Page MenuHomePhabricator
Create Task
Maniphest T38519

Validate data structure
Closed, ResolvedPublic
Actions

Description

In the present version of Wikidata it is possible to add all kinds of stuff into an item by creating a valid JSON structure and saving it. This could create serious problems with data integrity and consistency.

There are several ways to clean up the structure, and one of the simplest is perhaps to traverse the structure and flag those branches and leafs that can't be somehow validated as legal. Note that the focus should be on letting a legal structure pass after successful tests, and not on failing an illegal one.

Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=36431
https://bugzilla.wikimedia.org/show_bug.cgi?id=38234

Details

Reference
bz36519

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:23 AM
bzimport added projects: MediaWiki-extensions-WikibaseRepository, TestMe.
bzimport set Reference to bz36519.
bzimport added a subscriber: Unknown Object (MLST).
jeblad created this task.May 4 2012, 2:51 PM
Denny added a comment.May 8 2012, 10:58 AM

This is only true for the wbsetitem module, right? All other modules are safe?

jeblad added a comment.May 8 2012, 1:09 PM

It will only happen if a module (or whatever else) can create an object that is later unserialized. In the module wbsetitem this is done regularly, but will be removed at some point in the future. If its not removed and/or some other module (or special page) allow unserialization (typically because it allow bulk upload to be unserialized) it will be necessary to have a cleanup and/or validation routine.

Denny added a comment.May 8 2012, 1:14 PM

Do you mind if I rename the bug then to "Validate data structure"? As far as I understand it, this would be sufficient to perform such a validation before actually commiting a save?

JeroenDeDauw added a comment.May 8 2012, 1:24 PM

This ties in with the isValid method I proposed at the secondary storage consistency bug. Need to be added to Content class.

Denny added a comment.May 8 2012, 1:49 PM

This is right. I rename this bug and make it at the same time a dependency for the Bug #36431 the one about the secondary storage.

jeblad added a comment.May 8 2012, 3:05 PM

Seems to be more appropriate as it is really more about data integrity than data security. Unless unserialize is allowed to do some strange things, or that interpretation of the data structure do some strange things.

jeblad added a comment.Jul 9 2012, 11:37 AM

The module wbsetitem is changed in https://gerrit.wikimedia.org/r/#/c/14762/ so it is somewhat more difficult to create weird structures. The item itself should although validate its internal structure before save, even if all API modules now tries to be more strict on whats goes into the item.

Denny added a comment.Jul 27 2012, 1:30 PM

Add a test for trying not well-defined inputs.

jeblad added a comment.Aug 24 2012, 10:06 AM

Fixed in the new tests for the API.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL