Project

General

Profile

Actions
Copy link

Bug #9826

closed

[API] crunch-dispatch crash on start

Added by Peter Amstutz over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tom Clegg
Category:
API
Target version:
2016-08-31 sprint
Story points:
0.5

Description

2016-08-21_20:46:04.48258 Called 'load' without the :safe option -- defaulting to safe mode.
2016-08-21_20:46:04.48261 You can avoid this warning in the future by setting the SafeYAML::OPTIONS[:default_mode] option (to :safe or :unsafe).
2016-08-21_20:46:06.01051 dispatch: ready
2016-08-21_20:46:06.05184 /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:341:in `block in start_jobs': Unknown crunch_job_wrapper: :slurm_immediate (RuntimeError)
2016-08-21_20:46:06.05190       from /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:313:in `each'
2016-08-21_20:46:06.05191       from /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:313:in `start_jobs'
2016-08-21_20:46:06.05192       from /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:814:in `run'
2016-08-21_20:46:06.05193       from ./script/crunch-dispatch.rb:13:in `<main>'
2016-08-21_20:46:06.11341 Stopping crunch-dispatch-jobs-0

Subtasks 1 (0 open1 closed)

Task #9828: Review 9826-config-symbolsResolvedNico César08/22/2016Actions

Related issues 1 (0 open1 closed)

Related to Arvados - Idea #9684: [Crunch2] [API] Add Workflow resourceResolvedRadhika Chippada08/02/2016Actions
Actions
Copy link
 #1

Updated by Peter Amstutz over 8 years ago

  • Subject changed from [API] crunch-dispatch broken YAML loading to [API] crunch-dispatch crash on start
  • Description updated (diff)
Actions
Copy link
 #2

Updated by Tom Morris over 8 years ago

Peter said on Jabber that this is cluster c97qk

Actions
Copy link
 #3

Updated by Tom Clegg over 8 years ago

  • Category set to API
  • Status changed from New to In Progress
  • Assigned To set to Tom Clegg
  • Story points set to 0.5
Actions
Copy link
 #4

Updated by Tom Clegg over 8 years ago

9826-config-symbols @ 1356cd6

Actions
Copy link
 #5

Updated by Tom Clegg over 8 years ago

  • Status changed from In Progress to Resolved

Applied in changeset arvados|commit:4b7c0f2aa4da6fdb25419a24d1a7f5b57ab35bfd.

Actions
Copy link
 #6

Updated by Nico César over 8 years ago

  • Status changed from Resolved to In Progress

test 1356cd61457b8a48ed879b97c5cd14eb4ccf0f29

from https://github.com/dtao/safe_yaml "Symbols receive special treatment in Ruby and are not garbage collected, which means deserializing them indiscriminately may render your site vulnerable to a DOS attack." But it doesn't explain what DoS attacks is it vulnerable to.

On the other hand, it LGTM since we had de-serialization before using gem yaml_safe (so we were vulnerable anyway). We even had external command execution in application.yml, that caused overhead every time the file got read (like cron executions)

Ready to merge.

Actions
Copy link
 #7

Updated by Nico César over 8 years ago

  • Status changed from In Progress to Resolved
Actions
Copy link

Also available in: Atom PDF