This contribution introduces a standalone tool to help identify and fix, when possible, changesets affected by CVE-2024-30246. The standalone tool can built into an independant PHAR archive by running `composer run build` in `tools/utils/CVE-2024-30246/`. The tool provide two sub-commands: * `identify`: this sub-command is expected to be executed on the production datase (or a copy of it). It will give you dates that can be used to extract from your backups a not corrupted DB and a document with the list of potentially affected changeset value ID. * `retrieve`: this sub-command uses the document generated by the `identify` sub-command and must be run against a restored DB. It generates SQL queries to re-insert the corrupted changeset values into the production DB. Related to request #37545: Deleting or moving an artifact can delete values from unrelated artifacts Change-Id: I7664520307a7cdf08dba5f1021e109b505d2cc51

+5072 −0

Author

Joris MASSON (jmasson) 2024-04-11 17:40

Committer

Marie Ange Garnier (marieange) 2024-04-19 09:38

Hash 8881e29531b0d65f9b70562af10178df83206d59

Parent e5de84a0d277d89f6993f6b1464d2820976705ce

Reference git #tuleap/stable/8881e29531b0d65f9b70562af10178df83206d59