Increase server robustness on invalid underlying data#668
Conversation
🤖 Augment PR SummarySummary: Makes server actions fail with runtime errors (instead of debug-only asserts) when metapack/schema inputs are missing or malformed.
🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| // TODO: Cache this across runs? | ||
| const auto locations{sourcemeta::one::read_json(locations_path)}; | ||
| assert(locations.defines("static")); | ||
| if (!locations.defines("static")) { |
There was a problem hiding this comment.
sourcemeta::core::JSON::defines() asserts is_object(), so if locations isn’t an object this can still assert/UB (especially in release builds where assert is compiled out). If the goal is robustness on invalid data, consider guarding locations.is_object() (or using try_at) before calling defines/at.
Severity: high
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| const auto base_dialect_result{sourcemeta::core::to_base_dialect( | ||
| current_location.at("baseDialect").to_string())}; | ||
| assert(base_dialect_result.has_value()); | ||
| if (!base_dialect_result.has_value()) { |
There was a problem hiding this comment.
This has_value() check won’t help if malformed current_location causes current_location.at("baseDialect") (and later at("dialect")) to assert/UB before to_base_dialect() is called. If these fields can be missing/invalid, consider validating presence/type without at() first.
Severity: high
Other Locations
src/server/action_jsonschema_evaluate.h:103
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| static auto search(const std::filesystem::path &search_index, | ||
| const std::string_view query) -> sourcemeta::core::JSON { | ||
| assert(std::filesystem::exists(search_index)); | ||
| if (!std::filesystem::exists(search_index)) { |
There was a problem hiding this comment.
If this PR’s intent is to avoid debug-only enforcement, note the remaining assert(search_index.is_absolute()) below will be a no-op in release builds (potentially allowing unexpected relative paths). Consider making that invariant a runtime check too.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 3 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="src/server/action_schema_search.h">
<violation number="1" location="src/server/action_schema_search.h:25">
P2: The new runtime_error thrown here is uncaught in action_schema_search, so it falls back to dispatch’s generic handler and returns HTTP 405 "method-not-allowed" for missing/failed search indexes. That status is misleading for an internal/index error; handle the error locally and return an appropriate 404/500 response instead.</violation>
</file>
<file name="src/server/action_jsonschema_evaluate.h">
<violation number="1" location="src/server/action_jsonschema_evaluate.h:36">
P1: `JSON::defines()` internally asserts `is_object()`, so if the parsed `locations` value is not a JSON object (e.g., malformed file), this will still assert/UB before the `defines("static")` check can throw. Add a `locations.is_object()` guard before calling `defines()` to fully cover the robustness goal.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
jviotti
force-pushed
the
robust-handling
branch
from
8a5a4e6 to
2d2f1d7
Compare
1 participant
Signed-off-by: Juan Cruz Viotti jv@jviotti.com