Ticket #128: sensitivetickets-deny-nonexistent.patch

File sensitivetickets-deny-nonexistent.patch, 2.1 KB (added by andersk, 15 years ago)

  • sensitivetickets/sensitivetickets.py 

    From b6449834a4c5fc61d9f6d4f192a67ed31e2589c0 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Wed, 5 May 2010 03:53:12 -0400
Subject: [PATCH] Deny access to nonexistent tickets instead of throwing an exception.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, the SensitiveTickets plugin threw an “Invalid Ticket
Number” exception not only when displaying nonexistent tickets, but
also when displaying tickets that accidentally link to nonexistent
tickets, e.g. because someone happened to write #999999 in a comment.
Fix this by properly denying access to nonexistent tickets.

(Allowing access to nonexistent tickets would lead to a dangerous race
condition when an attacker views a sensitive ticket just as it’s being
created.)

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
---
 sensitivetickets/sensitivetickets.py |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/sensitivetickets/sensitivetickets.py b/sensitivetickets/sensitivetickets.py
index 6470301..778fab8 100644
    a b from trac.core import * 
    1010from trac.perm import IPermissionPolicy, IPermissionRequestor
    1111from trac.env import IEnvironmentSetupParticipant
    1212from trac.ticket.model import Ticket
     13from trac.resource import ResourceNotFound
    1314
    1415class SensitiveTicketsPolicy(Component):
    1516    """Prevent public access to security sensitive tickets.
    class SensitiveTicketsPolicy(Component): 
    4546            resource = resource.parent
    4647
    4748        if resource and resource.realm == 'ticket' and resource.id is not None:
    48             ticket = Ticket(self.env, int(resource.id))
    49             sensitive = ticket['sensitive']
     49            try:
     50                ticket = Ticket(self.env, int(resource.id))
     51                sensitive = ticket['sensitive']
     52            except ResourceNotFound:
     53                sensitive = 1  # Fail safe to prevent a race condition.
    5054
    5155            if sensitive and int(sensitive):
    5256                if 'SENSITIVE_VIEW' not in perm: