Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Fixes issues with special characters in object name #2156

Merged
merged 25 commits into from
Aug 28, 2024

Conversation

tssweeney
Copy link
Collaborator

@tssweeney tssweeney commented Aug 16, 2024

Simplified version of #2145 that takes a different approach to fixing the problem by implementing constraints on the names rather than url encoding.

Allowed characters: \w._-

This PR does 3 things:

  1. Client:
    1. Sanitize object names when writing names
  2. Backend:
    1. Enforces a strict character subset on object names
    2. Simplified url quoting/unquoting of ref extras
  3. UI:
    1. Updates Browse3 to use decoded params from the URL, which avoids creating invalid refs on UI side.
    2. Correctly handles URL encoded ref extra parts.

The effective result of this is:

  1. (Client side) All updated clients will effectively never create an invalid object ever again
  2. (Backend) Even old clients will be denied the ability to make objects that are not valid
  3. (UI) Correctly reads/writes refs in the encoded format.

Deployment can be an any order, hence a common PR to centralize all these changes

@circle-job-mirror
Copy link

# Replaces any non-alphanumeric characters with a single dash and removes
# any leading or trailing dashes. This is more restrictive than the DB
# constraints and can be relaxed if needed.
res = re.sub(r"[._-]+", "-", re.sub(r"[^\w._]+", "-", name)).strip("-_")
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i am wondering if this will result in any changes to integration names?

@@ -57,7 +58,20 @@ def wb_run_id_validator(s: typing.Optional[str]) -> typing.Optional[str]:
return s


def _validate_object_name_charset(name: str) -> None:
# Object names must be alphanumeric with dashes
invalid_chars = re.findall(r"[^\w._-]", name)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is quite restrictive - could frustrate people?

@tssweeney tssweeney marked this pull request as ready for review August 17, 2024 00:40
@tssweeney tssweeney requested a review from a team as a code owner August 17, 2024 00:40
@@ -34,7 +34,7 @@ describe('parseRef', () => {
});
it('parses a ref with spaces in entity', () => {
const parsed = parseRef(
'weave:///Entity%20Name/project/object/artifact-name:artifactversion'
'weave:///Entity Name/project/object/artifact-name:artifactversion'
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was not a valid ref - in fact it was a bug in ref creation from Browse3

@@ -102,20 +102,6 @@ describe('parseRef', () => {
weaveKind: 'object',
});
});
it('parses a ref with escaped spaces in name and projectName', () => {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, not a valid ref

@gtarpenning
Copy link
Member

Attaching this ticket from triage to this pr, curly braces should be supported.

@tssweeney
Copy link
Collaborator Author

Attaching this ticket from triage to this pr, curly braces should be supported.

This PR should sanitize these away

weave/trace_server/refs_internal.py Show resolved Hide resolved
weave/trace_server/validation_util.py Show resolved Hide resolved
@tssweeney tssweeney merged commit b1a6d80 into master Aug 28, 2024
25 checks passed
@tssweeney tssweeney deleted the tim/object_name_sanitization branch August 28, 2024 02:23
@github-actions github-actions bot locked and limited conversation to collaborators Aug 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants