fix(pdk): use deep copies of Route, Service, and Consumer

objects when log serialize In the function of `kong.log.serialize`, the lifecycle of three table `ctx.route`, `ctx.service` and `ctx.authenticated_consumer` is across request. Modifying the sub-items in the current request of the table will affect the next request, resulting in unexpected behavior in Kong.
Kong · Sep 13, 2023 · 3b05274 · 3b05274
1 parent d4d547d
commit 3b05274
Show file tree

Hide file tree

Showing 3 changed files with 377 additions and 6 deletions.
diff --git a/kong/pdk/log.lua b/kong/pdk/log.lua
@@ -832,9 +832,9 @@ do
         },
         tries = (ctx.balancer_data or {}).tries,
         authenticated_entity = build_authenticated_entity(ctx),
-        route = ctx.route,
-        service = ctx.service,
-        consumer = ctx.authenticated_consumer,
+        route = utils.cycle_aware_deep_copy(ctx.route),
+        service = utils.cycle_aware_deep_copy(ctx.service),
+        consumer = utils.cycle_aware_deep_copy(ctx.authenticated_consumer),
         client_ip = var.remote_addr,
         started_at = okong.request.get_start_time(),
       }
@@ -873,9 +873,9 @@ do
         },
         tries = (ctx.balancer_data or {}).tries,
         authenticated_entity = build_authenticated_entity(ctx),
-        route = ctx.route,
-        service = ctx.service,
-        consumer = ctx.authenticated_consumer,
+        route = utils.cycle_aware_deep_copy(ctx.route),
+        service = utils.cycle_aware_deep_copy(ctx.service),
+        consumer = utils.cycle_aware_deep_copy(ctx.authenticated_consumer),
         client_ip = var.remote_addr,
         started_at = okong.request.get_start_time(),
       }

diff --git a/spec/01-unit/10-log_serializer_spec.lua b/spec/01-unit/10-log_serializer_spec.lua
@@ -186,6 +186,20 @@ describe("kong.log.serialize", function()
 
         assert.equal("/upstream_uri" .. "?" .. args, res.upstream_uri)
       end)
+
+      it("use the deep copies of the Route, Service, Consumer object avoid " .. 
+         "modify ctx.authenticated_consumer, ctx.route, ctx.service", function()
+        ngx.ctx.authenticated_consumer = {id = "someconsumer"}
+        ngx.ctx.route = { id = "my_route" }
+        ngx.ctx.service = { id = "my_service" }
+        local res = kong.log.serialize({ngx = ngx, kong = kong, })
+        assert.not_equal(tostring(ngx.ctx.authenticated_consumer),
+                         tostring(res.consumer))
+        assert.not_equal(tostring(ngx.ctx.route),
+                         tostring(res.route))
+        assert.not_equal(tostring(ngx.ctx.service),
+                         tostring(res.service))
+      end)
     end)
   end)
 
@@ -341,6 +355,20 @@ describe("kong.log.serialize", function()
 
         assert.is_nil(res.tries)
       end)
+
+      it("use the deep copies of the Route, Service, Consumer object avoid " .. 
+         "modify ctx.authenticated_consumer, ctx.route, ctx.service", function()
+        ngx.ctx.authenticated_consumer = {id = "someconsumer"}
+        ngx.ctx.route = { id = "my_route" }
+        ngx.ctx.service = { id = "my_service" }
+        local res = kong.log.serialize({ngx = ngx, kong = kong, })
+        assert.not_equal(tostring(ngx.ctx.authenticated_consumer),
+                         tostring(res.consumer))
+        assert.not_equal(tostring(ngx.ctx.route),
+                         tostring(res.route))
+        assert.not_equal(tostring(ngx.ctx.service),
+                         tostring(res.service))
+      end)
     end)
   end)
 end)