wiki:

TracQuery


Version 1 (modified by trac, 6 years ago) (diff)

--

Trac Ticket Queries

In addition to reports, Trac provides support for custom ticket queries, used to display lists of tickets meeting a specified set of criteria.

To configure and execute a custom query, switch to the View Tickets module from the navigation bar, and select the Custom Query link.

Filters

When you first go to the query page the default filter will display tickets relevant to you:

  • If logged in then all open tickets it will display open tickets assigned to you.
  • If not logged in but you have specified a name or email address in the preferences then it will display all open tickets where your email (or name if email not defined) is in the CC list.
  • If not logged and no name/email defined in the preferences then all open issues are displayed.

Current filters can be removed by clicking the button to the left with the minus sign on the label. New filters are added from the pulldown lists at the bottom corners of the filters box ('And' conditions on the left, 'Or' conditions on the right). Filters with either a text box or a pulldown menu of options can be added multiple times to perform an or of the criteria.

You can use the fields just below the filters box to group the results based on a field, or display the full description for each ticket.

Once you've edited your filters click the Update button to refresh your results.

Clicking on one of the query results will take you to that ticket. You can navigate through the results by clicking the Next Ticket or Previous Ticket links just below the main menu bar, or click the Back to Query link to return to the query page.

You can safely edit any of the tickets and continue to navigate through the results using the Next/Previous/Back to Query links after saving your results. When you return to the query any tickets which were edited will be displayed with italicized text. If one of the tickets was edited such that it no longer matches the query criteria the text will also be greyed. Lastly, if a new ticket matching the query criteria has been created, it will be shown in bold.

The query results can be refreshed and cleared of these status indicators by clicking the Update button again.

Saving Queries

Trac allows you to save the query as a named query accessible from the reports module. To save a query ensure that you have Updated the view and then click the Save query button displayed beneath the results. You can also save references to queries in Wiki content, as described below.

Note: one way to easily build queries like the ones below, you can build and test the queries in the Custom report module and when ready - click Save query. This will build the query string for you. All you need to do is remove the extra line breaks.

You may want to save some queries so that you can come back to them later. You can do this by making a link to the query from any Wiki page.

[query:status=new|assigned|reopened&version=1.0 Active tickets against 1.0]

Which is displayed as:

Active tickets against 1.0

This uses a very simple query language to specify the criteria (see Query Language).

Alternatively, you can copy the query string of a query and paste that into the Wiki link, including the leading ? character:

[query:?status=new&status=assigned&status=reopened&group=owner Assigned tickets by owner]

Which is displayed as:

Assigned tickets by owner

Using the [[TicketQuery]] Macro

The TicketQuery macro lets you display lists of tickets matching certain criteria anywhere you can use WikiFormatting.

Example:

[[TicketQuery(version=0.6|0.7&resolution=duplicate)]]

This is displayed as:

No results

Just like the query: wiki links, the parameter of this macro expects a query string formatted according to the rules of the simple ticket query language.

A more compact representation without the ticket summaries is also available:

[[TicketQuery(version=0.6|0.7&resolution=duplicate, compact)]]

This is displayed as:

No results

Finally, if you wish to receive only the number of defects that match the query, use the count parameter.

[[TicketQuery(version=0.6|0.7&resolution=duplicate, count)]]

This is displayed as:

0

Customizing the table format

You can also customize the columns displayed in the table format (format=table) by using col=<field> - you can specify multiple fields and what order they are displayed by placing pipes (|) between the columns like below:

[[TicketQuery(max=3,status=closed,order=id,desc=1,format=table,col=resolution|summary|owner|reporter)]]

This is displayed as:

Results (1 - 3 of 4575)

1 2 3 4 5 6 7 8 9 10 11
Ticket Resolution Summary Owner Reporter
#6000 duplicate Converting animated GIF to a format other that MP4 cuts some frames native-api
#5997 fixed Doesn't build with chromaprint 1.4 marillat
#5994 fixed Heap-overflow in rtmppkt.c results Remote Code Execution paulch
1 2 3 4 5 6 7 8 9 10 11

Full rows

In table format you can also have full rows by using rows=<field> like below:

[[TicketQuery(max=3,status=closed,order=id,desc=1,format=table,col=resolution|summary|owner|reporter,rows=description)]]

This is displayed as:

Results (1 - 3 of 4575)

1 2 3 4 5 6 7 8 9 10 11
Ticket Resolution Summary Owner Reporter
#6000 duplicate Converting animated GIF to a format other that MP4 cuts some frames native-api
Description

Summary of the bug: Converting animated GIF to a format other that MP4 cuts the last frame (at least).

The sample GIF has the last frame's duration of 10370ms, totaling ~0:25. The resulting video is ~0:15. Reproduced for AVI and MKV; other formats probably affected, too. Likely related to #4235.

