Bound UnifiedPush endpoint store load#28
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2470127192
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if metadata.len() > UNIFIEDPUSH_ENDPOINTS_MAX_BYTES { | ||
| error!( | ||
| "UnifiedPush endpoints file too large ({} bytes > {} bytes), starting with empty store", | ||
| metadata.len(), | ||
| UNIFIEDPUSH_ENDPOINTS_MAX_BYTES | ||
| ); | ||
| self.endpoints.write().await.clear(); | ||
| return Ok(()); |
There was a problem hiding this comment.
When normal UnifiedPush registrations serialize to more than 2 MiB, register_endpoint/save_endpoints still write the oversized JSON without any guard, but the next startup now takes this branch and clears the in-memory map instead of loading it. That means the service can create its own persistent state and then discard all registrations after a restart; please either enforce the same cap before saving or use a load limit that valid persisted data cannot exceed.
Useful? React with 👍 / 👎.
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
AndreaDiazCorreia
left a comment
AndreaDiazCorreia
left a comment
There was a problem hiding this comment.
Thanks for the fix. Codex's note is worth addressing before merging. load_endpoints rejects files over 2 MiB but save_endpoints and register_endpoint will write any size. Once the registration endpoint lands, we can write a file over 2 MiB, restart, and silently wipe every registration. That's the kind of thing the issue is trying to prevent.
Simplest fix is checking the serialized size in save_endpoints and refusing to write if it goes over the limit. If that feels out of scope, at least a comment on save_endpoints flagging the invariant plus a follow-up issue.
Also, the warn! on a stat failure other than NotFound should be error!, same as the oversize branch. And after we log the oversize error the file stays on disk, so every boot will hit it forever. Either rename it to .corrupt. or document that the operator has to clean it up.
Rest looks good.
2 participants
Summary
Security validation
Source/sink/control: data/unifiedpush_endpoints.json was read fully into memory with fs::read_to_string before any bound. load_endpoints now checks metadata length first and refuses oversized files before reading.
Original issue no longer reproduces:
Refs #10
Tests