Database lock backend should normalize the lock name [#2872276]

Problem/Motivation

It's currently pretty easy to break a request to acquire a lock with a long name when using the DatabaseLockBackend class. The database column has a max length of 255 but nothing at the application level enforces this. The database cache backend guards against this, the lock should too.

Proposed resolution

Do the same as the DatabaseBackend cache class, use a normalizeCid() method in the Lock backend itself so calls with a longer cid cannot break it.

Remaining tasks

Decide if we should:

- ~~Move the normalizeCid() functionality into a trait or something, so we can reuse it between cache backend and lock backend. Something in the database namespace could be useful.~~

User interface changes

N/A

API changes

N/A

Data model changes

N/A

Comment	File	Size	Author
#10	interdiff-2872276-10.txt	1.78 KB	damiankloip
#10	2872276-10.patch	3.72 KB	damiankloip
#10	8.4.x: PHP 5.6 & MySQL 5.5 21,923 pass
#2	2872276-tests-only-FAIL.patch	1.38 KB	damiankloip
#2	8.4.x: PHP 5.6 & MySQL 5.5 21,894 pass, 2 fail
#2	2872276.patch	3.71 KB	damiankloip
#2	8.4.x: PHP 5.6 & MySQL 5.5 21,896 pass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

24 April 2017 at 08:54

damiankloip created an issue. See original summary.

Comment #2

damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commented 24 April 2017 at 08:58

Issue summary:	View changes
Status:	Active	» Needs review

File	Size
2872276.patch	3.71 KB
8.4.x: PHP 5.6 & MySQL 5.5 21,896 pass
2872276-tests-only-FAIL.patch	1.38 KB
8.4.x: PHP 5.6 & MySQL 5.5 21,894 pass, 2 fail

EDIT: Yes - should have put the patch files the other way round.

Comment #3

24 April 2017 at 09:55

Status:

Needs review

» Needs work

The last submitted patch, 2: 2872276-tests-only-FAIL.patch, failed testing.

Comment #4

damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commented 24 April 2017 at 12:03

Status:

Needs work

» Needs review

Comment #5

dawehner

German

CreditAttribution: dawehner as a volunteer commented 24 April 2017 at 13:07

- Move the normalizeCid() functionality into a trait or something, so we can reuse it between cache backend and lock backend. Something in the database namespace could be useful.

IMHO sharing code is not a requirement here. Sharing code between arbitrary subsystems can lead to more harm than good on the longrun. Maybe its enough to have a @see there and call it a day.

Comment #6

dawehner

German

CreditAttribution: dawehner as a volunteer commented 24 April 2017 at 13:09

+++ b/core/lib/Drupal/Core/Lock/DatabaseLockBackend.php
@@ -204,6 +211,30 @@ protected function catchException(\Exception $e) {
+   * @param string $cid
+   *   The passed in cache ID.
...
+   * @return string
+   *   An ASCII-encoded cache ID that is at most 255 characters long.
...
+  protected function normalizeName($cid) {

Lier, this is not a cache id :)

+++ b/core/lib/Drupal/Core/Lock/DatabaseLockBackend.php
@@ -204,6 +211,30 @@ protected function catchException(\Exception $e) {
+    $cid_is_ascii = mb_check_encoding($cid, 'ASCII');

It is quite cool that we can use mb_ without worrying about it.

Comment #7

damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commented 24 April 2017 at 13:31

Yeah, that's a good point. I am fine with not coupling the two systems together with a shared method somewhere.

The mb_ usage is the same in the database backend. Do we require that PHP is compiled with mbstring or the extension is installed?

Comment #8

dawehner

German

CreditAttribution: dawehner as a volunteer commented 24 April 2017 at 18:42

The mb_ usage is the same in the database backend. Do we require that PHP is compiled with mbstring or the extension is installed?

Oh we have a wrapper in place in case its not actually available. This is some symfony package.

Comment #9

damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commented 24 April 2017 at 18:51

sweet deal. To be fair, I also prefixed it with 'decide if we should' :P

Comment #10

damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commented 24 April 2017 at 18:58

Issue summary:

View changes

File	Size
2872276-10.patch	3.72 KB
8.4.x: PHP 5.6 & MySQL 5.5 21,923 pass
interdiff-2872276-10.txt	1.78 KB

So that means we are done here?

Comment #11

damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commented 24 April 2017 at 19:00

Title:	Database lock backend should normalize cache IDs	» Database lock backend should normalize the lock name
Issue summary:	View changes

Comment #12

dawehner

German

CreditAttribution: dawehner as a volunteer commented 2 May 2017 at 18:56

Status:

Needs review

» Reviewed & tested by the community

I think personally we are good here. We discussed that sharing this code with the caching backend doesn't make much sense.

Comment #13

8 May 2017 at 15:52

catch committed f156c3d on 8.4.x

Issue #2872276 by damiankloip, dawehner: Database lock backend should...

Comment #14

catch

he/him

English

CreditAttribution: catch at Third and Grove commented 8 May 2017 at 15:53

Status:

Reviewed & tested by the community

» Fixed

Committed/pushed to 8.4.x, thanks!

Comment #15

22 May 2017 at 15:54

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Comment #16

hussainweb

English

CreditAttribution: hussainweb at Axelerant commented 12 September 2017 at 06:24

+++ b/core/tests/Drupal/KernelTests/Core/Lock/LockTest.php
@@ -47,6 +47,21 @@ public function testBackendLockRelease() {
+    // Test acquiring an releasing a lock with a long key (over 255 chars).

Huge nitpick: I'm just noting there's a typo here. It's definitely not worth reverting but if someone can just fix it in a commit against this issue, it is good enough.