[tarantool-patches] Re: [PATCH v2 4/4] app: allow to raise an error on too nested tables
Vladislav Shpilevoy
v.shpilevoy at tarantool.org
Sat Sep 14 01:32:28 MSK 2019
Thanks for the review!
On 13/09/2019 01:32, Alexander Turenko wrote:
>> app: allow to raise an error on too nested tables
>
> The commit header and the description looks like we have 'crop'
> behaviour as default, however it is not more so.
>
> I agree that we should change the default behaviour and raise an error
> by default. This however should be clearly stated in the docbot request.
Ok, new commit message:
app: raise an error on too nested tables serialization
Closes #4434
Follow-up #4366
@TarantoolBot document
Title: json/msgpack.cfg.encode_crop_too_deep option
Tarantool has several so called serializers to convert data
between Lua and another format: YAML, JSON, msgpack.
YAML is a crazy serializer without depth restrictions. But for
JSON and msgpack a user could set encode_max_depth option. That
option led to crop of a table when it had too many nested levels.
Sometimes such behaviour is undesirable.
Now an error is raised instead of data corruption:
t = nil
for i = 1, 100 do t = {t} end
msgpack.encode(t) -- Here an exception is thrown.
To disable it and return the old behaviour back here is a new
option:
<serializer>.cfg({encode_crop_too_deep = true})
Option encode_crop_too_deep works for JSON and msgpack modules,
and is false by default. It means, that now if some existing
users have cropping, even intentional, they will get the
exception.
>
> See more comments below.
>
> WBR, Alexander Turenko.
>
>> msgpack.cfg({encode_crop_too_deep = false})
>
> We have encode_invalid_as_nil with the similar meanings, so, maybe,
> encode_too_deep_as_nil?
>
> Or maybe rephrase 'too deep' as one word: foots, dregs, underside? Those
> variants don't look good, but maybe you know some word that would fit
> better.
No, I don't know a good synonym. But perhaps we could use
'encode_max_depth_and_crop'. That 1) makes clear, that the option is
related to 'encode_max_depth', 2) is obvious, that data deeper than
max_depth is cropped. Is it ok?
Or 'encode_crop_after_max_depth'. Or 'encode_trim_by_max_depth'.
>> + if (! cfg->encode_crop_too_deep)
>> + return luaL_error(L, "Too high nest level");
>
> We can easily give more information: say, a current max depth level; so
> I think it worth to add to the error message. (The same for msgpackffi
> and json.)
>
The error message will always just contain cfg.encode_max_depth + 1, I
don't think it makes much sense to return it. But ok, it won't make worse:
diff --git a/src/lua/msgpack.c b/src/lua/msgpack.c
index b1354776d..06f6dc53e 100644
--- a/src/lua/msgpack.c
+++ b/src/lua/msgpack.c
@@ -143,8 +143,10 @@ restart: /* used by MP_EXT */
case MP_MAP:
/* Map */
if (level >= cfg->encode_max_depth) {
- if (! cfg->encode_crop_too_deep)
- return luaL_error(L, "Too high nest level");
+ if (! cfg->encode_crop_too_deep) {
+ return luaL_error(L, "Too high nest level - %d",
+ level + 1);
+ }
mpstream_encode_nil(stream); /* Limit nested maps */
return MP_NIL;
}
@@ -167,7 +169,8 @@ restart: /* used by MP_EXT */
/* Array */
if (level >= cfg->encode_max_depth) {
- if (! cfg->encode_crop_too_deep)
- return luaL_error(L, "Too high nest level");
+ if (! cfg->encode_crop_too_deep) {
+ return luaL_error(L, "Too high nest level - %d",
+ level + 1);
+ }
mpstream_encode_nil(stream); /* Limit nested arrays */
return MP_NIL;
}
diff --git a/src/lua/msgpackffi.lua b/src/lua/msgpackffi.lua
index 73d0d6fe2..138663ccb 100644
--- a/src/lua/msgpackffi.lua
+++ b/src/lua/msgpackffi.lua
@@ -220,7 +220,8 @@ local function encode_r(buf, obj, level)
elseif type(obj) == "table" then
if level >= msgpack.cfg.encode_max_depth then
if not msgpack.cfg.encode_crop_too_deep then
- error('Too high nest level')
+ error(string.format('Too high nest level - %d',
+ msgpack.cfg.encode_max_depth + 1))
end
encode_nil(buf)
return
>> + -- gh-4434 (yes, the same issue): let users choose whether
>> + -- they want to raise an error on tables with too high nest
>> + -- level.
