Fix: Code vulnerabilities and unsafe practices #350
+662
−193
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…QueryStateMachine
…in LastMinuteLatency
…ess and secret keys
|
|
|
IDK why the e2e-test is failing, locally all the tests have passed. May be some kind of initialization issues in the CI/CD workflow. Please check on that and let me know. |
|
It looks like the unit test failed. |
Yess...i've been diving deep into the issue...i'm fixing them up |
Thank you for your contribution! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of Change
Related Issues
Summary of Changes
This pull request introduces a series of safety and validation improvements across several modules, focusing on robust error handling for integer overflows, resource exhaustion, and port validation. The changes are grouped into three main themes: erasure coding arithmetic safety, time/resource exhaustion protection, and port validation in service management.
Arithmetic Safety and Error Handling in Erasure Coding:
checked_add,checked_sub,checked_mul) and error propagation inErasureandShardReaderimplementations to prevent integer overflows during size calculations, block offsets, and data writes. All critical arithmetic operations now return explicit errors or safe defaults on overflow, improving reliability and maintainability. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]Protection Against Resource Exhaustion and Unbounded Loops:
LastMinuteLatencyto prevent resource exhaustion and unbounded loops, including a new safe version ofget_totalthat returns errors if time jumps are excessive.LastMinuteHistogramdoes not exceed bounds by clamping the tag index.Port Validation and Error Messaging in Service Management:
ServiceManagerto include explicit range checks, reserved port warnings, and unified parsing/validation logic. Service start and restart methods now validate ports before proceeding, with improved error messaging. [1] [2] [3] [4]Refactoring for Code Safety
Replaced unsafe
AtomicPtrusage with the saferArc<RwLock>primitive for concurrent state management in both theQueryStateMachineand themetadata Cache. This improves memory safety and reduces the risk of race conditions.These changes collectively enhance the system's robustness against common runtime errors and improve operational safety.
Checklist
cargo fmt --allcargo clippy --all-targets --all-features -- -D warningscargo check --all-targetsImpact
Additional Notes
Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.