google / clusterfuzz

Scalable fuzzing infrastructure.
https://google.github.io/clusterfuzz
Apache License 2.0
5.29k stars 554 forks source link

Added 'None' check for testcase_id in issue_redirector.py #4129

Closed Onkar1300 closed 2 months ago

Onkar1300 commented 3 months ago

Redirect the page to 'Testcase not found' instead of reporting error log when accessing issue with 'None' testcase_id

svasudevprasad commented 3 months ago

/gcbrun

jonathanmetzman commented 3 months ago

Not sure this is a worthwhile change. Why do you want it?

Onkar1300 commented 2 months ago

Not sure this is a worthwhile change. Why do you want it?

Hi Jonathan, If https://clusterfuzz.corp.google.com/issue is accesed without any testcase_id, the argument to 'get_testcase()' is None which eventually leads to the following error: TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType' To resolve the issue, a None check is added to redirect to None 'testcase_id' doesn't exist. instead of reporting TypeError.

jonathanmetzman commented 2 months ago

Not sure this is a worthwhile change. Why do you want it?

Hi Jonathan, If https://clusterfuzz.corp.google.com/issue is accesed without any testcase_id, the argument to 'get_testcase()' is None which eventually leads to the following error: TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType' To resolve the issue, a None check is added to redirect to None 'testcase_id' doesn't exist. instead of reporting TypeError.

When are you directed to this URL though?

Onkar1300 commented 2 months ago

Not sure this is a worthwhile change. Why do you want it?

Hi Jonathan, If https://clusterfuzz.corp.google.com/issue is accesed without any testcase_id, the argument to 'get_testcase()' is None which eventually leads to the following error: TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType' To resolve the issue, a None check is added to redirect to None 'testcase_id' doesn't exist. instead of reporting TypeError.

When are you directed to this URL though?

Whenever web-security-scanner@google.com tries to access https://clusterfuzz.corp.google.com/issue, it triggers this error log in ClusterFuzz logs

jonathanmetzman commented 2 months ago

Why is this bot trying to access that URL? Can the bot be fixed?

Onkar1300 commented 2 months ago

Why is this bot trying to access that URL? Can the bot be fixed?

it seems like for security checks, web-security-scanner@google.com tries to access https://clusterfuzz.corp.google.com/issue which raises the above error. We are not aware how to fix the bot such that it does not access https://clusterfuzz.corp.google.com/issue.

jonathanmetzman commented 2 months ago

OK, then I don't think we should make this change. We shouldn't special case things so a security scanner doesn't get a 500.