Page MenuHomePhabricator
Create Task
Maniphest T186909

Unknown input type to UUID class: array
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

Spotted in production:

[{exception_id}] {exception_url} Flow\Exception\InvalidParameterException from line 201 of /srv/mediawiki/php-1.31.0-wmf.20/extensions/Flow/includes/Model/UUID.php: Unknown input type to UUID class: array
stacktrace
#0 /srv/mediawiki/php-1.31.0-wmf.20/extensions/Flow/includes/Block/Header.php(249): Flow\Model\UUID::create(array)
#1 /srv/mediawiki/php-1.31.0-wmf.20/extensions/Flow/includes/Block/Header.php(229): Flow\Block\HeaderBlock->renderDiffviewApi(array)
#2 /srv/mediawiki/php-1.31.0-wmf.20/extensions/Flow/includes/View.php(217): Flow\Block\HeaderBlock->renderApi(array)
#3 /srv/mediawiki/php-1.31.0-wmf.20/extensions/Flow/includes/View.php(69): Flow\View->buildApiResponse(Flow\WorkflowLoader, array, string, array)
#4 /srv/mediawiki/php-1.31.0-wmf.20/extensions/Flow/includes/Actions/Action.php(112): Flow\View->show(Flow\WorkflowLoader, string)
#5 /srv/mediawiki/php-1.31.0-wmf.20/extensions/Flow/includes/Actions/Action.php(50): Flow\Actions\FlowAction->showForAction(string)
#6 /srv/mediawiki/php-1.31.0-wmf.20/includes/MediaWiki.php(500): Flow\Actions\FlowAction->show()
#7 /srv/mediawiki/php-1.31.0-wmf.20/includes/MediaWiki.php(294): MediaWiki->performAction(Article, Title)
#8 /srv/mediawiki/php-1.31.0-wmf.20/includes/MediaWiki.php(858): MediaWiki->performRequest()
#9 /srv/mediawiki/php-1.31.0-wmf.20/includes/MediaWiki.php(524): MediaWiki->main()
#10 /srv/mediawiki/php-1.31.0-wmf.20/index.php(42): MediaWiki->run()
#11 /srv/mediawiki/w/index.php(3): include(string)
#12 {main}

Details

SubjectRepoBranchLines +/-
Handle $input as array in UUID::createmediawiki/extensions/Flowwmf/1.31.0-wmf.20+3 -0
Handle $input as array in UUID::createmediawiki/extensions/Flowmaster+3 -0
Validate that 'newRevision' param is a stringmediawiki/extensions/Flowmaster+2 -2
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedRelease demonT183959 1.31.0-wmf.20 deployment blockers
 ResolvedPRODUCTION ERRORSBissonT186909 Unknown input type to UUID class: array

Event Timeline

demon triaged this task as Medium priority.Feb 9 2018, 6:41 PM
demon created this task.
Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptFeb 9 2018, 6:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
demon added a parent task: T183959: 1.31.0-wmf.20 deployment blockers.Feb 9 2018, 6:45 PM
SBisson subscribed.Feb 9 2018, 9:01 PM

This appears to be coming from some bot calling at (mostly) regular interval with an invalid URL parameter (header_newRevision[$acunetix]=1). It's an invalid request and an error is the correct response. Should it not be logged?

Also, I'll create a patch to make the error more meaningful.

gerritbot subscribed.Feb 9 2018, 9:07 PM

Change 409446 had a related patch set uploaded (by Sbisson; owner: Sbisson):
[mediawiki/extensions/Flow@master] Validate that 'newRevision' param is a string

https://gerrit.wikimedia.org/r/409446

gerritbot added a project: Patch-For-Review.Feb 9 2018, 9:07 PM
demon added a comment.Feb 12 2018, 4:57 PM
In T186909#3959499, @SBisson wrote:

This appears to be coming from some bot calling at (mostly) regular interval with an invalid URL parameter (header_newRevision[$acunetix]=1). It's an invalid request and an error is the correct response. Should it not be logged?

