GNOME Bugzilla – Bug 658724
"Send to pastebin" button for debug window
Last modified: 2014-06-26 16:11:54 UTC
From https://bugzilla.gnome.org/show_bug.cgi?id=592994#c27
My branch https://gitorious.org/glassrose-gnome/empathy/commits/debug-window-send-to-pastebin-button-658724 takes care of this mostly except some issues which need a libsoup expert eye perhaps. Firstly for most of the times, the debug data is too large to be send as a pastebin paste as pastebin's maximum paste size for a free account holder is only 500 KB (http://pastebin.com/faq#9) but I can put an error dialog there. The more concerning issue is that even for small data I am sending, I am getting HTTP response- "Bad API request, invalid api_option" Though I suppose I have filled in appropriate data as mentioned in pastebin's API's documentation of Creating A New Paste (http://pastebin.com/api#2) I contacted pastebin's admin but he says the API works perfectly for him :( It would be great if someone can peek in the HTTP message preparation part of my code which is concentrated in the function "debug_window_send_to_pastebin" and point any flaws.
Updated the branch applying soup_uri_encode() to the header values before appending them to the SoupMessage's request_headers, but the "Bad API request" error persists. In addition, sometimes there is no response at all for very large data.
More appropriate branch: debug-window-send-to-pastebin-button-658724-2 Rebased both on top of current master.
ok, it works perfectly now. :) (ignore debug-window-send-to-pastebin-button-658724-2)
+ if (g_strcmp0 (*debug_data, NULL) != 0) tp_str_empty() + gchar **debug_data) Strongly dislike passing data in and then changing it. Instead pass in a const char * and return a char *. We are not programming Fortran. + dialog = gtk_message_dialog_new (GTK_WINDOW (debug_window), + GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_INFO, GTK_BUTTONS_OK, + "Pastebin response"); + gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog), + "Data too large for a single paste. Please save logs to file."); Strings need to be marked for translation. + gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog), + "%s", buffer->data); This be presented as a clickable link. + if (g_strcmp0 (debug_data, NULL) == 0) tp_str_empty() + api_dev_key = soup_uri_encode ("f6ccfabfdcd4b77b825ee38a30d11d52", NULL); Where does this API key come from? Is it for Empathy? Are we allowed to publish it in our open source code? Should have a comment to explain this. + gtk_tool_button_set_label (GTK_TOOL_BUTTON (priv->send_to_pastebin), + "Send to pastebin"); Needs marking for translation.
(In reply to comment #5) > + if (g_strcmp0 (*debug_data, NULL) != 0) > > tp_str_empty() > > + gchar **debug_data) > > Strongly dislike passing data in and then changing it. Instead pass in a const > char * and return a char *. We are not programming Fortran. I did that knowingly because I am using the function as a GHFunc in the later part of function debug_window_get_messages() which prevents it from returning anything: g_hash_table_foreach (priv->cache, (GHFunc) debug_window_append_debug_data_for_sending_to_pastebin, &debug_data); > > + dialog = gtk_message_dialog_new (GTK_WINDOW (debug_window), > + GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_INFO, GTK_BUTTONS_OK, > + "Pastebin response"); > > + gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog), > + "Data too large for a single paste. Please save logs to file."); > > Strings need to be marked for translation. > > + gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog), > + "%s", buffer->data); > > This be presented as a clickable link. > > + if (g_strcmp0 (debug_data, NULL) == 0) > > tp_str_empty() > fixed > + api_dev_key = soup_uri_encode ("f6ccfabfdcd4b77b825ee38a30d11d52", NULL); > > Where does this API key come from? Is it for Empathy? Are we allowed to publish > it in our open source code? Should have a comment to explain this. Its my developer key to use the pastebin API. every member is allotted one. I have added a comment and a link to related URL - http://pastebin.com/api#1 > > + gtk_tool_button_set_label (GTK_TOOL_BUTTON (priv->send_to_pastebin), > + "Send to pastebin"); > > Needs marking for translation. done.
(In reply to comment #5) > Where does this API key come from? Is it for Empathy? Are we allowed to publish > it in our open source code? Should have a comment to explain this. > I have also asked the admin about any restrictions in publishing the API dev-key on open source projects or licences to be kept in mind, if any. Awaiting response.
Created attachment 198859 [details] Permission for using the Pastebin API developer key in open
(In reply to comment #8) > Created an attachment (id=198859) [details] > Permission for using the Pastebin API developer key in open my permission is already there.
So, now that bug #592994 is finally fixed, we can proceed with this one. Chandni: what's the status of this bug? Could you please rebase the latest version of your branch on top of master? From a legal pov, I'd like to have a file PASTEBIN-API-KEY.txt at the root of the project containing the full source of the mail you exchanged (like we did with GOSSIP-RELICENSING.txt). The place where this key is stored in the source code should contain a comment saying something like "Developer key published with the autorization of pastebin; see PASTEBIN-API-KEY.txt".
