fix(connections): drain password-source command output without a reader race#1841
Conversation
86d7dcf to
ae5a2ab
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 86d7dcfc42
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @testable import TablePro | ||
|
|
||
| @Suite("PasswordSourceResolver command output") | ||
| struct PasswordSourceResolverTests { |
There was a problem hiding this comment.
Rename duplicate test suite type
Because TableProTests is a file-system-synchronized target in TablePro.xcodeproj/project.pbxproj, this new file is compiled into the same test module as TableProTests/Core/Utilities/PasswordSourceResolverTests.swift, which already declares struct PasswordSourceResolverTests at line 11. Building the test target will therefore hit an invalid redeclaration; rename this suite or merge these tests into the existing suite.
Useful? React with 👍 / 👎.
* fix(plugin-mongodb): emit only JSON-valid numeric literals * refactor(plugin-mongodb): share JSON-number check and quote Int64-overflow integers * fix: drain password command pipes deterministically * fix(plugin-mongodb): quote non-finite numbers and keep decimal _id filters exact (#1813) * revert(connections): move password pipe-drain change to its own PR (#1841) * docs(changelog): put the MongoDB fix under Unreleased and note the plugin update --------- Signed-off-by: Ngô Quốc Đạt <datlechin@gmail.com> Co-authored-by: Ngo Quoc Dat <datlechin@gmail.com>
Summary
Splits the
PasswordSourceResolverchange out of #1813 (a MongoDB numeric-literal fix), where it was bundled without a description, test, or CHANGELOG entry.resolveCommandruns a shell command to fetch a connection password (used by command, 1Password, Vault, and AWS Secrets Manager sources) and reads its stdout/stderr. The old code drained the pipes withreadabilityHandler, then set the handlers toniland calledreadDataToEndOfFile()after the process exited. Setting areadabilityHandlertonildoes not wait for an in-flight handler block, so a handler could append a chunk afterreadDataToEndOfFile()had already appended the tail. The collector is lock-guarded, so bytes are not corrupted individually, but they can land out of order, which garbles the resolved password.Change
DispatchQueue, joined with aDispatchGroup. Each stream has a single reader, so appends stay in order, and the two streams drain in parallel so neither can block the other by filling its pipe buffer.outputTooLarge(and terminates the process), the 30s timeout still throwscommandTimedOut, and a non-zero exit still throwscommandFailedwith stderr.Tests
New
PasswordSourceResolverTests:outputTooLargecommandTimedOutemptyPasswordNotes
AppKit/subprocess: these tests spawn/bin/bash, which is what the resolver does in production (TablePro ships non-sandboxed with the hardened runtime).