From b6449834a4c5fc61d9f6d4f192a67ed31e2589c0 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Wed, 5 May 2010 03:53:12 -0400
Subject: [PATCH] Deny access to nonexistent tickets instead of throwing an exception.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Previously, the SensitiveTickets plugin threw an “Invalid Ticket
Number” exception not only when displaying nonexistent tickets, but
also when displaying tickets that accidentally link to nonexistent
tickets, e.g. because someone happened to write #999999 in a comment.
Fix this by properly denying access to nonexistent tickets.
(Allowing access to nonexistent tickets would lead to a dangerous race
condition when an attacker views a sensitive ticket just as it’s being
created.)
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
---
sensitivetickets/sensitivetickets.py | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/sensitivetickets/sensitivetickets.py b/sensitivetickets/sensitivetickets.py
index 6470301..778fab8 100644
a
|
b
|
from trac.core import * |
10 | 10 | from trac.perm import IPermissionPolicy, IPermissionRequestor |
11 | 11 | from trac.env import IEnvironmentSetupParticipant |
12 | 12 | from trac.ticket.model import Ticket |
| 13 | from trac.resource import ResourceNotFound |
13 | 14 | |
14 | 15 | class SensitiveTicketsPolicy(Component): |
15 | 16 | """Prevent public access to security sensitive tickets. |
… |
… |
class SensitiveTicketsPolicy(Component): |
45 | 46 | resource = resource.parent |
46 | 47 | |
47 | 48 | if resource and resource.realm == 'ticket' and resource.id is not None: |
48 | | ticket = Ticket(self.env, int(resource.id)) |
49 | | sensitive = ticket['sensitive'] |
| 49 | try: |
| 50 | ticket = Ticket(self.env, int(resource.id)) |
| 51 | sensitive = ticket['sensitive'] |
| 52 | except ResourceNotFound: |
| 53 | sensitive = 1 # Fail safe to prevent a race condition. |
50 | 54 | |
51 | 55 | if sensitive and int(sensitive): |
52 | 56 | if 'SENSITIVE_VIEW' not in perm: |