How to reproduce:

% ffmpeg.exe -y -i sample.gif -c:v mpeg4 videoout.avi
ffmpeg version N-78758-g5156578
built with gcc 5.3.0 (GCC)

Also reproduced on ffmpeg version N-80901-gfebc862 built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.3) (http://superuser.com/q/1153435/106224)

#5997 fixed Doesn't build with chromaprint 1.4 marillat
Description

Build is i386 Debian unstable

CC	libavformat/chromaprint.o
libavformat/chromaprint.c:42:24: error: field ‘ctx’ has incomplete type
     ChromaprintContext ctx;
                        ^~~
libavformat/chromaprint.c: In function ‘write_packet’:
libavformat/chromaprint.c:112:39: warning: passing argument 2 of ‘chromaprint_feed’ from incompatible pointer type [-Wincompatible-pointer-types]
     return chromaprint_feed(cpr->ctx, pkt->data, pkt->size / 2) ? 0 : AVERROR(EINVAL);
                                       ^~~
In file included from libavformat/chromaprint.c:25:0:
/usr/include/chromaprint.h:235:21: note: expected ‘const int16_t * {aka const short int *}’ but argument is of type ‘uint8_t * {aka unsigned char *}’
 CHROMAPRINT_API int chromaprint_feed(ChromaprintContext *ctx, const int16_t *data, int size);
                     ^~~~~~~~~~~~~~~~
libavformat/chromaprint.c: In function ‘write_trailer’:
libavformat/chromaprint.c:127:52: warning: passing argument 2 of ‘chromaprint_get_raw_fingerprint’ from incompatible pointer type [-Wincompatible-pointer-types]
     if (!chromaprint_get_raw_fingerprint(cpr->ctx, &fp, &size)) {
                                                    ^
In file included from libavformat/chromaprint.c:25:0:
/usr/include/chromaprint.h:273:21: note: expected ‘uint32_t ** {aka unsigned int **}’ but argument is of type ‘void **’
 CHROMAPRINT_API int chromaprint_get_raw_fingerprint(ChromaprintContext *ctx, uint32_t **fingerprint, int *size);
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libavformat/chromaprint.c:138:71: warning: passing argument 4 of ‘chromaprint_encode_fingerprint’ from incompatible pointer type [-Wincompatible-pointer-types]
         if (!chromaprint_encode_fingerprint(fp, size, cpr->algorithm, &enc_fp, &enc_size,
                                                                       ^
In file included from libavformat/chromaprint.c:25:0:
/usr/include/chromaprint.h:331:21: note: expected ‘char **’ but argument is of type ‘void **’
 CHROMAPRINT_API int chromaprint_encode_fingerprint(const uint32_t *fp, int size, int algorithm, char **encoded_fp, int *encoded_size, int base64);
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libavformat/chromaprint.c: In function ‘write_packet’:
libavformat/chromaprint.c:113:1: error: control reaches end of non-void function [-Werror=return-type]
 }
 ^
cc1: some warnings being treated as errors
#5994 fixed Heap-overflow in rtmppkt.c results Remote Code Execution paulch
Description

Summary of the bug: We managed to find and successfully exploit critical security bug in libavformat/rtmppkt.c that results Remote Code Execution in latest version of FFmpeg.

Prerequisites:

  • Attacker has to reproduce SSRF bug and send RTMP request to his remote host. There are multiple ways of doing this already described all over the Internet. (For ex. you can trigger SSRF using HLS playlists or the way I described earlier in this ​ticket ).
  • For full exploitation knowledge of FFmpeg binary is required.

Overview: Main issue is contained inside rtmp_packet_read_one_chunk function. Size of each packet is being read using AV_RB24 each time the packet has been received. If packet with such channel_id does not exist it creates new one using ff_rtmp_packet_create. Inside ff_rtmp_packet_create space gets allocated using av_realloc using size variable. Later toread value is computed which really means toread = FFMIN(value, 0x80) ) and passed to ffurl_read_complete function. If size value is still more than zero we have to read once more. Next time we can send another size value and it is not being checked that is different from the previous one, so more bytes have been read than size of the current packet.

Steps to reproduce:

I am attaching PoC file that reproduces the simple crash. Steps to reproduce bug:

$ python rtmp_poc.py &
$ ffmpeg -v trace -i rtmp://localhost:12345/
$ gdb -q ./ffmpeg_g
(gdb) r -v trace -i rtmp://localhost:12345/

I am also attaching gdb stack-trace.

Recommended fix:

Checking that the size has not been changed from one chunk to another would do it.

Final words: Our team plans to release full exploit and blogpost with full details on exploitation in 30 days or as soon as you patch vulnerability. Contact me if you need more details on vulnerability.

1 2 3 4 5 6 7 8 9 10 11

Query Language

query: TracLinks and the [[TicketQuery]] macro both use a mini “query language” for specifying query filters. Basically, the filters are separated by ampersands (&). Each filter then consists of the ticket field name, an operator, and one or more values. More than one value are separated by a pipe (|), meaning that the filter matches any of the values. To include a literal & or | in a value, escape the character with a backslash (\).

The available operators are:

= the field content exactly matches one of the values
~= the field content contains one or more of the values
^= the field content starts with one of the values
$= the field content ends with one of the values

All of these operators can also be negated:

!= the field content matches none of the values
!~= the field content does not contain any of the values
!^= the field content does not start with any of the values
!$= the field content does not end with any of the values

The date fields created and modified can be constrained by using the = operator and specifying a value containing two dates separated by two dots (..). Either end of the date range can be left empty, meaning that the corresponding end of the range is open. The date parser understands a few natural date specifications like "3 weeks ago", "last month" and "now", as well as Bugzilla-style date specifications like "1d", "2w", "3m" or "4y" for 1 day, 2 weeks, 3 months and 4 years, respectively. Spaces in date specifications can be left out to avoid having to quote the query string.

created=2007-01-01..2008-01-01 query tickets created in 2007
created=lastmonth..thismonth query tickets created during the previous month
modified=1weekago.. query tickets that have been modified in the last week
modified=..30daysago query tickets that have been inactive for the last 30 days

See also: TracTickets, TracReports, TracGuide