Skip to content

Commit

Permalink
rfc43: add constraint comparison limits
Browse files Browse the repository at this point in the history 
Problem: A caller has the ability to specify an unbounded sized
constraint object, which could serve as a denial of service (DoS)
attack on the job list service.

Add description of comparison limits for constraints.  By limiting
total number of "checks", we can bound constraints and their ability
to DoS the job list service.
  • Loading branch information
@chu11
chu11 committed Feb 1, 2024
1 parent 9734d88 commit fd98ae8
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions spec_43.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,20 @@ Filter jobs that belong to userid 42 and were submitted after January 1, 2000.
{ "and": [ { "userid": [ 42 ] }, { "t_submit": [ ">946713600.0" ] } ] }
In order to limit the potential for a constraint to cause a denial of service (DoS) or long job list service hang, the instance owner can configure a maximum number of *comparisons* a constraint can consume while filtering jobs. Every "check" against a job is considered a comparison. In the last example above, the constraint is looking for all jobs belonging to userid 42 and submitted after January 1, 2000. It will consume at most 2 *comparisons* for each job. The ``userid`` check will always consume 1 comparison and the submission time will consume a comparison if the ``userid`` check passes.

After the maximum number of *comparisons* is consumed, an error is returned to the caller. The caller can decrease their search footprint by limiting their search using other inputs in the job list request or making tighter constraints. For example, take following two constraints:

.. code:: json
{ "and": [ { "queue": [ "foobar" ] }, { "userid": [ 42 ] } ] }
.. code:: json
{ "and": [ { "userid": [ 42 ] }, { "queue": [ "foobar" ] } ] }
In these examples the caller wants to filter jobs submitted to the queue foobar and submitted by userid 42. The only difference is the order of the checks. If "foobar" is the most common queue in the system (i.e. the check for queue "foobar" typically succeeds) and ``userid`` is not the most common user in the system (i.e. the check for userid "42" typically fails), the latter constraint will consumes fewer comparisons.

List
====

Expand Down

0 comments on commit fd98ae8

Please sign in to comment.