>> + --
>> + s.cfg({encode_crop_too_deep = false})
>> +
>> + local t = nil
>> + for i = 1, max_depth + 1 do t = {t} end
>> + local ok, err = pcall(s.encode, t)
>> + test:ok(not ok, "too deep encode depth")
>> +
>> + s.cfg({encode_max_depth = max_depth + 1})
>> + ok, err = pcall(s.encode, t)
>> + test:ok(ok, "no throw in a corner case")
>> +
>> + s.cfg({encode_crop_too_deep = true, encode_max_depth = max_depth})
>
> I think we should save a default value of the option and set it here as
> we do with encode_max_depth. (The same for msgpackffi.test.lua.)
Agree, it looks more correct. Only not 'default' but just 'previous',
used before a test:
diff --git a/test/app-tap/json.test.lua b/test/app-tap/json.test.lua
index 0a8966866..ba77a8d77 100755
--- a/test/app-tap/json.test.lua
+++ b/test/app-tap/json.test.lua
@@ -38,9 +38,10 @@ tap.test("json", function(test)
--
-- gh-2888: Check the possibility of using options in encode()/decode().
--
+ local orig_encode_crop_too_deep = serializer.cfg.encode_crop_too_deep
local orig_encode_max_depth = serializer.cfg.encode_max_depth
local sub = {a = 1, { b = {c = 1, d = {e = 1}}}}
- serializer.cfg({encode_max_depth = 1})
+ serializer.cfg({encode_max_depth = 1, encode_crop_too_deep = true})
test:ok(serializer.encode(sub) == '{"1":null,"a":1}',
'depth of encoding is 1 with .cfg')
serializer.cfg({encode_max_depth = orig_encode_max_depth})
@@ -121,5 +122,6 @@ tap.test("json", function(test)
rec4['b'] = rec4
test:is(serializer.encode(rec4),
'{"a":{"a":null,"b":null},"b":{"a":null,"b":null}}')
- serializer.cfg({encode_max_depth = orig_encode_max_depth})
+ serializer.cfg({encode_max_depth = orig_encode_max_depth,
+ encode_crop_too_deep = orig_encode_crop_too_deep})
end)
diff --git a/test/app-tap/lua/serializer_test.lua b/test/app-tap/lua/serializer_test.lua
index 4fa2924cf..85738924a 100644
--- a/test/app-tap/lua/serializer_test.lua
+++ b/test/app-tap/lua/serializer_test.lua
@@ -418,6 +418,7 @@ local function test_depth(test, s)
-- they want to raise an error on tables with too high nest
-- level.
--
+ local crop_too_deep = s.cfg.encode_crop_too_deep
s.cfg({encode_crop_too_deep = false})
local t = nil
@@ -429,7 +430,7 @@ local function test_depth(test, s)
ok, err = pcall(s.encode, t)
test:ok(ok, "no throw in a corner case")
- s.cfg({encode_crop_too_deep = true, encode_max_depth = max_depth})
+ s.cfg({encode_crop_too_deep = crop_too_deep, encode_max_depth = max_depth})
end
return {
diff --git a/test/app-tap/msgpackffi.test.lua b/test/app-tap/msgpackffi.test.lua
index a418f5ac1..dbae72362 100755
--- a/test/app-tap/msgpackffi.test.lua
+++ b/test/app-tap/msgpackffi.test.lua
@@ -82,6 +82,7 @@ local function test_other(test, s)
return level
end
local msgpack = require('msgpack')
+ local crop_too_deep = msgpack.cfg.encode_crop_too_deep
msgpack.cfg({encode_crop_too_deep = true})
local max_depth = msgpack.cfg.encode_max_depth
local result_depth = check_depth(max_depth + 5)
@@ -110,7 +111,8 @@ local function test_other(test, s)
local ok = pcall(check_depth, max_depth + 6)
test:ok(not ok, "exception is thrown when crop is not allowed")
- msgpack.cfg({encode_max_depth = max_depth})
+ msgpack.cfg({encode_crop_too_deep = crop_too_deep,
+ encode_max_depth = max_depth})
end
tap.test("msgpackffi", function(test)
>
> BTW, the default is 'false' and we should set the default value here
> (now we set 'true'). Following test cases (e.g. gh-2888 test case in
> app-tap/json.test.lua) should set and restore the option locally.
>
> Maybe it also worth add a test case that will verify that the default
> behaviour is to raise an error?
>
Not sure. Such a test would assume a certain value of
msgpack.cfg.encode_crop_too_deep. This is exactly what I was trying to
avoid in the tests.
More information about the Tarantool-patches
mailing list