Fixes #37341 - catch exception if host parameter can not be rendered #10122
Conversation
|
[test katello] |
|
[test unit] |
|
Looks like, the bug was introduced with c8236d2 @nadjaheitmann - maybe you want tor review this? |
There was a problem hiding this comment.
@sbernhard Is it possible to adapt/add tests to catch this error
sbernhard
force-pushed
the
fix_37341
branch
18 times, most recently
from
722ab7d
to
937967a
Compare
sbernhard
force-pushed
the
fix_37341
branch
13 times, most recently
from
4e12efe
to
7633793
Compare
| if host.params.has_key? "#{last_report.origin.downcase}_interval" | ||
| interval = host.params["#{last_report.origin.downcase}_interval"] | ||
| end | ||
| rescue NameError, Safemode::SecurityError, Safemode::NoMethodError => exception |
There was a problem hiding this comment.
I'm not sure I like catching these exceptions here in the model layer. A user doesn't have access to the logs so they don't know their parameter is silently ignored.
Implementation wise I'd really want it to be:
def reported_origin_interval
return unless last_report&.origin
name = "#{last_report.origin.downcase}_interval"
host.params.fetch(name) { Setting[name.to_sym] }
endLooking at the code I think host.params will render all the parameters, so just calling that should be enough to trigger it an exception.
Thinking about solving it at a deeper level: should parameters be rendered before saving? Can that reliably work? It may still not be enough.
Perhaps HostParams needs a safe_params that ignores any invalid ERB. The reason I suggest this is that we use params in more places so I suspect there are more ways this bug could surface.
See https://projects.theforeman.org/issues/37341#note-1 for the reproducer
rescue blocks catches exception if safemode is 'on' and if 'off'