[API] crunch-dispatch crash on start
2016-08-21_20:46:04.48258 Called 'load' without the :safe option -- defaulting to safe mode. 2016-08-21_20:46:04.48261 You can avoid this warning in the future by setting the SafeYAML::OPTIONS[:default_mode] option (to :safe or :unsafe). 2016-08-21_20:46:06.01051 dispatch: ready 2016-08-21_20:46:06.05184 /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:341:in `block in start_jobs': Unknown crunch_job_wrapper: :slurm_immediate (RuntimeError) 2016-08-21_20:46:06.05190 from /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:313:in `each' 2016-08-21_20:46:06.05191 from /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:313:in `start_jobs' 2016-08-21_20:46:06.05192 from /data-sdc/var-www/arvados-api/current/lib/crunch_dispatch.rb:814:in `run' 2016-08-21_20:46:06.05193 from ./script/crunch-dispatch.rb:13:in `<main>' 2016-08-21_20:46:06.11341 Stopping crunch-dispatch-jobs-0
#6 Updated by Nico César over 4 years ago
- Status changed from Resolved to In Progress
from https://github.com/dtao/safe_yaml "Symbols receive special treatment in Ruby and are not garbage collected, which means deserializing them indiscriminately may render your site vulnerable to a DOS attack." But it doesn't explain what DoS attacks is it vulnerable to.
On the other hand, it LGTM since we had de-serialization before using gem yaml_safe (so we were vulnerable anyway). We even had external command execution in application.yml, that caused overhead every time the file got read (like cron executions)
Ready to merge.