Details
-
Bug
-
Resolution: Unresolved
-
Not Evaluated
-
None
-
production
-
None
Description
Cherry-pick bot should avoid loading any plugin code unless explicitly enabled.
The current loading routine uses the `autoloader` package on the entire plugin_bots directory. As a result, each file in the directory structure is loaded and initialized before config is checked. While the plugins ultimately don't get mounted to the Notifier instance and are not allowed access to the rest of cherry-pick bot, using autoloader indiscriminately could lead to undefined behavior if a plugin has a startup routine. Further, autoloader loads non-target files, which means that any development scripts that may reside in a plugin directory are unintentionally loaded and executed when starting the main application.
This can be fixed by ditching autoloader and being more intentional about what gets loaded, and when. Check the config first, and then explicitly use require to load the module and then create an instance of the plugin before binding it.
Attachments
Gerrit Reviews
| For Gerrit Dashboard: QTQAINFRA-7058 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 634383,2 | Fix loading of plugins avoid running code when disabled | dev | qtbots/qtcherrypickbot | Status: NEW | 0 | 0 |