Resuming a session may result in different run_list
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| PlainBox (Toolkit) |
Fix Released
|
Medium
|
Zygmunt Krynicki | ||
Bug Description
In the following example, resuming a session will result in a different run_list. This may be abused to inject jobs into a session and thus break the suspend / resume guarantee.
Assuming the following session:
- desired_job_list: [a]
- run_list: [a]
- results: []
Currently job a has no dependencies, let's say it has checkum a_checksum_1. It's checksum is not mentioned in the session file as it does not have any results yet. The session is saved with format 4
Let's modify the job database and inject a dependency a_dep on a.
Resuming the previously saved session results in the following data:
- desired_job_list: [a]
- run_list: [a_dep, a]
- results: []
I think we should have detected the modification and prevented this resume operation. This would not have happened in the 3rd format.
Related branches
- Maciej Kisielewski (community): Approve
-
Diff: 78 lines (+42/-4)2 files modifiedplainbox/plainbox/impl/session/suspend.py (+7/-4)
plainbox/plainbox/impl/session/test_suspend.py (+35/-0)
- Pierre Equoy: Approve
-
Diff: 99 lines (+8/-8)8 files modifiedcheckbox-ng/checkbox_ng/__init__.py (+1/-1)
checkbox-ng/setup.py (+1/-1)
checkbox-support/setup.py (+1/-1)
plainbox/plainbox/__init__.py (+1/-1)
plainbox/setup.py (+1/-1)
providers/plainbox-provider-checkbox/manage.py (+1/-1)
providers/plainbox-provider-resource-generic/manage.py (+1/-1)
providers/plainbox-provider-sru/manage.py (+1/-1)
| Changed in plainbox: | |
| status: | New → In Progress |
| importance: | Undecided → Medium |
| assignee: | nobody → Zygmunt Krynicki (zkrynicki) |
| milestone: | none → 0.16 |
| Changed in plainbox: | |
| status: | In Progress → Fix Committed |
| description: | updated |
| Changed in plainbox: | |
| status: | Fix Committed → Fix Released |
