We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
Uploaded image for project: 'Zapped: AcousticBrainz'
  1. Zapped: AcousticBrainz
  2. AB-137

Improve validation of low-level data submissions

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Server
    • None

      Currently we only check if some items are present in submitted JSON (see SANITY_CHECK_KEYS list at https://github.com/metabrainz/acousticbrainz-server/blob/master/db/data.py#L16-L30 and code that uses it). However it's easy to put any value into `lowlevel`, for example. There are two problems with this:
      1. High-level extractor depends on values in keys defined there.
      2. It's bad to accept arbitrary data (even if it's somewhat limited). See https://www.owasp.org/index.php/Don't_trust_user_input.

      We know exactly what kind of output low-level extractor produces and submits to AcousticBrainz, so it shouldn't be a problem to make sure that structure and types are correct. We can use JSON Schema for this purpose.

          Loading...
          Uploaded image for project: 'Zapped: AcousticBrainz'
          1. Zapped: AcousticBrainz
          2. AB-137

          Improve validation of low-level data submissions

            • Icon: Improvement Improvement
            • Resolution: Unresolved
            • Icon: Normal Normal
            • None
            • None
            • Server
            • None

              Currently we only check if some items are present in submitted JSON (see SANITY_CHECK_KEYS list at https://github.com/metabrainz/acousticbrainz-server/blob/master/db/data.py#L16-L30 and code that uses it). However it's easy to put any value into `lowlevel`, for example. There are two problems with this:
              1. High-level extractor depends on values in keys defined there.
              2. It's bad to accept arbitrary data (even if it's somewhat limited). See https://www.owasp.org/index.php/Don't_trust_user_input.

              We know exactly what kind of output low-level extractor produces and submits to AcousticBrainz, so it shouldn't be a problem to make sure that structure and types are correct. We can use JSON Schema for this purpose.

                    Unassigned Unassigned
                    roman Roman
                    Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                      Created:
                      Updated:

                        Version Package

                          Unassigned Unassigned
                          roman Roman
                          Votes:
                          0 Vote for this issue
                          Watchers:
                          1 Start watching this issue

                            Created:
                            Updated:

                              Version Package