Introduce thread safety to SAML schema validation #175
Conversation
| @xml = Nokogiri::XML(document.to_s) | ||
|
|
||
| @schema.validate(@xml).map do |error| | ||
| return false if soft |
There was a problem hiding this comment.
This return will raise an error if soft. You should use break or next
There was a problem hiding this comment.
@daniel-g what error will this raise? If you check the previous line 20, it was doing exactly the same thing. The tests are also passing, so I'm hoping I can trust those.
My goal is not to change all the functionality, my goal is to solve the problem given the tools available.
There was a problem hiding this comment.
Hi @phlipper . In ruby 2.1.2:
2.1.2 :002 > [1, 2, 3, 4].map{|f| return(f) }
LocalJumpError: unexpected return
from (irb):2:in `block in irb_binding'
from (irb):2:in `map'
from (irb):2
in ruby 1.8.7:
[1, 2, 3, 4].map{|f| return(f) }
LocalJumpError: unexpected return
from (irb):1
from (irb):1:in `map'
from (irb):1
So I wonder how the tests still passed. What am I missing?
There was a problem hiding this comment.
I guess this shows there is some test coverage lacking somewhere.
phlipper
force-pushed
the
thread-safety
branch
from
d6cf6b8
to
90a9155
Compare
|
@daniel-g per your suggestions, I have updated the use of |
| SamlMessage.schema.validate(xml).map do |error| | ||
| break false if soft | ||
|
|
||
| validation_error("#{error.message}\n\n#{@xml.to_s}") |
|
other than my last comments, it looks good to me 👍 |
phlipper
force-pushed
the
thread-safety
branch
from
90a9155
to
ba1cdd8
Compare
|
@daniel-g good catch on the last typos. This PR should be good to go now. |
phlipper
force-pushed
the
thread-safety
branch
from
ba1cdd8
to
a3cc8bf
Compare
|
Wouldn't it make sense to not even change the directory and read the file relative to @schema ||= begin
path = File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'schemas', 'saml-schema-protocol-2.0.xsd'))
Nokogiri::XML::Schema(IO.read(path))
end |
|
@cgthornt the References: |
phlipper
force-pushed
the
thread-safety
branch
from
a3cc8bf
to
b90a1e5
Compare
|
@phlipper any chance you can rebase off We updated the test suite to use Minitest and I just want to ensure its all passing still before we merge. Thank you for this improvement! |
|
@Lordnibbler i have rebased on top of the latest master and tests are green. |
|
I'm 👍 on this but would love a simple unit test around this new |
|
@Lordnibbler what would you like to see for test coverage? I'm happy to add some, but there are no existing tests for the |
|
@phlipper We will make a followup issue to test the |
|
@cgthornt @pitbulk can you guys review? |
* per the references below, use of `Dir.chdir` is not thread-safe. this usage was causing exceptions to be raised when running on Puma and in other multi-threaded environments. * this patch also moves the schema read up to a class instance, as this data is static and does not need to be read every time an assertion is validated. this boosts performance, especially in environments with higher throughput. thanks to @dannyb for the assistance! References: * https://www.ruby-forum.com/topic/165079 * https://bugs.ruby-lang.org/issues/9785 * http://www.justskins.com/forums/working-directory-in-thread-42304.html * http://www.ruby-doc.org/core-2.1.5/Dir.html#method-c-chdir
phlipper
force-pushed
the
thread-safety
branch
from
b90a1e5
to
ea8e552
Compare
Introduce thread safety to SAML schema validation
|
Changes Unknown when pulling ea8e552 on phlipper:thread-safety into * on onelogin:master*. |
Per the references below, use of
Dir.chdiris not thread-safe. This usage was causing exceptions to be raised when running on Puma and in other multi-threaded environments.This patch also moves the schema read up to a class instance, as this data is static and does not need to be read every time an assertion is validated. This boosts performance, especially in environments with higher throughput.
Thanks to @dannyb for the assistance!
References: