Skip to content

Commit

Permalink
rfc43: add constraint comparison limits
Browse files Browse the repository at this point in the history 
Problem: A caller has the ability to specify an unbounded sized
constraint object, which could serve as a denial of service (DoS)
attack on the job list service.

Add description of comparison limits for constraints.  By limiting
total number of "checks", we can bound constraints and their ability
to DoS the job list service.
  • Loading branch information
@chu11
chu11 committed Feb 2, 2024
1 parent 9734d88 commit 4710ac0
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
14 changes: 14 additions & 0 deletions spec_43.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,20 @@ Filter jobs that belong to userid 42 and were submitted after January 1, 2000.
{ "and": [ { "userid": [ 42 ] }, { "t_submit": [ ">946713600.0" ] } ] }
In order to limit the potential for a constraint to cause a denial of service (DoS) or long job list service hang, a comparison limit MAY be configured. Every "check" against a job is considered a comparison. In the last example above, the constraint is looking for all jobs belonging to userid 42 and submitted after January 1, 2000. It will consume at most 2 comparisons for each job. The ``userid`` check will always consume 1 comparison and the submission time will consume a comparison if the ``userid`` check passes.

After the maximum number of comparisons is consumed, an error SHALL be returned to the caller. The caller MAY decrease their search footprint by limiting their search using other inputs in the job list request or making tighter constraints. For example, take following two constraints:

.. code:: json
{ "and": [ { "queue": [ "foobar" ] }, { "userid": [ 42 ] } ] }
.. code:: json
{ "and": [ { "userid": [ 42 ] }, { "queue": [ "foobar" ] } ] }
In these examples the caller wants to filter jobs submitted to the queue foobar and submitted by userid 42. The only difference is the order of the checks. If "foobar" is the most common queue in the system (i.e. the check for queue "foobar" typically succeeds) and ``userid`` is not the most common user in the system (i.e. the check for userid "42" typically fails), the latter constraint consumes fewer comparisons.

List
====

Expand Down
1 change: 1 addition & 0 deletions spell.en.pws
View file
Original file line number Diff line number Diff line change
Expand Up @@ -488,3 +488,4 @@ waitstatus
userids
parsable
bitmasks
DoS

0 comments on commit 4710ac0

Please sign in to comment.