fix: handle SSL errors in client handler #551
+31
−1
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 2.0.16 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,28 @@ | ||
| defmodule Supavisor.ClientHandlerTest do | ||
| use ExUnit.Case, async: true | ||
| alias Supavisor.ClientHandler | ||
|
|
||
| test "handle ssl_error" do | ||
| sock = | ||
| {:sslsocket, | ||
| { | ||
| :gen_tcp, | ||
| :some_port, | ||
| :tls_connection, | ||
| [session_id_tracker: :some_pid] | ||
| }, [:some_pid]} | ||
|
|
||
| error = | ||
| {:ssl_error, sock, | ||
| { | ||
| :tls_alert, | ||
| {:user_canceled, | ||
| ~c"TLS server: In state connection received CLIENT ALERT: Fatal - User Canceled\n"} | ||
| }} | ||
|
|
||
| data = %{sock: {:ssl, sock}} | ||
|
|
||
| assert {:stop, {:shutdown, :ssl_error}} = | ||
| ClientHandler.handle_event(:info, error, nil, data) | ||
| end | ||
| end | ||
Unchanged files with check annotations Beta
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| defmodule Supavisor.E2ECase do | ||
|
Check warning on line 1 in test/support/e2e_case.ex
|
||
| use ExUnit.CaseTemplate | ||
| @repo Supavisor.Repo | ||
| end | ||
| def unboxed(fun) do | ||
| Ecto.Adapters.SQL.Sandbox.unboxed_run(@repo, fun) | ||
| end | ||
| def create_instance(external_id) do | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @spec validate_name(String.t()) :: boolean() | ||
| def validate_name(name) do | ||
| # 1-63 characters, starting with a lowercase letter or underscore, and containing only alphanumeric characters, underscores, dollar signs, and hyphens. Names with spaces or uppercase letters must be enclosed in double quotes. | ||
| String.length(name) <= 63 and | ||
| name =~ ~r/^(?:[a-z_][a-z0-9_$\- ]*|"[a-zA-Z0-9_$\- ]+")$/ and | ||
| name != ~s/""/ | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def application_name, do: @application_name | ||
| @spec terminate_message() :: binary | ||
| def terminate_message(), do: @terminate_message | ||
| end | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tenant = if data.proxy, do: Supavisor.tenant(data.id) | ||
| search_path = Supavisor.search_path(data.id) | ||
| case send_startup(sock, auth, tenant, search_path) do | ||
| :ok -> | ||
| :ok = activate(sock) | ||
| {:next_state, :authentication, %{data | sock: sock}} | ||
| HandlerHelpers.activate(data.sock) | ||
| {_, stats} = | ||
| if not data.proxy, | ||
| do: Telem.network_usage(:db, data.sock, data.id, data.stats), | ||
| else: {nil, data.stats} | ||
| HandlerHelpers.sock_send(data.client_sock, bin) | ||
| {_, client_stats} = | ||
| if not data.proxy, | ||
|
Check warning on line 316 in lib/supavisor/db_handler.ex
|
||
| do: Telem.network_usage(:client, data.client_sock, data.id, data.client_stats), | ||
| else: {nil, data.client_stats} | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if it is the proper way to test it. I do not even think that it is path that should be tested at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The client handler has many cases, and with this test, we can ensure that the function returns the proper response to incoming messages.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still think it is improper way to handle it. I will probably merge it, but I think that this test should be scrapped in favour of doing real TLS connection that is killed before finishing handshake or killing the connection without proper exit messages.