Page MenuHomePhabricator

[services] Tunnelbroker - Requests SessionID format validation.
ClosedPublic

Authored by max on Feb 4 2022, 6:22 PM.
Tags
None
Referenced Files
F3247562: D3113.id9614.diff
Fri, Nov 15, 6:05 AM
F3247561: D3113.id9613.diff
Fri, Nov 15, 6:05 AM
Unknown Object (File)
Tue, Nov 12, 3:00 AM
Unknown Object (File)
Tue, Nov 12, 2:34 AM
Unknown Object (File)
Tue, Nov 12, 1:20 AM
Unknown Object (File)
Tue, Nov 12, 12:14 AM
Unknown Object (File)
Mon, Nov 11, 11:38 PM
Unknown Object (File)
Mon, Nov 11, 11:29 PM

Details

Summary

Check the session format validity in the gRPC request handler using the simple validate function, as we have for deviceID in D2978

Related linear task ENG-650

*Dependencies:*
Depends on D3124

Test Plan

Sent valid format of UUID and got true.
Sent wrong format of UUID and got false.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

max added reviewers: tomek, karol.
services/tunnelbroker/docker-server/contents/server/src/Constants.h
21 ↗(On Diff #9311)

Is there any risk of multiple threads accessing this std::regex at the same time via std::regex_match? If so, is that behavior thread-safe?

tomek requested changes to this revision.Feb 7 2022, 2:13 AM
tomek added inline comments.
services/tunnelbroker/docker-server/contents/server/src/Constants.h
22 ↗(On Diff #9311)

Do we need to use word boundaries \b here? Do they improve anything?

What do you think about reducing the duplication in this regex? Do you think it is more readable, or should we keep the current approach?
[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}

services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
66 ↗(On Diff #9311)

What are the exceptions that we expect here?

This revision now requires changes to proceed.Feb 7 2022, 2:13 AM

Rebase, remove word boundaries from sessionID regexp.

max edited the summary of this revision. (Show Details)
max added inline comments.
services/tunnelbroker/docker-server/contents/server/src/Constants.h
21 ↗(On Diff #9311)

Is there any risk of multiple threads accessing this std::regex at the same time via std::regex_match? If so, is that behavior thread-safe?

Constant regexp is thread-safe, we don't have mutations here.
It's safe to use it std::regex_match from multiple threads with const immutable std::regex.

22 ↗(On Diff #9311)

Do we need to use word boundaries \b here? Do they improve anything?

What do you think about reducing the duplication in this regex? Do you think it is more readable, or should we keep the current approach?
[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}

We can omit using \b here. I've removed them.

services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
66 ↗(On Diff #9311)

What are the exceptions that we expect here?

I think we can catch regex_error here.

This revision is now accepted and ready to land.Feb 9 2022, 3:37 AM
This revision now requires review to proceed.Feb 9 2022, 3:37 AM
services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
153–159 ↗(On Diff #9424)

Why cannot we throw in validateSessionID and let the current catch handle the rest?

195–201 ↗(On Diff #9424)

Why cannot we throw in validateSessionID and let the current catch handle the rest?

services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
53–56 ↗(On Diff #9424)

Why cannot we just throw here?

acceptin' but please respond

Can you rebase and retrigger the build by running arc diff so that the build appears green before landing?

Also curious about the question @karol-bisztyga asked, but I guess if the error is more specific that could be worth it.

This revision is now accepted and ready to land.Feb 9 2022, 9:36 PM
max marked 3 inline comments as done.

Rebasing.

max added inline comments.
services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
153–159 ↗(On Diff #9424)

Why cannot we throw in validateSessionID and let the current catch handle the rest?

If we throw an error here we can't log here and can return only one type of status code for grpc (which is described in catch).

I'm sure we must think about logging the errors at the server-side and returning the detailed description to the client, because in case of error even if don't have the server logs we can rely on the user's bug report with the error and description that he received.

In the app full-cycle, it works like: client app received an error and suggests the user fill the bug report or even send it automatically if the user agreed on this permission. That's why we need to send to the client detailed errors, to catch and resolve the possible bugs in the future.

services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
53–56 ↗(On Diff #9424)

Why cannot we just throw here?

It's not a good practice to throw an error inside the shared function and catch that error at the "upper" caller level. It will hard to debug this way and use this function properly.

max marked 2 inline comments as done.

Rebase on master.