Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CLIENT-2093] Add more input validation in client config and partition filter dictionaries #582

Open
wants to merge 10 commits into
base: dev
Choose a base branch
from
Open

[CLIENT-2093] Add more input validation in client config and partition filter dictionaries #582

wants to merge 10 commits into from

Conversation

juliannguyen4
Copy link
Collaborator

@juliannguyen4 juliannguyen4 commented Feb 16, 2024
edited
Loading

Valgrind

This branch: https://github.com/aerospike/aerospike-client-python/actions/runs/8104278566/job/22150570588
Dev: https://github.com/aerospike/aerospike-client-python/actions/runs/8103677912/job/22148781775

Changes

  • In client config, instead of silently ignoring values with invalid types, throw a ParamError
  • Throw a ParamError if client config option is specified as a 32-bit unsigned integer and the passed value is not a valid value of that type

Extra changes:

  • Fixed a bug where the client only takes in a str instead of a bytearray for the partition filter's digest at partition_filter["digest"]["value"]
  • If a host tuple's port is not an integer, throw a ParamError instead of setting it to 0.

Notes

  • Besides the changes listed above, I tried to avoid regressions wherever possible. If there was existing input validation for the setting, I didn't modify the code such that it returns a different error message.
  • No input validation added for deprecated / undocumented config options

@codecov-commenter
Copy link

codecov-commenter commented Feb 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 98.60465% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 81.84%. Comparing base (c5438a5) to head (fc8ccd5).
Report is 4 commits behind head on dev.

Files Patch % Lines
src/main/tls_config.c 91.42% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##              dev     #582      +/-   ##
==========================================
+ Coverage   81.35%   81.84%   +0.49%     
==========================================
  Files         100      100              
  Lines       15356    15512     +156     
==========================================
+ Hits        12493    12696     +203     
+ Misses       2863     2816      -47

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@juliannguyen4 juliannguyen4 force-pushed the CLIENT-2093-improve-input-validation branch 2 times, most recently from 35bc608 to 42ea3de Compare February 23, 2024 00:27
@juliannguyen4 juliannguyen4 force-pushed the CLIENT-2093-improve-input-validation branch 2 times, most recently from b7e566b to 8465fc2 Compare February 27, 2024 23:34
@juliannguyen4 juliannguyen4 force-pushed the CLIENT-2093-improve-input-validation branch from b696951 to c012182 Compare February 28, 2024 22:35
@juliannguyen4 juliannguyen4 changed the title [CLIENT-2093] Improve input validation in API [CLIENT-2093] Add more input validation in client config and partition filter dictionaries Feb 28, 2024
@juliannguyen4 juliannguyen4 marked this pull request as ready for review March 1, 2024 16:32
dwelch-spike
dwelch-spike requested changes Mar 6, 2024
View reviewed changes
Copy link
Contributor

@dwelch-spike dwelch-spike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently at line 800 of type.c. I will come back to this, here are comments for now.

src/main/client/type.c
Comment on lines +549 to +550
snprintf(error_msg, MAX_ERR_MSG_SIZE, "config%s must be a %s", config_keys,
expected_type_name);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
snprintf(error_msg, MAX_ERR_MSG_SIZE, "config%s must be a %s", config_keys,
expected_type_name);
snprintf(error_msg, MAX_ERR_MSG_SIZE, "config %s must be a %s", config_keys,
expected_type_name);

spacing between "config" and the config name

src/main/client/type.c
py_port = PyTuple_GetItem(py_host, 1);
if (PyLong_Check(py_port)) {
if (PyLong_CheckExact(py_port)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the exact check? Would a subclass cause a problem?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's because Python booleans are subtypes of Python integers. I found this out when testing my changes
https://docs.python.org/3/c-api/bool.html

Booleans in Python are implemented as a subclass of integers

src/main/client/type.c
Comment on lines +667 to +685
// ["hosts"][<10 chars max>][0]
// 1234567890123456789012345678
// 0 10 20 + 1 = 29
char keys_str[29];
snprintf(keys_str, 29, "[\"hosts\"][%d][0]", i);
initialize_config_value_type_err(
config_value_type_error_msg, keys_str, "str",
&error_code);
goto CONSTRUCTOR_ERROR;
}

py_port = PyTuple_GetItem(py_host, 1);
if (PyLong_Check(py_port)) {
if (PyLong_CheckExact(py_port)) {
port = (uint16_t)PyLong_AsLong(py_port);
}
else {
port = 0;
char keys_str[29];
snprintf(keys_str, 29, "[\"hosts\"][%d][1]", i);
initialize_config_value_type_err(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the "29" should be a constant, you could move the explanation from line 667 to the constant deceleration and give it a little more context.

src/main/client/type.c
Comment on lines +699 to +700
char keys_str[29];
snprintf(keys_str, 29, "[\"hosts\"][%d][2]", i);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here, should be a constant

dwelch-spike
dwelch-spike reviewed Mar 6, 2024
View reviewed changes
Copy link
Contributor

@dwelch-spike dwelch-spike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At tls_config.c line 33, will come back to this

src/main/client/type.c
@@ -1152,7 +1385,7 @@ static int set_rack_aware_config(as_config *conf, PyObject *config_dict)

py_config_value = PyDict_GetItemString(config_dict, "rack_id");
if (py_config_value) {
if (PyLong_Check(py_config_value)) {
if (PyLong_CheckExact(py_config_value)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the exact check? I'm not sure but I don't think a sub class would cause issues.

src/main/client/type.c
@@ -1188,7 +1421,7 @@ static int set_rack_aware_config(as_config *conf, PyObject *config_dict)
}

Py_INCREF(rack_id_pyobj);
if (PyLong_Check(rack_id_pyobj) == false) {
if (PyLong_CheckExact(rack_id_pyobj) == false) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the exact check? (same as above)

src/main/policy_config.c
@@ -768,7 +768,7 @@ as_status get_uint32_value(PyObject *py_policy_val, uint32_t *return_uint32)
if (!py_policy_val) {
return AEROSPIKE_ERR_PARAM;
}
if (PyLong_Check(py_policy_val)) {
if (PyLong_CheckExact(py_policy_val)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as others, why exact?

src/main/tls_config.c
@@ -25,68 +25,59 @@ static char *get_string_from_string_like(PyObject *string_like);
* Param: tls_conf PyDict.
* Fill in the appropriate TLS values of config based on the contents of
* tls_config
Returns NULL if no error occurred, or the config key and expected value type where the error occurred
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: should start with "*" like the other lines

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwelch-spike dwelch-spike dwelch-spike requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@juliannguyen4 @codecov-commenter @dwelch-spike