From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id F409D251BD for ; Fri, 13 Sep 2019 18:28:44 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JZ0JKNDBxWFX for ; Fri, 13 Sep 2019 18:28:44 -0400 (EDT) Received: from smtpng3.m.smailru.net (smtpng3.m.smailru.net [94.100.177.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 827F025223 for ; Fri, 13 Sep 2019 18:28:39 -0400 (EDT) Subject: [tarantool-patches] Re: [PATCH v2 4/4] app: allow to raise an error on too nested tables References: <20190912233231.zs3c6o2zv7pyl6lo@tkn_work_nb> From: Vladislav Shpilevoy Message-ID: <691762ba-48a6-04b2-d0e0-bafdad317217@tarantool.org> Date: Sat, 14 Sep 2019 00:32:28 +0200 MIME-Version: 1.0 In-Reply-To: <20190912233231.zs3c6o2zv7pyl6lo@tkn_work_nb> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-Help: List-Unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-Subscribe: List-Owner: List-post: List-Archive: To: Alexander Turenko Cc: tarantool-patches@freelists.org Thanks for the review! On 13/09/2019 01:32, Alexander Turenko wrote: >> app: allow to raise an error on too nested tables > > The commit header and the description looks like we have 'crop' > behaviour as default, however it is not more so. > > I agree that we should change the default behaviour and raise an error > by default. This however should be clearly stated in the docbot request. Ok, new commit message: app: raise an error on too nested tables serialization Closes #4434 Follow-up #4366 @TarantoolBot document Title: json/msgpack.cfg.encode_crop_too_deep option Tarantool has several so called serializers to convert data between Lua and another format: YAML, JSON, msgpack. YAML is a crazy serializer without depth restrictions. But for JSON and msgpack a user could set encode_max_depth option. That option led to crop of a table when it had too many nested levels. Sometimes such behaviour is undesirable. Now an error is raised instead of data corruption: t = nil for i = 1, 100 do t = {t} end msgpack.encode(t) -- Here an exception is thrown. To disable it and return the old behaviour back here is a new option: .cfg({encode_crop_too_deep = true}) Option encode_crop_too_deep works for JSON and msgpack modules, and is false by default. It means, that now if some existing users have cropping, even intentional, they will get the exception. > > See more comments below. > > WBR, Alexander Turenko. > >> msgpack.cfg({encode_crop_too_deep = false}) > > We have encode_invalid_as_nil with the similar meanings, so, maybe, > encode_too_deep_as_nil? > > Or maybe rephrase 'too deep' as one word: foots, dregs, underside? Those > variants don't look good, but maybe you know some word that would fit > better. No, I don't know a good synonym. But perhaps we could use 'encode_max_depth_and_crop'. That 1) makes clear, that the option is related to 'encode_max_depth', 2) is obvious, that data deeper than max_depth is cropped. Is it ok? Or 'encode_crop_after_max_depth'. Or 'encode_trim_by_max_depth'. >> + if (! cfg->encode_crop_too_deep) >> + return luaL_error(L, "Too high nest level"); > > We can easily give more information: say, a current max depth level; so > I think it worth to add to the error message. (The same for msgpackffi > and json.) > The error message will always just contain cfg.encode_max_depth + 1, I don't think it makes much sense to return it. But ok, it won't make worse: diff --git a/src/lua/msgpack.c b/src/lua/msgpack.c index b1354776d..06f6dc53e 100644 --- a/src/lua/msgpack.c +++ b/src/lua/msgpack.c @@ -143,8 +143,10 @@ restart: /* used by MP_EXT */ case MP_MAP: /* Map */ if (level >= cfg->encode_max_depth) { - if (! cfg->encode_crop_too_deep) - return luaL_error(L, "Too high nest level"); + if (! cfg->encode_crop_too_deep) { + return luaL_error(L, "Too high nest level - %d", + level + 1); + } mpstream_encode_nil(stream); /* Limit nested maps */ return MP_NIL; } @@ -167,7 +169,8 @@ restart: /* used by MP_EXT */ /* Array */ if (level >= cfg->encode_max_depth) { - if (! cfg->encode_crop_too_deep) - return luaL_error(L, "Too high nest level"); + if (! cfg->encode_crop_too_deep) { + return luaL_error(L, "Too high nest level - %d", + level + 1); + } mpstream_encode_nil(stream); /* Limit nested arrays */ return MP_NIL; } diff --git a/src/lua/msgpackffi.lua b/src/lua/msgpackffi.lua