Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cache: Add in ExpirationTime to local caches. #46

Merged
merged 3 commits into from
Apr 13, 2018
Merged

cache: Add in ExpirationTime to local caches. #46

merged 3 commits into from
Apr 13, 2018

Conversation

ewmson
Copy link
Contributor

@ewmson ewmson commented Apr 11, 2018

Problem:
After a regex has been rescanned #45 the local client will still have the old result cached.
This means a user who had previously received the result will never hit the server again and see the updated case.

Solution:
Add an expiration time to the cached values that will require the server to be queried again once the time in the cache has exceeded this time. This should be configurable based on the needs of the client.

Fixes: #44

@ewmson
Add in an expiration time to the cached responses.
7d32898 
This field allows entries to expire from the cache in the case that the detectors are improved or there was a bug in the classification.

The parameter is configurable and users desiring the old behavior can set their expiration time to be a large value.
@ewmson
Copy link
Contributor Author

ewmson commented Apr 11, 2018

@davisjam We should have a discussion on what we want the cache invalidation tests to look like.

One idea is to create a special directory with the invalidation tests that we clear after every cache invalidation test.

davisjam
davisjam requested changes Apr 12, 2018
View reviewed changes
Copy link
Owner

@davisjam davisjam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great PR, thank you. Just a few nits, mostly const and variable names.

src/cache/client/npm/test/test.js Outdated
},
cache: {
type: vulnRegexDetector.cacheTypes.persistent,
expirationTime: -1
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest you declare a cacheConfig variable at the top of the function and use it here and above.

src/cache/client/npm/test/test.js Outdated
hostname: 'no such host',
port: 1
},
cache: {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactor into a cacheConfig as in persistent case.

src/cache/client/npm/vuln-regex-detector-client.js Outdated
@@ -47,7 +47,8 @@ const defaultServerConfig = {

const defaultCacheConfig = {
type: CACHE_TYPES.persistent,
persistentDir: path.join(os.tmpdir(), 'vuln-regex-detector-client-persistentCache')
persistentDir: path.join(os.tmpdir(), 'vuln-regex-detector-client-persistentCache'),
expirationTime: 60 * 60 * 24 * 7 // 7 days
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change comment to // 7 days in seconds

src/cache/client/npm/vuln-regex-detector-client.js Outdated
@@ -341,8 +347,19 @@ function updateCache (config, pattern, response) {
if (!useCache(config)) {
return;
}
/* Only cache VULNERABLE|SAFE responses. */
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a newline before and after this block.

src/cache/client/npm/vuln-regex-detector-client.js Outdated
@@ -351,15 +368,20 @@ function checkCache (config, pattern) {
return RESPONSE_UNKNOWN;
}

return kvGet(config, pattern);
let valueRetrieved = kvGet(config, pattern);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Declare these variables const

src/cache/client/npm/vuln-regex-detector-client.js Outdated
return;
}
/* This entry will expire config.expirationTime seconds from now. */
let expirationTimeInMilliseconds = 1000 * config.cache.expirationTime;
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Declare these variables const

src/cache/client/npm/vuln-regex-detector-client.js Outdated
}
/* Check if the cache entry has expired. */
let lastValidDate = new Date(valueRetrieved.validUntil);
if (Date.now() > lastValidDate) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer to write comparisons as smaller < larger.

src/cache/client/npm/vuln-regex-detector-client.js Outdated
/* Check if the cache entry has expired. */
let lastValidDate = new Date(valueRetrieved.validUntil);
if (Date.now() > lastValidDate) {
/* The entry in the cache has expired. */
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For consistency, The cache entry has expired.

src/cache/client/npm/vuln-regex-detector-client.js Outdated
@@ -418,7 +440,7 @@ function kvPersistentFname (config, key) {
* Using a hash might give us false reports on collisions, but this is
* exceedingly unlikely in typical use cases (a few hundred regexes tops). */
const hash = crypto.createHash('md5').update(key).digest('hex');
const fname = path.join(config.cache.persistentDir, `${hash}.json`);
const fname = path.join(config.cache.persistentDir, `${hash}-v2.json`);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think we should the number "2" a global CACHE_VERSION variable? Then a comment on that variable can indicate history better.

@davisjam
Copy link
Owner

@ewmson

We should have a discussion on what we want the cache invalidation tests to look like.

Cache invalidation -> cache expiration time?

Agreed that you shouldn't use the default persistentDir because of the risk of collisions with cached user queries that have larger expiration times. How about path.join(os.tmpdir(), 'vuln-regex-detector-TEST-cache-expiration-time')?

@davisjam
Copy link
Owner

@ewmson Can you update the README with the new config option?

@ewmson
Address review comments.
88942a1 
1.) Adding const
2.) Refactoring out a CACHE_VERSION
3.) Adding documentation to README
4.) Adding a special dir for the cache invalidation tests that is purged after each test.
@ewmson
Remove roll-your-own rm -r code in favor of the remove.removeSync c…
61dd47b 
…all from an already imported npm module.
davisjam
davisjam approved these changes Apr 13, 2018
View reviewed changes
Copy link
Owner

@davisjam davisjam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@davisjam davisjam merged commit 92f2ab4 into davisjam:master Apr 13, 2018
@davisjam davisjam mentioned this pull request May 1, 2018
Merged
6 tasks
jamesdonoh pushed a commit to jamesdonoh/vuln-regex-detector that referenced this pull request Feb 13, 2019
@davisjam
Merge pull request davisjam#46 from ewmson/CacheExpiration
6162706 
cache: Add in ExpirationTime to local caches.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davisjam davisjam davisjam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ewmson @davisjam