Thread: [SQL-CVS] [ sqlobject-Bugs-1898977 ] picklecol truncates/corrupts data dangerously
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
From: SourceForge.net <no...@so...> - 2008-02-21 18:00:09
|
Bugs item #1898977, was opened at 2008-02-21 10:00 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Derek Anderson (rantenki) Assigned to: Nobody/Anonymous (nobody) Summary: picklecol truncates/corrupts data dangerously Initial Comment: When a picklecol is created, it defaults to a tinyblob. This in itself is probably a good behavior, but when combined with the failure mode of writing too much data, it can be dangerous. For example: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=False,notNone=True) data = PickleCol(title="data",dbName="data",default={},length=2**24) }}} If you write "X"*257 to the data field, it will overflow with a "truncated" error, but that leaves the data in a corrupted state, and an exception is thrown when trying to read the user row. A better solution would be to throw the error, but to not store the data, preventing the exception, and leaving the user data in a usable state. Note: This leaves a Turbogears user in an unusable state, and could lead to a DOS attack. Obviously my obligation is to test for this kind of thing, but it is the ideal behind the SQLO ORM to prevent db based failures by default, so... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 |
From: SourceForge.net <no...@so...> - 2008-02-21 18:17:42
|
Bugs item #1898977, was opened at 2008-02-21 10:00 Message generated for change (Comment added) made by rantenki You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Derek Anderson (rantenki) Assigned to: Nobody/Anonymous (nobody) Summary: picklecol truncates/corrupts data dangerously Initial Comment: When a picklecol is created, it defaults to a tinyblob. This in itself is probably a good behavior, but when combined with the failure mode of writing too much data, it can be dangerous. For example: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=False,notNone=True) data = PickleCol(title="data",dbName="data",default={},length=2**24) }}} If you write "X"*257 to the data field, it will overflow with a "truncated" error, but that leaves the data in a corrupted state, and an exception is thrown when trying to read the user row. A better solution would be to throw the error, but to not store the data, preventing the exception, and leaving the user data in a usable state. Note: This leaves a Turbogears user in an unusable state, and could lead to a DOS attack. Obviously my obligation is to test for this kind of thing, but it is the ideal behind the SQLO ORM to prevent db based failures by default, so... ---------------------------------------------------------------------- >Comment By: Derek Anderson (rantenki) Date: 2008-02-21 10:17 Message: Logged In: YES user_id=1499846 Originator: YES !NOTE! Sorry. I should mention that this bug has a length set. The bug only occurs if that length=2**24 keyword is not passed.. Code should have read: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=Fals e,notNone=True) data = PickleCol(title="data",dbName="data",default={}) }}} ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 |
From: SourceForge.net <no...@so...> - 2008-02-21 19:15:23
|
Bugs item #1898977, was opened at 2008-02-21 21:00 Message generated for change (Comment added) made by phd You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Derek Anderson (rantenki) Assigned to: Nobody/Anonymous (nobody) Summary: picklecol truncates/corrupts data dangerously Initial Comment: When a picklecol is created, it defaults to a tinyblob. This in itself is probably a good behavior, but when combined with the failure mode of writing too much data, it can be dangerous. For example: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=False,notNone=True) data = PickleCol(title="data",dbName="data",default={},length=2**24) }}} If you write "X"*257 to the data field, it will overflow with a "truncated" error, but that leaves the data in a corrupted state, and an exception is thrown when trying to read the user row. A better solution would be to throw the error, but to not store the data, preventing the exception, and leaving the user data in a usable state. Note: This leaves a Turbogears user in an unusable state, and could lead to a DOS attack. Obviously my obligation is to test for this kind of thing, but it is the ideal behind the SQLO ORM to prevent db based failures by default, so... ---------------------------------------------------------------------- >Comment By: Oleg Broytmann (phd) Date: 2008-02-21 22:15 Message: Logged In: YES user_id=4799 Originator: NO >From the word "tinyblob" I can guess you use MySQL. It is MySQL that throughs the "overflow" error, far outside of PickleCol. Hence SQLObject cannot "not store the data" - the data has already been sent to MySQL. ---------------------------------------------------------------------- Comment By: Derek Anderson (rantenki) Date: 2008-02-21 21:17 Message: Logged In: YES user_id=1499846 Originator: YES !NOTE! Sorry. I should mention that this bug has a length set. The bug only occurs if that length=2**24 keyword is not passed.. Code should have read: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=Fals e,notNone=True) data = PickleCol(title="data",dbName="data",default={}) }}} ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 |