index 73d0d6fe2..138663ccb 100644 --- a/src/lua/msgpackffi.lua +++ b/src/lua/msgpackffi.lua @@ -220,7 +220,8 @@ local function encode_r(buf, obj, level) elseif type(obj) == "table" then if level >= msgpack.cfg.encode_max_depth then if not msgpack.cfg.encode_crop_too_deep then - error('Too high nest level') + error(string.format('Too high nest level - %d', + msgpack.cfg.encode_max_depth + 1)) end encode_nil(buf) return >> + -- gh-4434 (yes, the same issue): let users choose whether >> + -- they want to raise an error on tables with too high nest >> + -- level. >> + -- >> + s.cfg({encode_crop_too_deep = false}) >> + >> + local t = nil >> + for i = 1, max_depth + 1 do t = {t} end >> + local ok, err = pcall(s.encode, t) >> + test:ok(not ok, "too deep encode depth") >> + >> + s.cfg({encode_max_depth = max_depth + 1}) >> + ok, err = pcall(s.encode, t) >> + test:ok(ok, "no throw in a corner case") >> + >> + s.cfg({encode_crop_too_deep = true, encode_max_depth = max_depth}) > > I think we should save a default value of the option and set it here as > we do with encode_max_depth. (The same for msgpackffi.test.lua.) Agree, it looks more correct. Only not 'default' but just 'previous', used before a test: diff --git a/test/app-tap/json.test.lua b/test/app-tap/json.test.lua index 0a8966866..ba77a8d77 100755 --- a/test/app-tap/json.test.lua +++ b/test/app-tap/json.test.lua @@ -38,9 +38,10 @@ tap.test("json", function(test) -- -- gh-2888: Check the possibility of using options in encode()/decode(). -- + local orig_encode_crop_too_deep = serializer.cfg.encode_crop_too_deep local orig_encode_max_depth = serializer.cfg.encode_max_depth local sub = {a = 1, { b = {c = 1, d = {e = 1}}}} - serializer.cfg({encode_max_depth = 1}) + serializer.cfg({encode_max_depth = 1, encode_crop_too_deep = true}) test:ok(serializer.encode(sub) == '{"1":null,"a":1}', 'depth of encoding is 1 with .cfg') serializer.cfg({encode_max_depth = orig_encode_max_depth}) @@ -121,5 +122,6 @@ tap.test("json", function(test) rec4['b'] = rec4 test:is(serializer.encode(rec4), '{"a":{"a":null,"b":null},"b":{"a":null,"b":null}}') - serializer.cfg({encode_max_depth = orig_encode_max_depth}) + serializer.cfg({encode_max_depth = orig_encode_max_depth, + encode_crop_too_deep = orig_encode_crop_too_deep}) end) diff --git a/test/app-tap/lua/serializer_test.lua b/test/app-tap/lua/serializer_test.lua index 4fa2924cf..85738924a 100644 --- a/test/app-tap/lua/serializer_test.lua +++ b/test/app-tap/lua/serializer_test.lua @@ -418,6 +418,7 @@ local function test_depth(test, s) -- they want to raise an error on tables with too high nest -- level. -- + local crop_too_deep = s.cfg.encode_crop_too_deep s.cfg({encode_crop_too_deep = false}) local t = nil @@ -429,7 +430,7 @@ local function test_depth(test, s) ok, err = pcall(s.encode, t) test:ok(ok, "no throw in a corner case") - s.cfg({encode_crop_too_deep = true, encode_max_depth = max_depth}) + s.cfg({encode_crop_too_deep = crop_too_deep, encode_max_depth = max_depth}) end return { diff --git a/test/app-tap/msgpackffi.test.lua b/test/app-tap/msgpackffi.test.lua index a418f5ac1..dbae72362 100755 --- a/test/app-tap/msgpackffi.test.lua +++ b/test/app-tap/msgpackffi.test.lua @@ -82,6 +82,7 @@ local function test_other(test, s) return level end local msgpack = require('msgpack') + local crop_too_deep = msgpack.cfg.encode_crop_too_deep msgpack.cfg({encode_crop_too_deep = true}) local max_depth = msgpack.cfg.encode_max_depth local result_depth = check_depth(max_depth + 5) @@ -110,7 +111,8 @@ local function test_other(test, s) local ok = pcall(check_depth, max_depth + 6) test:ok(not ok, "exception is thrown when crop is not allowed") - msgpack.cfg({encode_max_depth = max_depth}) + msgpack.cfg({encode_crop_too_deep = crop_too_deep, + encode_max_depth = max_depth}) end tap.test("msgpackffi", function(test) > > BTW, the default is 'false' and we should set the default value here > (now we set 'true'). Following test cases (e.g. gh-2888 test case in > app-tap/json.test.lua) should set and restore the option locally. > > Maybe it also worth add a test case that will verify that the default > behaviour is to raise an error? > Not sure. Such a test would assume a certain value of msgpack.cfg.encode_crop_too_deep. This is exactly what I was trying to avoid in the tests.