-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate stream name parameters in JSContext methods. #379
Conversation
@mtmk PTAL. I would love som feedback on the ArgumentException(s) vs NatsJSApiException part 😄 |
internal static void ThrowIfInvalidStreamName([NotNull] string? name, [CallerArgumentExpression("name")] string? paramName = null) | ||
{ | ||
#if NET8_0_OR_GREATER | ||
ArgumentNullException.ThrowIfNullOrEmpty(name); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like net6 and net8 are going to return different messages when the empty.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mtmk for the empty exception, I took the string used in the framework, but you're right, running net with a localization pack, in that case the message would be localized in.net 8 but not in.net 6 because we have the string here. I'll see if I can come up with a better approach for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the name is empty wouldn't they throw totally different exception messages? net8 isn't going to have the custom message set in net6, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The message used for .net 6 Is copied from .net 8 framework messages, this is what .net 8 does But I should probably change it to use ArrgumentException.ThrowIfNullOrEmpty for .net 8, it's the same static though 😄
As a side note, I just tried using characters like \x7 \x8 \x9 \r\n
in different combinations when creating streams, and it gives all kinds of different behaviour , some ends with no response from server, others with the server creating the stream but silently removing the character, and in one case replacing it with an 'x' 😄 so we should probably consider making all the characters below '\1F' "illegal" as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've aligned .net 6 and 8.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The message used for .net 6 Is copied from .net 8 framework messages, this is what .net 8 does But I should probably change it to use ArrgumentException.ThrowIfNullOrEmpty for .net 8, it's the same static though 😄
ah nice! didn't realise that
As a side note, I just tried using characters like
\x7 \x8 \x9 \r\n
in different combinations when creating streams, and it gives all kinds of different behaviour , some ends with no response from server, others with the server creating the stream but silently removing the character, and in one case replacing it with an 'x' 😄 so we should probably consider making all the characters below '\1F' "illegal" as well.
What about 'space'? Is the server replacing that with 'x'? Maybe we should stick to minimal checks as someone might be relying on the current behaviour somehow 😅
Edit: I just saw you comment below about server not responding. Which characters did you find to do that? I wonder if that'd be a server bug?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One example, create a stream ending with crlr: ABCDEF\r\n
then you'll get a NATS.Client.JetStream.NatsJSApiNoResponseException: No API response received from the server
I'm not sure, but my gut feeling is that it's not a server bug.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
btw, as mentioned in the issue, docs says:
Names cannot contain whitespace, ., *, >, path separators (forward or backwards slash), and non-printable characters.
https://docs.nats.io/nats-concepts/jetstream/streams#configuration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, should we check for them or just go for what we have now ?
I'm fine either way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm leaning towards less validation (i.e. leave as it is) even though server not responding in some cases is not dev friendly, they should be very rare. cc @Jarema
Yea it looks good I think (only had one minor comment). Do you think we shouldn't use ArgumentExceptions? |
I meant the difference in exceptions that we will get, ' ' and '.' will throw argument exceptions because we validate them, any other invalid characters will be handled by the server, and will be a nats js api exception. Looking at the different client implememtations there's is no common way, java does a lot client side, go does not 😄 |
We should probably go with Go 😃 Server seems to check a few more So, I guess if we stick to the same way of thinking (i.e. client only checks for most common errors) what you're checking (space and '.') covers the most common mistakes, I'd say. |
Yeah we could do that, but the client will end up with "no response from server" in some cases if we don't check, see the side note here: #379 (comment) |
cb75ff1
to
916072a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM thanks @niklasfp 💯 🥇
This pr adds validation of stream names in the JS context.
The validation checks for:
' ', and '.'
if any of these characters are present in the stream name, anArgumentException
will be thrown. This at least gets us past theNo API response received from the server
error, but it still leaves us with the fact that we'll leave it up to the server to validate the rest of the invalid characters like specified in the docsSo in the situation where we have a stream name NOT containing
' ', or '.'
but having one of the other illegal ones, e.g.'>'
, it will throw an exception like this:In essence that means that some invalid stream names will throw
ArgumentException(s)
, others (server validated) will throwNatsJSApiException
.Oh and I've added
.DS_Store
to .gitignore, it's a folder attribute file that MacOS adds all over the place 😄Fixes #357