From: SourceForge.net <no...@so...> - 2008-02-21 19:15:47
|
Bugs item #1898977, was opened at 2008-02-21 21:00 Message generated for change (Comment added) made by phd You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Derek Anderson (rantenki) Assigned to: Nobody/Anonymous (nobody) Summary: picklecol truncates/corrupts data dangerously Initial Comment: When a picklecol is created, it defaults to a tinyblob. This in itself is probably a good behavior, but when combined with the failure mode of writing too much data, it can be dangerous. For example: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=False,notNone=True) data = PickleCol(title="data",dbName="data",default={},length=2**24) }}} If you write "X"*257 to the data field, it will overflow with a "truncated" error, but that leaves the data in a corrupted state, and an exception is thrown when trying to read the user row. A better solution would be to throw the error, but to not store the data, preventing the exception, and leaving the user data in a usable state. Note: This leaves a Turbogears user in an unusable state, and could lead to a DOS attack. Obviously my obligation is to test for this kind of thing, but it is the ideal behind the SQLO ORM to prevent db based failures by default, so... ---------------------------------------------------------------------- >Comment By: Oleg Broytmann (phd) Date: 2008-02-21 22:15 Message: Logged In: YES user_id=4799 Originator: NO >From the word "tinyblob" I can guess you use MySQL. It is MySQL that throughs the "overflow" error, far outside of PickleCol. Hence SQLObject cannot "not store the data" - the data has already been sent to MySQL. ---------------------------------------------------------------------- Comment By: Oleg Broytmann (phd) Date: 2008-02-21 22:15 Message: Logged In: YES user_id=4799 Originator: NO >From the word "tinyblob" I can guess you use MySQL. It is MySQL that throughs the "overflow" error, far outside of PickleCol. Hence SQLObject cannot "not store the data" - the data has already been sent to MySQL. ---------------------------------------------------------------------- Comment By: Derek Anderson (rantenki) Date: 2008-02-21 21:17 Message: Logged In: YES user_id=1499846 Originator: YES !NOTE! Sorry. I should mention that this bug has a length set. The bug only occurs if that length=2**24 keyword is not passed.. Code should have read: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=Fals e,notNone=True) data = PickleCol(title="data",dbName="data",default={}) }}} ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 |
From: SourceForge.net <no...@so...> - 2008-02-21 23:59:57
|
Bugs item #1898977, was opened at 2008-02-21 10:00 Message generated for change (Comment added) made by rantenki You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Derek Anderson (rantenki) Assigned to: Nobody/Anonymous (nobody) Summary: picklecol truncates/corrupts data dangerously Initial Comment: When a picklecol is created, it defaults to a tinyblob. This in itself is probably a good behavior, but when combined with the failure mode of writing too much data, it can be dangerous. For example: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=False,notNone=True) data = PickleCol(title="data",dbName="data",default={},length=2**24) }}} If you write "X"*257 to the data field, it will overflow with a "truncated" error, but that leaves the data in a corrupted state, and an exception is thrown when trying to read the user row. A better solution would be to throw the error, but to not store the data, preventing the exception, and leaving the user data in a usable state. Note: This leaves a Turbogears user in an unusable state, and could lead to a DOS attack. Obviously my obligation is to test for this kind of thing, but it is the ideal behind the SQLO ORM to prevent db based failures by default, so... ---------------------------------------------------------------------- >Comment By: Derek Anderson (rantenki) Date: 2008-02-21 15:59 Message: Logged In: YES user_id=1499846 Originator: YES True; I do use MySQL, however, SQLObject makes the decision to use TinyBlob, not me. I have remedied that in my code obviously, but since SQLObject chooses tinyblob, and yet does not seem to be cognizant of the length of TinyBlob when doing a write to it, should not the MySQL SQLObject connector do a if len(pickledOutput)>256: raise ExceptionBeforeStoring ? Either that, or the more elegant solution of defaulting to either MediumBlob or LargeBlob (Medium is probably ample for most jobs). I think tinyblob is probably a little small; most times you need to use pickle will potentially involve more than 256 characters, I think. Other than that, btw; great work on SQLO. ---------------------------------------------------------------------- Comment By: Oleg Broytmann (phd) Date: 2008-02-21 11:15 Message: Logged In: YES user_id=4799 Originator: NO >From the word "tinyblob" I can guess you use MySQL. It is MySQL that throughs the "overflow" error, far