Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1062687 - create_group_xml.py fails due to not escaping text
Summary: create_group_xml.py fails due to not escaping text
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: preupgrade-assistant
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tomas Tomecek
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-07 17:28 UTC by John Dennis
Modified: 2014-08-14 12:45 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-15 06:49:41 UTC


Attachments (Terms of Use)

Description John Dennis 2014-02-07 17:28:36 UTC
If the content description in the .ini file contains a '<' character then create_group_xml.py fails with cryptic error messages.


./create_group_xml.py contents-users/RHEL6_7/services/freeradius/
Encountered a parse error in file 'contents-users/RHEL6_7/services/freeradius', details: not well-formed (invalid token): line 23, column 40
File which can be used by Preupgrade-Assistant is:
contents-users/RHEL6_7/services/freeradius/all-xccdf.xml

Turns out the problem was the use of '<' in the text, it had read something like "if the version < 3.x". Changing it to read "if the version is less than 3.x" fixed it.

I'm guessing that whatever feeds the text into some part of the xml creation is failing to escape the text. Of course a bare '<' is not tolerated in XML. For safety and sanity sake raw text should always be escaped.

Comment 2 Ondrej Vasik 2014-02-08 08:18:56 UTC
Can you please provide the version? I'm quite sure escaping was fixed long time ago, so either some change introduced regression or you have very old version of preupg.

Comment 3 Tomas Tomecek 2014-02-10 12:04:22 UTC
You are right John. Title texts are not being escaped.

Comment 5 John Dennis 2014-02-10 19:39:50 UTC
verified the current git version of create_group_xml.py now works if a '<' character appears in the description fields of the .ini file.

Thank you.

Comment 6 Ondrej Vasik 2014-06-15 06:49:41 UTC
As the bugzilla is marked VERIFIED and preupgrade-assistant packages went alive, I'm closing the bugzilla CURRENTRELEASE. Please file new separate bugzilla for any remaining issues.


Note You need to log in before you can comment on or make changes to this bug.