702685 - PHP record-size validation not ported over to python server

Status: VERIFIED FIXED

(Cloud Services Graveyard :: Server: Sync, defect)

Description

[Toby Elliott [:telliott]]

This snippet of code was in the php server:

		if ($this->payload_exists())
		{
			if (!is_string($this->wbo_hash['payload']))
			{ $this->_error[] = "payload needs to be json-encoded"; }
			else if (WEAVE_PAYLOAD_MAX_SIZE && mb_strlen($this->wbo_hash['payload'], '8bit') > WEAVE_PAYLOAD_MAX_SIZE)
			{ $this->_error[] = "payload too large"; }
		}

I cannot find the equivalent in the python server. Am I just missing it? It's a pretty important piece of protection.

Comment 1

[Toby Elliott [:telliott]]

sorry, should have been clearer - that's in the WBO validation method

Comment 2

[Tarek Ziadé (:tarek)]

no I did miss it

Comment 3

[Ryan Kelly [:rfkelly]]

Attachment: patch limiting wbo payload size

Patch attached. I've hard-coded the limit as a module-level constant since there's no obvious way to make it configurable.

Comment 4

[Ryan Kelly [:rfkelly]]

Attachment: patch limiting wbo payload size

Oops, telliott points out that the payload is unicode and we should limit based on the encoded size in bytes.  Patch updated accordingly.

Comment 5

[Toby Elliott [:telliott]]

Comment on attachment 584862 [details] [diff] [review]
patch limiting wbo payload size

Looks good.

Comment 6

[Ryan Kelly [:rfkelly]]

Committed in http://hg.mozilla.org/services/server-storage/rev/0960d2f60299

Comment 7

[James Bonacci [:jbonacci]]

QA to verify this ASAP.

Comment 8

[James Bonacci [:jbonacci]]

Basing my comments on :rfkelly Comment 6
syncstorage/tests/test_wbo.py
is now
syncstorage/tests/test_bso.py

syncstorage/wbo.py
is now
syncstorage/bso.py

Comment 9

[James Bonacci [:jbonacci]]

Code verified and passed functional tests of Sync 1.1 and 2.0 for a 4/23/2012 deploy to qa1.