Ok, done and rebased. Does the licence look fine? https://gitorious.org/glassrose-gnome/empathy/commits/debug-window-send-to-pastebin-button-658724
(In reply to comment #11) > Ok, done and rebased. Does the licence look fine? > https://gitorious.org/glassrose-gnome/empathy/commits/debug-window-send-to-pastebin-button-658724 It does, thanks! I tested it and it looks pretty good, great work! I have a few comments and/or minor tweaks I'd like to get in before merging this. If you don't have time to do it before the release (tomorrow morning) let me know and I'll fix it myself.
Created attachment 208036 [details] [review] "Send to pastebin" button in EmpathyDebugWindow For one-click posting of debug data to http://pastebin.com/ To paste the currently displayed debug data directly to pastebin. Makes use of the pastebin API- http://pastebin.com/api which can be accessed by pastebin website members.
Review of attachment 208036 [details] [review]: ::: src/empathy-debug-window.c @@ +1638,3 @@ + SoupBuffer *buffer) +{ + g_return_if_fail (response_id == GTK_RESPONSE_OK); No need to check the reponse. @@ +1655,3 @@ + dialog = gtk_message_dialog_new (GTK_WINDOW (debug_window), + GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_INFO, GTK_BUTTONS_OK, +} I'd use "Pastebin link" as title. Button should be 'Close' instead of 'Ok'. @@ +1658,3 @@ + + buffer = soup_message_body_flatten (msg->response_body); +static void the if/else blocks are not trivial so please us {} in both. @@ +1721,3 @@ + api_dev_key, api_paste_code, api_paste_name); + + The session is never destroyed?
> > @@ +1655,3 @@ > + dialog = gtk_message_dialog_new (GTK_WINDOW (debug_window), > + GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_INFO, GTK_BUTTONS_OK, > +} > > I'd use "Pastebin link" as title. Actually, Its possible (though rare) that the response is not a link so keeping that in mind, I have changed it to use the appropriate title as per the response. Rest done.
Merged to master \o/ Thanks a lot for your work on this. I didn't block on this because I wanted this code merged before the release, but shouldn't the SoupMessage be unrefed as well? I guess soup_session_queue_message() will ref it so we can probably unref it right after this call (but please double check). Ditto for the session, doesn't soup_session_queue_message take its own ref?
(In reply to comment #16) > Merged to master \o/ Thanks a lot for your work on this. Yay! > > I didn't block on this because I wanted this code merged before the release, > but shouldn't the SoupMessage be unrefed as well? I guess > soup_session_queue_message() will ref it so we can probably unref it right > after this call (but please double check). Actually, documentation says msg is "transfer full" type parameter so the function being called must ideally free data after the code is done, if I understand it right. Is it not so? Freeing msg right after calling soup_session_queue_message() reported warnings and critical G_IS_OBJECT assertion failure. Also, quoting the docs: "If after returning from this callback the message has not been requeued, msg will be unreffed." which made me not to free it then and there as it would be automatically handled. > > Ditto for the session, doesn't soup_session_queue_message take its own ref? I don't see session being reffed internally? I freed it in the callback for the same reason.
Yep you're right. Thanks for checking.
Utterly, UTTERLY irresponsible feature. I tried to place a SIP call using Empathy today, and it wasn't working, so I looked through the menus in the call screen, and found Help->Debug->Telepathy. I clicked on this, the Debug window appeared, and IMMEDIATELY a dialogue box appeared with "Pastebin Link", WITHOUT my clicking anything. I clicked nothing in this window, in case clicking the link actually submitted to Pastebin, instead manually typing the URL into a browser. To my shock, I found that all the debug data had already been posted to Pastebin, which included my PC user account name, the phone number I was trying to call, my SIP username and SIP endpoint. Not only this, but the expiry has been set to NEVER on the paste, and the posting user to Guest. This means the only recourse to removing this data as far as I can see is to report it for abuse to Pastebin and hope that they delete it. Please disable this feature as a security patch to the debugger, and if you want to restore the capability, find out what bug caused it to trigger automatically, have it warn first, have the warning have a "don't submit" by default, have the paste set to a short expiry and have recourse to deleting without being dependent on manual Pastebin staff intervention. There is ABSOLUTELY no reason to have such a huge privacy hole behind a button with no confirmation, even ignoring whatever bug caused it to submit without even clicking the button. As you can imagine and tell, I am FUMING about this.
And despite having sent a takedown request immediately to Pastebin (which has now been honoured), the page had already been crawled and cached by Google, and picked up by an automated Pastebin crawler at http://www.leakedin.com/ , which specifically extracted the private data from the paste.
Stephen: Please file a separate followup ticket about making the post private by default. This ticket is RESOLVED FIXED and was about introducing the functionality to send to pastebin.
Filed at https://bugzilla.gnome.org/show_bug.cgi?id=732286