Skip to content

Commit

Permalink
fix: add width limit when expanding subject-sets in checks (#1433)
Browse files Browse the repository at this point in the history
This change limits the max width that can be expanded during checks. An integration that runs into this limit would previously likely have timed out. A correct integration should not run into this limit.
  • Loading branch information
hperl authored Sep 22, 2023
1 parent 1e34dfc commit f1317da
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 6 deletions.
8 changes: 8 additions & 0 deletions embedx/config.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,14 @@
"description": "The global maximum depth on all read operations. Note that this does not affect how deeply nested the tuples can be. This value can be decreased for a request by a value specified on the request, only if the request-specific value is greater than 1 and less than the global maximum depth.",
"minimum": 1,
"maximum": 65535
},
"max_read_width": {
"type": "integer",
"default": 100,
"title": "Global maximum read width",
"description": "The global maximum width on all read operations. Note that this does not affect how deeply nested the tuples can be. This value can be decreased for a request by a value specified on the request, only if the request-specific value is greater than 1 and less than the global maximum width.",
"minimum": 1,
"maximum": 65535
}
},
"additionalProperties": false
Expand Down
15 changes: 13 additions & 2 deletions internal/check/engine.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ package check
import (
"context"

"github.com/ory/herodot"
"github.com/ory/x/otelx"
"github.com/pkg/errors"
"go.opentelemetry.io/otel/trace"

"github.com/ory/herodot"
"github.com/ory/x/otelx"

"github.com/ory/keto/x/events"

"github.com/ory/keto/internal/check/checkgroup"
Expand Down Expand Up @@ -137,6 +138,16 @@ func (e *Engine) checkExpandSubject(r *relationTuple, restDepth int) checkgroup.
}

// If not, we must go another hop:
maxWidth := e.d.Config(ctx).MaxReadWidth()
if len(results) > maxWidth {
e.d.Logger().
WithField("method", "checkExpandSubject").
WithField("request", r.String()).
WithField("max_width", maxWidth).
WithField("results", len(results)).
Debug("too many results, truncating")
results = results[:maxWidth-1]
}
for _, result := range results {
sub := &relationtuple.SubjectSet{
Namespace: result.To.Namespace,
Expand Down
14 changes: 10 additions & 4 deletions internal/driver/config/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,23 @@ import (
"fmt"
"sync"

"go.opentelemetry.io/otel/trace"

"github.com/ory/x/fetcher"
"github.com/ory/x/httpx"
"go.opentelemetry.io/otel/trace"

"github.com/ory/keto/embedx"

"github.com/pkg/errors"
"github.com/rs/cors"
"github.com/spf13/pflag"

"github.com/ory/herodot"
_ "github.com/ory/jsonschema/v3/httploader"
"github.com/ory/x/configx"
"github.com/ory/x/logrusx"
"github.com/ory/x/otelx"
"github.com/ory/x/watcherx"
"github.com/pkg/errors"
"github.com/rs/cors"
"github.com/spf13/pflag"

"github.com/ory/keto/internal/namespace"
)
Expand All @@ -40,6 +42,7 @@ const (
KeyDSN = "dsn"

KeyLimitMaxReadDepth = "limit.max_read_depth"
KeyLimitMaxReadWidth = "limit.max_read_width"

KeyReadAPIHost = "serve." + string(EndpointRead) + ".host"
KeyReadAPIPort = "serve." + string(EndpointRead) + ".port"
Expand Down Expand Up @@ -181,6 +184,9 @@ func (k *Config) OPLSyntaxAPIListenOn() string { return k.addressFor(EndpointOPL
func (k *Config) MaxReadDepth() int {
return k.p.Int(KeyLimitMaxReadDepth)
}
func (k *Config) MaxReadWidth() int {
return k.p.Int(KeyLimitMaxReadWidth)
}

func (k *Config) CORS(iface string) (cors.Options, bool) {
switch iface {
Expand Down

0 comments on commit f1317da

Please sign in to comment.