Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ Switch RepoClient file access to io.ReadCloser #3912

Merged
merged 7 commits into from
Mar 5, 2024

Conversation

spencerschrock
Copy link
Member

What kind of change does this PR introduce?

breaking change

What is the current behavior?

Checks which deal with file content must work with the whole file contents. Some usages don't require any data, some require only the first line, others require 1 KiB. This is inefficient, and leads to crashes. (See #3831 (comment))

What is the new behavior (if this is a feature change)?**

  • Clients will provide an io.ReadCloser when accessing a file, so the callers can use as much or as little data as they need.

    • Existing callers of GetFileContent will use io.ReadAll to get the whole file contents, and then Close the Reader.
    • Individual uses can be migrated in follow-up PRs.
  • Cleaned up the tests to return io.ReadClosers.

    • For tests that had strings, this uses a strings/bytes Reader, and an io.NopCloser
    • For tests that previously opened and read files, the test now just opens the file.
  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Related to #3831, however follow-up PRs are needed to allow Binary-Artifacts and Pinned-Dependencies to take advantage of the io.Reader

Special notes for your reviewer

#3831 (comment) talks about a non-breaking way of doing this, but with V5 around the corner, breaking changes are fine.

This is simpler than maintaining two versions of the functions ([]byte and io.Reader versions)

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

File access through RepoClient now returns an io.ReadCloser, instead of the full file contents. This is a breaking change

callers don't always need the full file.
large files are slow and can cause crashes.

Signed-off-by: Spencer Schrock <[email protected]>
Previously they returned bytes or strings, which have corresponding NewReader types.
Since they don't need to be closed, io.NopCloser works well to give them a fake Close.

Signed-off-by: Spencer Schrock <[email protected]>
os.File fufills io.ReadCloser, so this is an easy change

Signed-off-by: Spencer Schrock <[email protected]>
The rest of the test was kept the same to minimize the change.

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Spencer Schrock <[email protected]>
Copy link

codecov bot commented Mar 4, 2024

Codecov Report

Merging #3912 (d5ab434) into main (90a3708) will decrease coverage by 4.62%.
The diff coverage is 62.00%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3912      +/-   ##
==========================================
- Coverage   75.12%   70.51%   -4.62%     
==========================================
  Files         234      234              
  Lines       15842    15857      +15     
==========================================
- Hits        11901    11181     -720     
- Misses       3183     3965     +782     
+ Partials      758      711      -47     

add check which ensures git client fulfills the interface

Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
Copy link
Member Author

/scdiff generate Fuzzing,Token-Permissions,Pinned-Dependencies,SAST,Security-Policy,Binary-Artifact,Dangerous-Workflow,Packaging

Copy link

github-actions bot commented Mar 4, 2024

@spencerschrock spencerschrock marked this pull request as ready for review March 4, 2024 19:13
@spencerschrock spencerschrock requested a review from a team as a code owner March 4, 2024 19:13
@spencerschrock spencerschrock requested review from raghavkaul and laurentsimon and removed request for a team March 4, 2024 19:13
@spencerschrock spencerschrock merged commit d55dbd1 into ossf:main Mar 5, 2024
37 of 38 checks passed
@spencerschrock spencerschrock deleted the getfile-readcloser branch March 5, 2024 01:37
fhoeborn pushed a commit to fhoeborn/scorecard that referenced this pull request Apr 1, 2024
* change file access method to io.ReadCloser

callers don't always need the full file.
large files are slow and can cause crashes.

Signed-off-by: Spencer Schrock <[email protected]>

* switch tests to hardcoded readers

Previously they returned bytes or strings, which have corresponding NewReader types.
Since they don't need to be closed, io.NopCloser works well to give them a fake Close.

Signed-off-by: Spencer Schrock <[email protected]>

* switch tests which called os.ReadFile to os.Open

os.File fufills io.ReadCloser, so this is an easy change

Signed-off-by: Spencer Schrock <[email protected]>

* break tarball tests into two steps: reader and read

The rest of the test was kept the same to minimize the change.

Signed-off-by: Spencer Schrock <[email protected]>

* ossfuzz doesn't implement GetFileReader

Signed-off-by: Spencer Schrock <[email protected]>

* appease linter during refactor

Signed-off-by: Spencer Schrock <[email protected]>

* switch git client to new method

add check which ensures git client fulfills the interface

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants