Skip to content

Commit

Permalink
frontend: fix the 500 for racy creation attempts
Browse files Browse the repository at this point in the history
This is TOCTOU issue.  The other checks for duplications (on so many
places) seem kinda redundant because nothing but try/except for commit()
may catch these concurrency problems.

Fixes: #3372
  • Loading branch information
praiskup committed Sep 20, 2024
1 parent 6aeb686 commit b7cee48
Showing 1 changed file with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions frontend/coprs_frontend/coprs/views/apiv3_ns/apiv3_projects.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import flask

from flask_restx import Namespace, Resource
from sqlalchemy.exc import IntegrityError

from coprs.views.apiv3_ns import (
get_copr,
Expand All @@ -15,7 +16,7 @@
editable_copr,
)
from coprs.views.apiv3_ns.json2form import get_form_compatible_data, get_input_dict
from coprs import db, models, forms, db_session_scope
from coprs import app, db, models, forms, db_session_scope
from coprs.views.misc import api_login_required
from coprs.views.apiv3_ns import rename_fields_helper, api, query_to_parameters
from coprs.views.apiv3_ns.schema.schemas import (
Expand All @@ -29,6 +30,7 @@
project_params,
pagination_params,
)

from coprs.views.apiv3_ns.schema.docs import query_docs
from coprs.logic.actions_logic import ActionsLogic
from coprs.logic.coprs_logic import CoprsLogic, CoprChrootsLogic, MockChrootsLogic
Expand Down Expand Up @@ -228,13 +230,14 @@ def post(self, ownername, exist_ok=False):
if form.bootstrap.data is not None:
bootstrap = form.bootstrap.data

projectname = form.name.data.strip()
try:

def _form_field_repos(form_field):
return " ".join(form_field.data.split())

copr = CoprsLogic.add(
name=form.name.data.strip(),
name=projectname,
repos=_form_field_repos(form.repos),
user=user,
selected_chroots=form.selected_chroots,
Expand Down Expand Up @@ -265,6 +268,18 @@ def _form_field_repos(form_field):
storage=form.storage.data,
)
db.session.commit()
except (
IntegrityError,
):
app.log.debug("Racy attempt to create %s/%s", ownername, projectname)
db.session.rollback()
if exist_ok:
copr = get_copr(ownername, projectname)
return to_dict(copr)
raise DuplicateException(

Check warning

Code scanning / vcs-diff-lint

ProjectAdd.post: Consider explicitly re-raising using 'except IntegrityError as exc' and 'raise DuplicateException(f"Copr '{ownername}/{projectname}' has not been created (race condition)") from exc' Warning

ProjectAdd.post: Consider explicitly re-raising using 'except IntegrityError as exc' and 'raise DuplicateException(f"Copr '{ownername}/{projectname}' has not been created (race condition)") from exc'
f"Copr '{ownername}/{projectname}' has not been created "
"(race condition)"
)
except (
DuplicateException,
NonAdminCannotCreatePersistentProject,
Expand Down

0 comments on commit b7cee48

Please sign in to comment.