ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000520ClearOSapp-base - Base Systempublic2012-04-03 15:102012-04-18 19:37
Reporteruser2 
Assigned Todsokoloski 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionwon't fix 
PlatformOSOS Version
Product Version 
Target Version6.2.0Fixed in Version6.2.0 
Summary0000520: Yum plugins can pollute wc-yum output with non-JSON output
DescriptionThe addition of the yum-plugin-fastestmirror plugin created output in wc-yum that is not JSON. Sample output is below. Note: other yum plugins might be installed by an administrator, notably yum-plugin-protect-packages.

{"progress": 0, "code": 0, "overall": 0, "details": "Fetching repositories.", "errmsg": null}
{"progress": 35, "code": 0, "overall": 0, "details": "Updating repositories and preparing package dependencies... this may take a few minutes.", "errmsg": null}
Loading mirror speeds from cached hostfile
 * clearos: mirror2-houston.clearsdn.com
 * clearos-addons: mirror2-houston.clearsdn.com
 * clearos-extras: mirror2-houston.clearsdn.com
 * clearos-updates: mirror2-houston.clearsdn.com
 * private-clearcenter-ad: download4.clearsdn.com:80
 * private-clearcenter-content-filter: download4.clearsdn.com:80
 * private-clearcenter-dyndns: download4.clearsdn.com:80
 * private-clearcenter-google-apps: download1.clearsdn.com:80
 * private-clearcenter-ids: download1.clearsdn.com:80
{"progress": 100, "code": 0, "overall": 1, "details": "Updating repositories and preparing package dependencies... this may take a few minutes.", "errmsg": null}
{"progress": 100, "code": 0, "overall": 1, "details": "Updating repositories and preparing package dependencies... this may take a few minutes.", "errmsg": null}
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files? wc-yum-json-decode.php (1,294) 2012-04-03 15:52
https://tracker.clearos.com/file_download.php?file_id=18&type=bug
Issue History
Date ModifiedUsernameFieldChange
2012-04-03 15:10user2New Issue
2012-04-03 15:10user2Statusnew => assigned
2012-04-03 15:10user2Assigned To => dsokoloski
2012-04-03 15:52dsokoloskiNote Added: 0000460
2012-04-03 15:52dsokoloskiFile Added: wc-yum-json-decode.php
2012-04-03 18:31bchambersNote Added: 0000461
2012-04-03 18:56dsokoloskiStatusassigned => resolved
2012-04-03 18:56dsokoloskiResolutionopen => won't fix
2012-04-13 09:09user2ProjectClearCenter => ClearOS
2012-04-13 09:10user2Categoryapp-clearcenter - ClearCenter Core => app-base - Base System
2012-04-13 09:11user2Fixed in Version => 6.2.0
2012-04-18 19:37user2Statusresolved => closed

Notes
(0000460)
dsokoloski   
2012-04-03 15:52   
It's not really possible to disable or pipe output from every possible YUM plug-in in wc-yum because we would have to know of every possible plug-in name in advance and specifically disable output for each unique name.

However, this is really a non-issue. I'm not sure how the output from wc-yum is being read by the marketplace code, but I suspect json_decode() is being called for each line of wc-yum output. If this is the case, then simply checking the return value of json_decode() is the proper solution. For example:

if (($data = json_decode($raw_line)) === NULL) continue;

I've attached an example script which feeds the example data in this bug report line-by-line in to json_decode(), testing the return value, and skipping malformed JSON.
(0000461)
bchambers   
2012-04-03 18:31   
Actually, this check is being done in the (currently) one place where this function call is used.

Perhaps would be better doing the sanitization in the Yum class, so that anyone using it can guarantee that valid JSON is coming back?

If so, requires update to Yum.class.

If not, we don't need to do anything...can close.