I've found a bug in the way the RabbitMQ plugin handles escaping.

Here is how to reproduce it with RabbitMQ 2.7.1.

I use the web-based management interface to create a user.

I then set the permissions to be everything starting with "test.".
According to http://www.rabbitmq.com/access-control.html, I type in
the relevant field: test\..*

When I press "Set permission", the web interface reports:

Got response code 500 with body
Internal Server Error
The server encountered an error while processing this request:

{error,{error,undef,
[{xmerl_ucs,from_utf8,[<<"test\\..*">>]},
{mochijson2,json_encode_string,2},
{mochijson2,'-json_encode_proplist/2-fun-0-',3},
{lists,foldl,3},
{mochijson2,json_encode_proplist,2},
{mochijson2,'-json_encode_array/2-fun-0-',3},
{lists,foldl,3},
{mochijson2,json_encode_array,2}]}}

FWIW, I get the same problem using rabbitmqadmin.

Cheers,

Lionel

Search Discussions

  • Simon MacMullen at Feb 21, 2012 at 10:04 am

    On 21/02/12 09:47, Lionel Cons wrote:
    I've found a bug in the way the RabbitMQ plugin handles escaping.
    There might be such, but this is not one.
    {error,{error,undef,
    [{xmerl_ucs,from_utf8,[<<"test\\..*">>]},
    You are missing xmerl. This is a part of Erlang, but some distro
    packaging (Debian especially) splits it out. I thought we had that fixed
    for all recent releases though. Which packaging and version are you using?

    Cheers, Simon

    --
    Simon MacMullen
    RabbitMQ, VMware
  • Lionel Cons at Feb 21, 2012 at 10:39 am

    Simon MacMullen writes:
    {error,{error,undef,
    [{xmerl_ucs,from_utf8,[<<"test\\..*">>]},
    >
    You are missing xmerl. This is a part of Erlang, but some distro
    packaging (Debian especially) splits it out. I thought we had that fixed
    for all recent releases though. Which packaging and version are you using?
    I'm using Erlang rpms from EPEL6 and indeed erlang-xmerl was not installed.
    Installing it fixed the problem.

    This said, an error message like "xmerl is missing" would have been
    easier to interpret...

    Thanks,

    Lionel
  • Simon MacMullen at Feb 21, 2012 at 10:46 am

    On 21/02/12 10:39, Lionel Cons wrote:
    Simon MacMullen writes:
    {error,{error,undef,
    [{xmerl_ucs,from_utf8,[<<"test\\..*">>]},
    You are missing xmerl. This is a part of Erlang, but some distro
    packaging (Debian especially) splits it out. I thought we had that fixed
    for all recent releases though. Which packaging and version are you using?
    I'm using Erlang rpms from EPEL6 and indeed erlang-xmerl was not installed.
    Installing it fixed the problem.
    Are you also using a Rabbit RPM?
    This said, an error message like "xmerl is missing" would have been
    easier to interpret...
    Yeah, but then we have to wrap every call into any bit of the runtime
    that may be missing. There should already be a warning printed at startup?

    Cheers, Simon

    --
    Simon MacMullen
    RabbitMQ, VMware
  • Alvaro Videla at Feb 21, 2012 at 10:48 am
    Hi,

    On Tue, Feb 21, 2012 at 11:46 AM, Simon MacMullen wrote:

    This said, an error message like "xmerl is missing" would have been
    easier to interpret...
    Yeah, but then we have to wrap every call into any bit of the runtime that
    may be missing. There should already be a warning printed at startup?

    On that regard PHP frameworks like Symfony offer a check.php script that
    basically tests if your PHP installation is OK for running the framework.
    That is? it checks for required extensions, folder permissions as well as
    some security settings.

    Maybe RabbitMQ could provide such script?

    Cheers,

    Alvaro
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120221/ee0d0a6a/attachment.htm>
  • Simon MacMullen at Feb 21, 2012 at 11:11 am

    On 21/02/12 10:48, Alvaro Videla wrote:
    On that regard PHP frameworks like Symfony offer a check.php script that
    basically tests if your PHP installation is OK for running the
    framework. That is? it checks for required extensions, folder
    permissions as well as some security settings.

    Maybe RabbitMQ could provide such script?
    As mentioned elsethread, something like this runs at startup, but the
    warnings are non-fatal.

    Cheers, Simon

    --
    Simon MacMullen
    RabbitMQ, VMware
  • Lionel Cons at Feb 21, 2012 at 11:05 am

    Simon MacMullen writes:
    Are you also using a Rabbit RPM?
    Yes, a home-built one that does not require erlang (the meta rpm) to
    avoid installing tens of erlang-* rpms that we do not need.
    There should already be a warning printed at startup?
    Indeed. startup_log contained:

    *WARNING* Undefined function xmerl_ucs:from_utf8/1

    However, since the init script succeeded, we assumed that RabbitMQ was
    happy. Why isn't this (a required package missing) a fatal error?

    Cheers,

    Lionel
  • Matthew Sackman at Feb 21, 2012 at 11:13 am

    On Tue, Feb 21, 2012 at 12:05:59PM +0100, Lionel Cons wrote:
    There should already be a warning printed at startup?
    Indeed. startup_log contained:

    *WARNING* Undefined function xmerl_ucs:from_utf8/1

    However, since the init script succeeded, we assumed that RabbitMQ was
    happy. Why isn't this (a required package missing) a fatal error?
    Ahh, Lionel, I argued long and hard for that. If the code is reachable
    and missing, surely that should be a fatal error. However, that, for
    example, would stop people using Rabbit at all if they didn't have the
    SSL libraries installed, and lots of people have no desire or need to
    use SSL connections to Rabbit.

    What should and shouldn't be a "fatal" error in this regard depends upon
    the user and what they will be using Rabbit for. Alas, Rabbit's
    clairvoyance is poor.

    Matthew
  • Simon MacMullen at Feb 21, 2012 at 11:13 am

    On 21/02/12 11:05, Lionel Cons wrote:
    However, since the init script succeeded, we assumed that RabbitMQ was
    happy. Why isn't this (a required package missing) a fatal error?
    *Tries to remember*.

    There is at least one situation where you do want to ignore the errors:
    if you use an old version of Erlang (such as R12B-3 on Debian Lenny) you
    will get a bunch of missing references to SSL code. As long as you don't
    actually *use* SSL you will be fine however.

    One day we will abandon such elderly Erlang versions, at which point we
    probably should make these errors fatal.

    Cheers, Simon

    --
    Simon MacMullen
    RabbitMQ, VMware
  • Michael Bridgen at Feb 21, 2012 at 11:21 am

    On 02/21/2012 11:13 AM, Simon MacMullen wrote:
    On 21/02/12 11:05, Lionel Cons wrote:
    However, since the init script succeeded, we assumed that RabbitMQ was
    happy. Why isn't this (a required package missing) a fatal error?
    *Tries to remember*.

    There is at least one situation where you do want to ignore the errors:
    if you use an old version of Erlang (such as R12B-3 on Debian Lenny) you
    will get a bunch of missing references to SSL code. As long as you don't
    actually *use* SSL you will be fine however.
    There's other situations in which apps will have code referencing
    modules that aren't present; for example, SockJS-Erlang can work with
    both misultin and cowboy and has code for both, but usually only one of
    those would be in use in a given deployment.

    -Michael

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprabbitmq-discuss @
categoriesrabbitmq
postedFeb 21, '12 at 9:47a
activeFeb 21, '12 at 11:21a
posts10
users5
websiterabbitmq.com
irc#rabbitmq

People

Translate

site design / logo © 2021 Grokbase