Also, I'll create a patch to make the error more meaningful.

No, I don't think it should be logged. As I said on wikitech-l a few months ago: I think exceptions for bad user input are a poor method of handling it. Users can give us all kinds of terrible input, but we shouldn't be logging it unless it's going to cause problems on our end. We should validate higher up and return an error to the user (and pretend it never happened to us).

SBisson added a comment.Feb 12 2018, 6:00 PM
In T186909#3964245, @demon wrote:

No, I don't think it should be logged. As I said on wikitech-l a few months ago: I think exceptions for bad user input are a poor method of handling it. Users can give us all kinds of terrible input, but we shouldn't be logging it unless it's going to cause problems on our end. We should validate higher up and return an error to the user (and pretend it never happened to us).

I agree. I see what's happening now. Most invalid inputs trigger an InvalidInputException, which is non-loggable. However, some where changed to InvalidParameterException, which is loggable, for unclear reasons. Patch coming.

gerritbot added a comment.Feb 12 2018, 6:21 PM

Change 409986 had a related patch set uploaded (by Sbisson; owner: Sbisson):
[mediawiki/extensions/Flow@master] Handle $input as array in UUID::create

https://gerrit.wikimedia.org/r/409986

gerritbot added a comment.Feb 12 2018, 6:24 PM

Change 409446 merged by jenkins-bot:
[mediawiki/extensions/Flow@master] Validate that 'newRevision' param is a string

https://gerrit.wikimedia.org/r/409446

SBisson claimed this task.Feb 12 2018, 6:55 PM
SBisson edited projects, added Collaboration-Team-Triage (Collab-Team-This-Quarter); removed Collaboration-Team-Triage.
SBisson moved this task from Untriaged to Needs Review on the Collaboration-Team-Triage (Collab-Team-This-Quarter) board.
ReleaseTaggerBot added a project: MW-1.31-release-notes (WMF-deploy-2018-02-13 (1.31.0-wmf.21)).Feb 12 2018, 7:00 PM
SBisson moved this task from Needs Review to QA Review on the Collaboration-Team-Triage (Collab-Team-This-Quarter) board.Feb 12 2018, 7:01 PM
gerritbot added a comment.Feb 12 2018, 7:05 PM

Change 409986 merged by jenkins-bot:
[mediawiki/extensions/Flow@master] Handle $input as array in UUID::create

https://gerrit.wikimedia.org/r/409986

gerritbot added a comment.Feb 12 2018, 7:06 PM

Change 410004 had a related patch set uploaded (by Jforrester; owner: Sbisson):
[mediawiki/extensions/Flow@wmf/1.31.0-wmf.20] Handle $input as array in UUID::create

https://gerrit.wikimedia.org/r/410004

gerritbot added a comment.Feb 12 2018, 7:21 PM

Change 410004 merged by jenkins-bot:
[mediawiki/extensions/Flow@wmf/1.31.0-wmf.20] Handle $input as array in UUID::create

https://gerrit.wikimedia.org/r/410004

ReleaseTaggerBot edited projects, added MW-1.31-release-notes (WMF-deploy-2018-02-06 (1.31.0-wmf.20)); removed MW-1.31-release-notes (WMF-deploy-2018-02-13 (1.31.0-wmf.21)).Feb 12 2018, 8:00 PM
demon closed this task as Resolved.Feb 12 2018, 8:12 PM
Stashbot subscribed.Feb 12 2018, 8:13 PM

Mentioned in SAL (#wikimedia-operations) [2018-02-12T20:12:59Z] <demon@tin> Synchronized php-1.31.0-wmf.20/extensions/Flow/includes/Model/UUID.php: T186909 (duration: 00m 56s)

mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:09 PM
Maintenance_bot removed a project: Patch-For-Review.Aug 28 2019, 11:44 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL