/irc-logs / w3c / #testing / 2014-12-31 / end

Options:

Previous day, Next day

  1. # Session Start: Wed Dec 31 00:00:00 2014
  2. # Session Ident: #testing
  3. # [00:48] * heycam|away is now known as heycam
  4. # [01:07] <bhill2> hmm....
  5. # [01:07] <bhill2> if someone wants to check in a utility file that is a python script
  6. # [01:07] <bhill2> what's the preferred method of doing so?
  7. # [01:08] <bhill2> I expect we would prefer it not be just a .py file under the webroot, as that will get treated as an executable content handler by wptserve, yes?
  8. # [01:08] <bhill2> (this utility is specific to one set of test cases, not generic for WPT)
  9. # [01:33] <MikeSmith> bhill2: I think the thing to do is just check it in
  10. # [01:34] <MikeSmith> bhill2: if it's in the tree anywhere, I think there's no way to prevent wptserve for treating it as an executable content handler. But that's not a problem
  11. # [01:34] <bhill2> should we at least change the extension to other than .py so it won't match the python handler regex?
  12. # [01:35] <MikeSmith> you could but it's not necessary
  13. # [01:36] <MikeSmith> we have other python scripts in the tree that aren't meant to be run from the web
  14. # [01:37] <MikeSmith> stuff in the tools/scripts directory for one
  15. # [01:37] <MikeSmith> but in various other places as well
  16. # [01:38] <MikeSmith> https://github.com/w3c/web-platform-tests/tree/master/tools/scripts -- the manifest.py script and update_html5lib_tests.py and lint.py
  17. # [01:39] <MikeSmith> stuff in https://github.com/w3c/web-platform-tests/tree/master/2dcontext/tools for generating test cases
  18. # [01:41] <bhill2> ok. gives the me the security willies
  19. # [01:49] <jgraham> Well any python file is theoretically a security problem if it's unverified
  20. # [01:50] <jgraham> If you write your helper file with nothing at the top level and no main() function (or one that won't accept to arguments), it won't be executed by the web handler
  21. # [01:51] <jgraham> But things under /tools/ are actually a special case
  22. # [01:52] <jgraham> So if you are really concerned you can put files there
  23. # [01:52] <bhill2> but a utility script will have a main()
  24. # [01:52] <bhill2> since they're generally intended to be run from the command line
  25. # [01:54] <jgraham> main() isn't special in python
  26. # [01:54] <jgraham> (but it is in the server)
  27. # [01:54] <jgraham> you can do:
  28. # [01:54] <jgraham> if __name__ == "__main__":
  29. # [01:55] <jgraham> some_name_that_isnt_main()
  30. # [01:55] <jgraham> Which I'm pretty sure won't get execuated in the server context (although I suppose I should check)
  31. # [01:58] <jgraham> Yeah, it won
  32. # [01:58] <jgraham> 't
  33. # [02:00] <bhill2> ok, thanks
  34. # [02:13] <MikeSmith> I guess if we wanted to we could implement support in wptserve for a blacklist of .py scripts in the tree that it won't evaluate
  35. # [02:15] <bhill2> if ( inPath('tools') ) ...
  36. # [02:20] <MikeSmith> I think there's already something like that in the wptserve code actually
  37. # [02:20] <MikeSmith> not exactly for this case, but it already understands the tools dir is to be handled differently
  38. # [02:21] <MikeSmith> ah in serve.py actually
  39. # [02:22] <MikeSmith> ... (any_method, "/tools/*", handlers.ErrorHandler(404))
  40. # [02:23] <MikeSmith> bhill2: so it seems like it's safe security-wise to just drop them in the tools dir, as jgraham suggested
  41. # [02:25] <MikeSmith> I guess we should document this
  42. # [02:26] <MikeSmith> Will write a PR
  43. # [02:32] <bhill2> nice
  44. # [02:33] <bhill2> but would be better if
  45. # [02:33] <bhill2> ... (any_method, "*/tools/*", handlers.ErrorHandler(404))
  46. # [02:33] <bhill2> so you can put utilities close to the files they affect
  47. # [02:34] <MikeSmith> yeah that'd probably be ok
  48. # [02:37] * heycam is now known as heycam|away
  49. # [02:40] <bhill2> nope: ValueError: Star seen after star in regexp
  50. # [02:56] * Joins: bhill2_ (~bhill2@public.cloak)
  51. # [03:03] * Quits: bhill2 (~bhill2@public.cloak) (Ping timeout: 180 seconds)
  52. # [03:03] * Quits: bhill2_ (~bhill2@public.cloak) (Ping timeout: 180 seconds)
  53. # [03:20] * heycam|away is now known as heycam
  54. # [06:13] * heycam is now known as heycam|away
  55. # [09:22] * Joins: Ms2ger (~Ms2ger@public.cloak)
  56. # [12:13] * Joins: ptressel (~chatzilla@public.cloak)
  57. # [12:26] * Quits: ptressel (~chatzilla@public.cloak) ("zzz")
  58. # [14:09] * Quits: terri (~terri@public.cloak) (Ping timeout: 180 seconds)
  59. # [14:12] * Joins: terri_offline (~terri@public.cloak)
  60. # [14:12] * terri_offline is now known as terri
  61. # [14:52] * Joins: plh (plehegar@public.cloak)
  62. # [14:58] <Ms2ger> plh, hey, going to do GSOC this year?
  63. # [15:01] <plh> hi
  64. # [15:01] <plh> well, I'm out of budget for traveling :(
  65. # [15:02] <Ms2ger> Didn't know it involved any
  66. # [15:02] <plh> well, unless this is near Boston, that would need some
  67. # [15:07] <MikeSmith> plh: I think Ms2ger just means does W3C have any plans for sponsoring a student project for GSOC, like we did a couple years ago
  68. # [15:07] <MikeSmith> Ms2ger: you have some specific ideas?
  69. # [15:07] <Ms2ger> Not yet
  70. # [15:08] <plh> oh
  71. # [15:08] <Ms2ger> But we had a list one year that we didn't end up participating, IIRC
  72. # [15:08] <plh> sorry
  73. # [15:08] <plh> that would be a great idea indeed
  74. # [15:09] <plh> deadline for applications is February 20
  75. # [16:02] <MikeSmith> 明けましておめでとうございます friends
  76. # [16:02] <MikeSmith> Happy New Year
  77. # [16:08] <Ms2ger> And to you!
  78. # [16:30] * Joins: scott_gonzalez (~scott_gonzalez@public.cloak)
  79. # [17:07] <jgraham> MikeSmith: Happy new year!
  80. # [17:07] <jgraham> plh: Yeah, let's sort out GSoC more proactively this year :)
  81. # [17:27] * Quits: Ms2ger (~Ms2ger@public.cloak) ("Happy New Year!")
  82. # [17:43] * Joins: bhill2 (~bhill2@public.cloak)
  83. # [17:43] * Quits: bhill2 (~bhill2@public.cloak) (Client closed connection)
  84. # [17:43] * Joins: bhill2 (~bhill2@public.cloak)
  85. # [17:52] * Joins: gitbot (~gitbot@public.cloak)
  86. # [17:52] -gitbot:#testing- [web-platform-tests] hillbrad closed pull request #1481: SRI allows base64 and unhyphenated digest names (master...update_sri_tests) https://github.com/w3c/web-platform-tests/pull/1481
  87. # [17:52] * Parts: gitbot (~gitbot@public.cloak) (gitbot)
  88. # [18:50] * Joins: bhill2_ (~bhill2@public.cloak)
  89. # [18:56] * Quits: bhill2 (~bhill2@public.cloak) (Ping timeout: 180 seconds)
  90. # [18:57] * Quits: bhill2_ (~bhill2@public.cloak) (Ping timeout: 180 seconds)
  91. # [20:47] * Joins: AutomatedTester (~AutomatedTester@public.cloak)
  92. # [22:41] * Joins: bhill2 (~bhill2@public.cloak)
  93. # [22:42] * Quits: plh (plehegar@public.cloak) ("Leaving")
  94. # [23:03] * Quits: bhill2 (~bhill2@public.cloak) (Client closed connection)
  95. # [23:06] * Quits: AutomatedTester (~AutomatedTester@public.cloak) (Client closed connection)
  96. # [23:07] * Joins: bhill2 (~bhill2@public.cloak)
  97. # Session Close: Thu Jan 01 00:00:00 2015

Previous day, Next day

Think these logs are useful? Then please donate to show your gratitude (and keep them up, of course). Thanks! — Krijn