Example exception on beta: https://wikidata.beta.wmflabs.org/wiki/Special:EntityData/Q533192.ttl?flavor=invalid
Error
- mwversion: 1.37.0-wmf.12
- reqId: 4a4e5b9a-b9f5-45ad-af9d-887276b5e34c
- Find reqId in Logstash
- Find normalized_message in Logstash
normalized_message
[{reqId}] {exception_url} MWException: Unsupported flavor: test ORDER BY 5064#exception.trace
from /srv/mediawiki/php-1.37.0-wmf.12/extensions/Wikibase/repo/includes/LinkedData/EntityDataSerializationService.php(346)
#0 /srv/mediawiki/php-1.37.0-wmf.12/extensions/Wikibase/repo/includes/LinkedData/EntityDataSerializationService.php(372): Wikibase\Repo\LinkedData\EntityDataSerializationService->getFlavor(string)
#1 /srv/mediawiki/php-1.37.0-wmf.12/extensions/Wikibase/repo/includes/LinkedData/EntityDataSerializationService.php(171): Wikibase\Repo\LinkedData\EntityDataSerializationService->createRdfBuilder(string, string)
#2 /srv/mediawiki/php-1.37.0-wmf.12/extensions/Wikibase/repo/includes/LinkedData/EntityDataRequestHandler.php(558): Wikibase\Repo\LinkedData\EntityDataSerializationService->getSerializedData(string, Wikibase\Lib\Store\EntityRevision, NULL, array, string)
#3 /srv/mediawiki/php-1.37.0-wmf.12/extensions/Wikibase/repo/includes/LinkedData/EntityDataRequestHandler.php(283): Wikibase\Repo\LinkedData\EntityDataRequestHandler->showData(WebRequest, OutputPage, string, Wikibase\DataModel\Entity\ItemId, integer)
#4 /srv/mediawiki/php-1.37.0-wmf.12/extensions/Wikibase/repo/includes/Specials/SpecialEntityData.php(111): Wikibase\Repo\LinkedData\EntityDataRequestHandler->handleRequest(string, WebRequest, OutputPage)
#5 /srv/mediawiki/php-1.37.0-wmf.12/includes/specialpage/SpecialPage.php(646): Wikibase\Repo\Specials\SpecialEntityData->execute(string)
#6 /srv/mediawiki/php-1.37.0-wmf.12/includes/specialpage/SpecialPageFactory.php(1362): SpecialPage->run(string)
#7 /srv/mediawiki/php-1.37.0-wmf.12/includes/MediaWiki.php(314): MediaWiki\SpecialPage\SpecialPageFactory->executePath(string, RequestContext)
#8 /srv/mediawiki/php-1.37.0-wmf.12/includes/MediaWiki.php(917): MediaWiki->performRequest()
#9 /srv/mediawiki/php-1.37.0-wmf.12/includes/MediaWiki.php(551): MediaWiki->main()
#10 /srv/mediawiki/php-1.37.0-wmf.12/index.php(53): MediaWiki->run()
#11 /srv/mediawiki/php-1.37.0-wmf.12/index.php(46): wfIndexMain()
#12 /srv/mediawiki/w/index.php(3): require(string)
#13 {main}Impact
- logspam
- could be used as endpoint for DOS attacks as it circumvents edge-caches
Acceptance Criteria ๐๏ธ๐
- An exception does not make it's way to the user and does not get logged (the user sees a nice unlogged error instead)
Notes
- This came up previously as T272534: EntityDataSerializationService - Possible SQL Injection (It is not in fact an SQL injection)