outside of PickleCol. Hence SQLObject cannot "not store the data" - the data has already been sent to MySQL. ---------------------------------------------------------------------- Comment By: Oleg Broytmann (phd) Date: 2008-02-21 11:15 Message: Logged In: YES user_id=4799 Originator: NO >From the word "tinyblob" I can guess you use MySQL. It is MySQL that throughs the "overflow" error, far outside of PickleCol. Hence SQLObject cannot "not store the data" - the data has already been sent to MySQL. ---------------------------------------------------------------------- Comment By: Derek Anderson (rantenki) Date: 2008-02-21 10:17 Message: Logged In: YES user_id=1499846 Originator: YES !NOTE! Sorry. I should mention that this bug has a length set. The bug only occurs if that length=2**24 keyword is not passed.. Code should have read: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=Fals e,notNone=True) data = PickleCol(title="data",dbName="data",default={}) }}} ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 |
From: SourceForge.net <no...@so...> - 2008-03-07 16:16:08
|
Bugs item #1898977, was opened at 2008-02-21 21:00 Message generated for change (Settings changed) made by phd You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. >Category: MySQL Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Derek Anderson (rantenki) >Assigned to: Oleg Broytmann (phd) Summary: picklecol truncates/corrupts data dangerously Initial Comment: When a picklecol is created, it defaults to a tinyblob. This in itself is probably a good behavior, but when combined with the failure mode of writing too much data, it can be dangerous. For example: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=False,notNone=True) data = PickleCol(title="data",dbName="data",default={},length=2**24) }}} If you write "X"*257 to the data field, it will overflow with a "truncated" error, but that leaves the data in a corrupted state, and an exception is thrown when trying to read the user row. A better solution would be to throw the error, but to not store the data, preventing the exception, and leaving the user data in a usable state. Note: This leaves a Turbogears user in an unusable state, and could lead to a DOS attack. Obviously my obligation is to test for this kind of thing, but it is the ideal behind the SQLO ORM to prevent db based failures by default, so... ---------------------------------------------------------------------- >Comment By: Oleg Broytmann (phd) Date: 2008-03-07 19:16 Message: Logged In: YES user_id=4799 Originator: NO Under MySQL, PickleCol no longer uses TEXT column types; the smallest column is now BLOB - it is not possible to create TINYBLOB column. Committed in the revisions 3307, 3308 (0.10 branch and the trunk). Thank you! ---------------------------------------------------------------------- Comment By: Derek Anderson (rantenki) Date: 2008-02-22 02:59 Message: Logged In: YES user_id=1499846 Originator: YES True; I do use MySQL, however, SQLObject makes the decision to use TinyBlob, not me. I have remedied that in my code obviously, but since SQLObject chooses tinyblob, and yet does not seem to be cognizant of the length of TinyBlob when doing a write to it, should not the MySQL SQLObject connector do a if len(pickledOutput)>256: raise ExceptionBeforeStoring ? Either that, or the more elegant solution of defaulting to either MediumBlob or LargeBlob (Medium is probably ample for most jobs). I think tinyblob is probably a little small; most times you need to use pickle will potentially involve more than 256 characters, I think. Other than that, btw; great work on SQLO. ---------------------------------------------------------------------- Comment By: Oleg Broytmann (phd) Date: 2008-02-21 22:15 Message: Logged In: YES user_id=4799 Originator: NO >From the word "tinyblob" I can guess you use MySQL. It is MySQL that throughs the "overflow" error, far outside of PickleCol. Hence SQLObject cannot "not store the data" - the data has already been sent to MySQL. ---------------------------------------------------------------------- Comment By: Oleg Broytmann (phd) Date: 2008-02-21 22:15 Message: Logged In: YES user_id=4799 Originator: NO >From the word "tinyblob" I can guess you use MySQL. It is MySQL that throughs the "overflow" error, far outside of PickleCol. Hence SQLObject cannot "not store the data" - the data has already been sent to MySQL. ---------------------------------------------------------------------- Comment By: Derek Anderson (rantenki) Date: 2008-02-21 21:17 Message: Logged In: YES user_id=1499846 Originator: YES !NOTE! Sorry. I should mention that this bug has a length set. The bug only occurs if that length=2**24 keyword is not passed.. Code should have read: {{{ class enomalism_user(TG_User,permissions_mixin): class sqlmeta: table = 'enomalism_user' idName = 'id' uuid = StringCol(length=36,alternateID=True,alternateMethodName='by_uuid',\ default=gen_uuid) lang_pref = StringCol(length=16,varchar=True,alternateID=False,default="en",unique=Fals e,notNone=True) data = PickleCol(title="data",dbName="data",default={}) }}} ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=540672&aid=1898977&group_id=74338 |