From: "Morten Brørup" <mb@smartsharesystems.com>
To: "Bruce Richardson" <bruce.richardson@intel.com>
Cc: <dev@dpdk.org>, <ciara.power@intel.com>, <fengchengwen@huawei.com>
Subject: RE: [RFC PATCH 0/6] add json string escaping to telemetry
Date: Fri, 24 Jun 2022 11:12:05 +0200 [thread overview]
Message-ID: <98CBD80474FA8B44BF855DF32C47DC35D8716F@smartserver.smartshare.dk> (raw)
In-Reply-To: <YrVyRgsDUZvlaHIX@bricha3-MOBL.ger.corp.intel.com>
> From: Bruce Richardson [mailto:bruce.richardson@intel.com]
> Sent: Friday, 24 June 2022 10.14
>
> On Thu, Jun 23, 2022 at 09:04:31PM +0200, Morten Brørup wrote:
> > > From: Bruce Richardson [mailto:bruce.richardson@intel.com]
> > > Sent: Thursday, 23 June 2022 18.43
> > >
> > > This RFC shows one possible approach for escaping strings for the
> json
> > > output of telemetry library. For now this RFC supports escaping
> strings
> > > for the cases of returning a single string, or returning an array
> of
> > > strings. Not done is escaping of strings in objs/dicts [see more
> below
> > > on TODO]
> >
> > Very good initiative.
> >
> > >
> > > As well as telemetry lib changes, this patchset includes unit tests
> for
> > > the above and also little bit of cleanup to the json tests.
> > >
> > > TODO:
> > > Beyond what is here in this RFC:
> > >
> > > 1. we need to decide what to do about name/value pairs. Personally,
> I
> > > think we should add the restriction to the
> "rte_tel_data_add_obj_*"
> > > APIs
> > > to only allow a defined subset of characters in names: e.g.
> > > alphanumeric
> > > chars, underscore and dash. That means that we only need to
> escape
> > > the data part in the case of string returns.
> >
> > I agree about only allowing a subset of characters in names, so JSON
> (and other) encoding is not required.
> >
> > However, I think we should be less restrictive, and also allow
> characters commonly used for separation, indexing and wildcard, such as
> '/', '[', ']', and '*', '?' or '%'.
> >
> > Obviously, we should disallow characters requiring escaping in not
> just JSON, but also other foreseeable encodings and protocols. So
> please bring your crystal ball to the discussion. ;-)
> >
> Exactly why I am looking for feedback - and why I'm looking to have an
> explicit allowed list of characters rather than trying to just block
> the
> known-bad in json ones.
>
> For your suggestions: +1 to separators and indexing, i.e. '[', ']' and
> '/',
> though I would probably also add ',' and maybe '.' (unless it's likely
> to
> cause issues with some protocol we are likely to want to use).
After having slept on it, I think we should also allow characters that could appear in IP and MAC addresses, i.e. '.' and ':' (and '/' for subnetting).
> For the wildcarding, I find it hard to see why we would want those?
Initially, I thought a wildcard might be useful as a placeholder in templates.
But it might also be useful for partial IP or MAC addresses. E.g.:
- The SmartShare Systems OUI could be represented by the MAC address "00:1F:B4:??:??:??".
- A default gateway address in a template configuration could be "192.168.*.1".
On the other hand, wildcard characters could be disallowed or require escaping in other (non-JSON) protocols.
So I'm just being a bit creative here, throwing out ideas in our search for the right balance in the restrictions.
>
> The other advantage of using an allowlist of characters is that it
> makes it
> possible to expand over time, compared to a blocklist which always runs
> the
> risk of breaking something if you expand it. Therefore I suggest we
> keep
> the list as small as we need right now, and expand it only as we need.
+1
>
> > > 2. once agreed, need to implement a patch to escape strings in
> > > dicts/objs
> >
> > Yes.
> >
> > >
> > > 3. need to add a patch to escape the input command if it contains
> > > invalid chars
> >
> > What do you mean here? You mean unescape JSON encoded input (arriving
> on the JSON telemetry socket) to a proper binary string?
> >
>
> The thing with the telemetry socket interface right now is that the
> input
> requests are not-json. The reasons for that is that they be kept as
> simple
> as possible, and to avoid needing a full json parser inside DPDK.
> Therefore, the input sent by the user could contain invalid characters
> for
> json output so we need to:
> 1. Guarantee that no command registered with the telemetry library
> contains
> invalid json characters (though why someone would do so, I don't
> know!)
> 2. When we return the command back in the reply, properly escape any
> invalid characters in the error case.
>
> #1 is very important for sanity checking, but now that I think about it
> #2
> is probably optional, since if any user does start sending invalid
> garbage
> input that breaks their json parser on return, they are only hurting
> themselves and not affecting anything else on the system.
>
> > > 4. some small refactoring of the main telemetry.c json-encoding
> > > function may be possible.
> >
> > Perhaps.
> >
> I saw some options for cleanup when I was working on the code, so
> including
> this as a note-to-self as much as anything else for feedback. :-)
>
> /Bruce
next prev parent reply other threads:[~2022-06-24 9:12 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-23 16:42 Bruce Richardson
2022-06-23 16:42 ` [RFC PATCH 1/6] test/telemetry_json: print success or failure per subtest Bruce Richardson
2022-06-23 16:42 ` [RFC PATCH 2/6] telemetry: fix escaping of invalid json characters Bruce Richardson
2022-06-23 18:34 ` Morten Brørup
2022-06-23 18:39 ` Stephen Hemminger
2022-06-23 18:48 ` Morten Brørup
2022-06-24 8:00 ` Bruce Richardson
2022-06-24 11:16 ` Bruce Richardson
2022-06-24 11:29 ` Morten Brørup
2022-06-24 15:06 ` Stephen Hemminger
2022-06-24 8:03 ` Bruce Richardson
2022-06-23 16:42 ` [RFC PATCH 3/6] telemetry: use json string function for string outputs Bruce Richardson
2022-06-23 16:42 ` [RFC PATCH 4/6] test/telemetry_json: add test for string character escaping Bruce Richardson
2022-06-23 16:42 ` [RFC PATCH 5/6] telemetry: add escaping of strings in arrays Bruce Richardson
2022-06-23 16:42 ` [RFC PATCH 6/6] test/telemetry-json: add test case for escaping " Bruce Richardson
2022-06-23 19:04 ` [RFC PATCH 0/6] add json string escaping to telemetry Morten Brørup
2022-06-24 8:13 ` Bruce Richardson
2022-06-24 9:12 ` Morten Brørup [this message]
2022-06-24 9:17 ` Bruce Richardson
2022-06-24 10:22 ` Morten Brørup
2022-07-14 15:42 ` Morten Brørup
2022-07-25 16:38 ` Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 00/13] telemetry JSON escaping and other enhancements Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 01/13] test/telemetry_json: print success or failure per subtest Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 02/13] telemetry: fix escaping of invalid json characters Bruce Richardson
2022-07-26 18:25 ` Morten Brørup
2022-07-27 8:21 ` Bruce Richardson
2022-07-27 1:13 ` fengchengwen
2022-07-27 8:27 ` Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 03/13] test/telemetry_json: add test for string character escaping Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 04/13] telemetry: add escaping of strings in arrays Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 05/13] test/telemetry-json: add test for escaping " Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 06/13] telemetry: limit characters allowed in dictionary names Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 07/13] telemetry: add escaping of strings in dicts Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 08/13] test/telemetry_json: add test for string escaping in objects Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 09/13] telemetry: limit command characters Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 10/13] test/telemetry_data: refactor for maintainability Bruce Richardson
2022-08-23 12:33 ` Power, Ciara
2022-07-25 16:35 ` [PATCH v2 11/13] test/telemetry_data: add test cases for character escaping Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 12/13] telemetry: eliminate duplicate code for json output Bruce Richardson
2022-07-25 16:35 ` [PATCH v2 13/13] telemetry: make help command more helpful Bruce Richardson
2022-07-26 14:36 ` [PATCH v2 00/13] telemetry JSON escaping and other enhancements Morten Brørup
2022-07-27 1:51 ` fengchengwen
2022-07-27 9:12 ` Bruce Richardson
2022-07-27 9:49 ` Morten Brørup
2022-08-23 12:35 ` Power, Ciara
2022-09-09 9:35 ` [PATCH v3 " Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 01/13] telemetry: limit characters allowed in dictionary names Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 02/13] test/telemetry_json: print success or failure per subtest Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 03/13] telemetry: fix escaping of invalid json characters Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 04/13] test/telemetry_json: add test for string character escaping Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 05/13] telemetry: add escaping of strings in arrays Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 06/13] test/telemetry-json: add test for escaping " Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 07/13] telemetry: add escaping of strings in dicts Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 08/13] test/telemetry_json: add test for string escaping in objects Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 09/13] telemetry: limit command characters Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 10/13] test/telemetry_data: refactor for maintainability Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 11/13] test/telemetry_data: add test cases for character escaping Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 12/13] telemetry: eliminate duplicate code for json output Bruce Richardson
2022-09-09 9:35 ` [PATCH v3 13/13] telemetry: make help command more helpful Bruce Richardson
2022-09-13 0:35 ` [PATCH v3 00/13] telemetry JSON escaping and other enhancements fengchengwen
2022-09-26 11:52 ` David Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=98CBD80474FA8B44BF855DF32C47DC35D8716F@smartserver.smartshare.dk \
--to=mb@smartsharesystems.com \
--cc=bruce.richardson@intel.com \
--cc=ciara.power@intel.com \
--cc=dev@dpdk.org \
--cc=fengchengwen@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).