 3 commits into from
Oct 16, 2020
Merged

Prevent panic on error whilst getting storage #13164

merged 3 commits into from
Oct 16, 2020

Conversation

zeripath
Copy link
Contributor

  • The .Use of storageHandler before setting up the template renderer
    causes a panic if there is an error to log.
  • The error passed to ctx.Error in that case may contain sensitive
    information and should not be rendered to the end user. We should
    instead log the error and render a simple error message.
  • There is no handling of missing avatars and this needs a 404. Minio
    errors need to be mapped to standard golang errors such as
    os.ErrNotExist.
  • There is no logging when storage is set up.

Related #13159

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Prevent panics with missing storage
ec498bb 
* The `.Use` of storageHandler before setting up the template renderer
causes a panic if there is an error to log.
* The error passed to `ctx.Error` in that case may contain sensitive
information and should not be rendered to the end user. We should
instead log the error and render a simple error message.
* There is no handling of missing avatars and this needs a 404. Minio
errors need to be mapped to standard golang errors such as
os.ErrNotExist.
* There is no logging when storage is set up.

Related go-gitea#13159

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.14.0 milestone Oct 15, 2020
@zeripath zeripath changed the title Prevent panics with missing storage Prevent panic on error whilst getting storage Oct 15, 2020
@zeripath
Copy link
Contributor Author

I have not marked this a fixing #13159 because I am uncertain as to the root of their errors. It could simply be that the default location for avatars is now different but I think we looked very carefully at that to prevent that.

Unfortunately there was no logging so we cannot be sure what the configuration is. This PR now adds some logging.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Oct 15, 2020
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Oct 15, 2020
@6543 6543 added the type/enhancement An improvement of existing functionality label Oct 15, 2020
@codecov-io
Copy link

codecov-io commented Oct 16, 2020
edited
Loading

Codecov Report

Merging #13164 into master will increase coverage by 0.00%.
The diff coverage is 13.33%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master   #13164   +/-   ##
=======================================
  Coverage   42.04%   42.04%           
=======================================
  Files         681      681           
  Lines       75145    75173   +28     
=======================================
+ Hits        31596    31609   +13     
- Misses      38393    38410   +17     
+ Partials     5156     5154    -2
Impacted Files Coverage Δ
modules/storage/minio.go 1.81% <0.00%> (-0.23%) ⬇️
routers/routes/routes.go 84.87% <6.66%> (-1.10%) ⬇️
modules/storage/local.go 40.74% <100.00%> (+1.11%) ⬆️
modules/storage/storage.go 58.18% <100.00%> (+3.27%) ⬆️
modules/log/event.go 59.90% <0.00%> (-1.89%) ⬇️
services/pull/pull.go 40.78% <0.00%> (-0.50%) ⬇️
modules/git/repo.go 46.70% <0.00%> (+0.50%) ⬆️
services/pull/patch.go 54.54% <0.00%> (+1.70%) ⬆️
services/pull/check.go 51.82% <0.00%> (+2.18%) ⬆️
services/pull/temp_repo.go 29.78% <0.00%> (+3.19%) ⬆️
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cb171db...c5d774a. Read the comment docs.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Oct 16, 2020
@techknowlogick techknowlogick merged commit 91f2afd into go-gitea:master Oct 16, 2020
@zeripath zeripath deleted the fix-13159-prevent-panics-in-missing-avatars branch October 16, 2020 07:08
@zeripath
Copy link
Contributor Author

Damn damn damn. I got the error conversion incorrect here - this'll teach me for not actually making unit tests!

We should be mostly converting to os.PathError and checking that instead of plain os errors.

@6543
Copy link
Member

6543 commented Oct 16, 2020

@zeripath I think, at this point we can invent a new error strukts ourselve :)

@zeripath
Copy link
Contributor Author

I think if we just use errors.Is(err, os.ErrNotExist) then we can keep the convert very simple.

@zeripath zeripath mentioned this pull request Oct 16, 2020
Closed
zeripath added a commit to zeripath/gitea that referenced this pull request Oct 16, 2020
@zeripath
When handling errors in storageHandler check underlying error
2ec8a7e 
Unfortunately there was a mistake in go-gitea#13164 which fails to handle
os.PathError wrapping an os.ErrNotExist

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Oct 16, 2020
Merged
ivanvc added a commit to ivanvc/gitea that referenced this pull request Oct 16, 2020
@ivanvc
Merge remote-tracking branch 'origin/master' into update-outdated-com…
65328d9 
…ments-in-pull-request-label-style

* origin/master:
  [skip ci] Updated translations via Crowdin
  Fix diff skipping lines (go-gitea#13154)
  Update go-version v1.2.3 -> v1.2.4 (go-gitea#13169)
  Vendor Update Go Libs (go-gitea#13166)
  Prevent panics with missing storage (go-gitea#13164)
  Improve users management through the CLI (go-gitea#6001) (go-gitea#10492)
  Change order of possible-owner organizations to alphabetical (go-gitea#13160)
  Slightly simplify the queue settings code to help reduce the risk of problems (go-gitea#12976)
  [Vendor] Update go-ldap to v3.2.4 (go-gitea#13163)
  [skip ci] Updated translations via Crowdin
  Update external-renderers.en-us.md (go-gitea#13165)
@zeripath zeripath mentioned this pull request Oct 17, 2020
Closed
techknowlogick added a commit that referenced this pull request Oct 18, 2020
@zeripath @techknowlogick
When handling errors in storageHandler check underlying error (#13178)
25b7766 
Unfortunately there was a mistake in #13164 which fails to handle
os.PathError wrapping an os.ErrNotExist

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
techknowlogick added a commit to techknowlogick/gitea that referenced this pull request Oct 18, 2020
@zeripath @techknowlogick
When handling errors in storageHandler check underlying error (go-git…
6876fd6 
…ea#13178)

Unfortunately there was a mistake in go-gitea#13164 which fails to handle
os.PathError wrapping an os.ErrNotExist

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
@techknowlogick techknowlogick mentioned this pull request Oct 18, 2020
Merged
@techknowlogick techknowlogick added the backport/done All backports for this PR have been created label Oct 18, 2020
@techknowlogick
Copy link
Member

Backport sent. It is #13193

zeripath added a commit that referenced this pull request Oct 18, 2020
@techknowlogick @zeripath
When handling errors in storageHandler check underlying error (#13178) (
aca13f9 
#13193)

Unfortunately there was a mistake in #13164 which fails to handle
os.PathError wrapping an os.ErrNotExist

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
zeripath added a commit to zeripath/gitea that referenced this pull request Oct 25, 2020
@zeripath
add missing changes from backport go-gitea#13164
6f2dfca 
Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Oct 25, 2020
Merged
techknowlogick pushed a commit that referenced this pull request Oct 26, 2020
@zeripath @lunny
Fix Storage mapping (#13297) (#13307)
5da8a84 
* Fix Storage mapping (#13297)

Backport #13297

This PR fixes several bugs in setting storage

* The default STORAGE_TYPE should be the provided type.
* The Storage config should be passed in to NewStorage as a pointer - otherwise the Mappable interface function MapTo will not be found
* There was a bug in the MapTo function.

Fix #13286

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add missing changes from backport #13164

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@6543 6543 6543 approved these changes

@lafriks lafriks lafriks approved these changes

@lunny lunny lunny approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.14.0
Development

Successfully merging this pull request may close these issues.
7 participants
@zeripath @codecov-io @6543 @techknowlogick @lunny @lafriks @GiteaBot