Problem/Motivation

There were at least 2 occurrences of the following test failure:

1) Drupal\KernelTests\Core\Entity\EntityAutocompleteTest::testSelectionSettingsHandling
Non-existent selection settings key throws an exception.

/var/www/html/core/tests/Drupal/KernelTests/Core/Entity/EntityAutocompleteTest.php:111
/var/www/html/vendor/phpunit/phpunit/src/Framework/TestResult.php:726

https://www.drupal.org/pift-ci-job/2337395
https://www.drupal.org/pift-ci-job/2316870

Proposed resolution

Move code around so that the behaviour prior to #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning is maintained.

Remaining tasks

None

CommentFileSizeAuthor
#20 combined-diff.txt2.66 KBdanflanagan8
#16 3269085-16.patch4.54 KBalexpott
#16 6-16-interdiff.txt2.89 KBalexpott
#16 3269085-16-will-fail.patch1.15 KBalexpott
#6 3269085-6.patch2.55 KBalexpott
#6 3269085-6-test-change-included.patch3.39 KBalexpott
#6 3269085-6-test-only.patch866 bytesalexpott

Issue fork drupal-3269085

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Matroskeen created an issue. See original summary.

larowlan made their first commit to this issue’s fork.

larowlan opened merge request !2166

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented
Status: Active » Needs review
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

Nice find. Do we know why this is failing?

Here are some failing values:
$request->query->get('q') = "l`c>&DX and $selection_settings_key = $krg>&73
$request->query->get('q') = "tWv>&\A and $selection_settings_key = eITL>&OU
$request->query->get('q') = "TaM>&Nj and $selection_settings_key = cv/U>&?V

I think this indicates that there is a problem when we set $request->query->get('q') to something beginning with a quote. And indeed changing the code to
$request->query->set('q', '"' . $this->randomString()); will always fail.

So now to work out why.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Related issues: +#3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning
FileSize
3269085-6-test-only.patch866 bytes
3269085-6-test-change-included.patch3.39 KB
3269085-6.patch2.55 KB

This is a recently introduced random fail. It's caused by #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning - I think we can move code around so that the old behaviour is maintained.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented

Nice sleuth work

We should look to make random string exclude < and > because its bitten us so many times with random fails

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

@larowlan well here it is the " character. FWIW \Drupal\Tests\RandomGeneratorTrait::randomString() includes '>&' on all random strings over 4 characters long on purpose so I think #7 is past memories of being burnt by that :)

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

Maybe #1959806: Provide a generic 'entity_autocomplete' Form API element contains info about why we're using Tags::explode() here. That was the issue that added it.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

That issue says

It's what the previous code was doing, and it's not weird because we're doing Tags::encode() on every label in EntityAutocompleteMatcher :)

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

So an alternate fix would be to do $request->query->set('q', Tags::encode($this->randomString())); - however given the autocomplete route is publicly available and a user can easily change the q value to whatever they like I think it might be worth leaving the test as is as it adds a robustness around our expectations.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

Also looking at Drupal.autocomplete.autocompleteSplitValues we're going to struggle big time to autocomplete on any label that includes a quote. See #1329742: Autocomplete with tagging silently discards invalid input for more info about the problems that JS code is causing.

The last submitted patch, 6: 3269085-6-test-only.patch, failed testing. View results

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Issue summary: View changes
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

Doing a self review I've realised that #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning has caused another behaviour change and one that it added a test for. Prior to that change setting q to something like "l!J>&Tw would result in it sending some matches back because q is not empty but $typed_string would be. I think we should not be changing behaviour like this in a fix for a random PHP 8.1 issue. Someone somewhere is probably relying on the very odd functionality and changing it without a CR and in random fail fix (that didn't actually fix the random fail) feels wrong.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
FileSize
3269085-16-will-fail.patch1.15 KB
6-16-interdiff.txt2.89 KB
3269085-16.patch4.54 KB

Ugh... realised that we changed something in #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning that has a high chance of being relied on somewhere. If you send a single comma as q you used to get a list of entities. Now you don't.

I think if we do want to change this behaviour we need to do it only in a the next minor rather than as a bug-fix and have a CR. The attached patch reverts the functionality to the way it was prior to #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning but continue to avoid the deprecations being triggered in PHP 8.1.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Version: 9.4.x-dev » 9.3.x-dev
Priority: Normal » Critical

I think this is critical to land in 9.3.x before the next patch release as it reverts the unintended behaviour changes in #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented

FWIW #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning landed in 9.3.7

The last submitted patch, 16: 3269085-16-will-fail.patch, failed testing. View results

danflanagan8’s picture

danflanagan8
Primary language English
Location St. Louis, US
CreditAttribution: danflanagan8 at Horizontal commented
Status: Needs review » Reviewed & tested by the community
FileSize
combined-diff.txt2.66 KB

I'm reviewing this issue and wanted to post a little diff I made. This is the combined diff of the patch in #16 applied on top of the patch that was committed in #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning. This diff shows the net effect of the two patches and I think offers a clear picture of what's going on here. We can think of this diff as the fix we would make in #3264050: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning if we could go back in time.

The patch in #16 looks great. It uses null coalesce to avoid triggering the php error instead of using an if-block. This then allows an empty string to continue to be processed instead of being skipped, thus removing the unintended behavior changes. The added test coverage here is awesome. RTBC.

That failure on 10.0.x looks random, FWIW.

  • catch committed 95273b8 on 10.0.x 
    Issue #3269085 by alexpott, larowlan, danflanagan8, Matroskeen: [random...

  • catch committed 0f24b08 on 9.4.x 
    Issue #3269085 by alexpott, larowlan, danflanagan8, Matroskeen: [random...
catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch at Third and Grove commented
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 10.0.x, cherry-picked to 9.4.x and 9.3.x, thanks!

  • catch committed 5130a75 on 9.3.x 
    Issue #3269085 by alexpott, larowlan, danflanagan8, Matroskeen: [random...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.