Opened 10 years ago

Closed 8 years ago

Last modified 8 years ago

#3203 closed task (wontfix)

Need to check Sugar for places where we might break on invalid data from the outside

Reported by: sascha_silbe Owned by: sascha_silbe
Priority: Unspecified by Maintainer Milestone:
Component: Sugar Version: Git as of bugdate
Severity: Major Keywords:
Cc: Distribution/OS:
Bug Status: New

Description

#3200 has shown that we need to be careful about any data we get passed from the outside, e.g. via activity bundles. Invalid data from the outside - regardless whether it's because of user (developer) mistake, corrupted files or even outright malice - should not be be able to impact regular Sugar operation. We need to audit all places where we handle data from the outside and check for potential breakage.

Hardening e.g. sugar-toolkit against broken icons doesn't help:

  1. If a system icon is broken, we'll want to know that.
  2. Different parts of the system will want to take different actions (e.g. different default icons) for invalid data.

Change History (7)

comment:1 Changed 10 years ago by sascha_silbe

Known places that need to be fixed:

  • Ring / Spiral View: no icon if activity icon is broken, no way to open palette
  • Journal list view: should show default icon instead of empty icon for instances of activities that have a broken icon (Palette works, though)

comment:2 Changed 10 years ago by erikos

The olpc activity updater is affected by a broken activity icon as well, and is unusable. But you can quit it in a normal manner.

comment:3 Changed 10 years ago by erikos

  • Milestone changed from Unspecified by Release Team to 0.96
  • Owner set to sascha_silbe
  • Status changed from new to assigned

Assigning this to Sascha so it has an owner and setting the milestone.

comment:4 Changed 9 years ago by sascha_silbe

  • Milestone changed from 0.96 to 0.98

comment:5 Changed 8 years ago by godiard

  • Milestone changed from 0.98 to 1.0

comment:6 Changed 8 years ago by dnarvaez

  • Resolution set to wontfix
  • Status changed from assigned to closed

I really think this bug is too generic to be of any use. It applies to any piece of software. I don't see anyone having the time to do a full audit, feel free to do that yourself and post tickets for the issues you find.

comment:7 Changed 8 years ago by dnarvaez

  • Milestone 1.0 deleted

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.