c87d6407ed
In this patch we replace every single use of SCYLLA_ASSERT() in the cql3/ directory by throwing_assert(). The problem with SCYLLA_ASSERT() is that when it fails, it crashes Scylla. This is almost always a bad idea (see #7871 discussing why), but it's even riskier in front-end code like cql3/: In front-end code, there is a risk that due to a bug in our code, a specific user request can cause Scylla to crash. A malicious user can send this query to all nodes and crash the entire cluster. When the user is not malicious, it causes a small problem (a failing request) to become a much worse crash - and worse, the user has no idea which request is causing this crash and the crash will repeat if the same request is tried again. All of this is solved by using the new throwing_assert(), which is the same as SCYLLA_ASSERT() but throws an exception (using on_internal_error()) instead of crashing. The exception will prevent the code path with the invalid assumption from continuing, but will result in only the current user request being aborted, with a clear error message reporting the internal server error due to an assertion failure. I reviewed all the changes that I did in this patch to check that (to the best of my understanding) none of the assertions in cql3/ involve the sort of serious corruption that might require crashing the Scylla node entirely. throwing_assert() also improves logging of assertion failures compared to the original SCYLLA_ASSERT() - SCYLLA_ASSERT() printed a message to stderr which in many installations is lost, whereas throwing_assert() uses Scylla's standard logger, and also includes a backtrace in the log message. Fixes #13970 (Exorcise assertions from CQL code paths) Refs #7871 (Exorcise assertions from Scylla) Signed-off-by: Nadav Har'El <nyh@scylladb.com>
65 lines
1.5 KiB
C++
65 lines
1.5 KiB
C++
/*
|
|
* Copyright 2014-present-2015 ScyllaDB
|
|
*
|
|
* Modified by ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: (LicenseRef-ScyllaDB-Source-Available-1.0 and Apache-2.0)
|
|
*/
|
|
|
|
#include "utils/assert.hh"
|
|
#include "raw/cf_statement.hh"
|
|
#include "service/client_state.hh"
|
|
|
|
namespace cql3 {
|
|
|
|
namespace statements {
|
|
|
|
namespace raw {
|
|
|
|
cf_statement::cf_statement(std::optional<cf_name> cf_name)
|
|
: _cf_name(std::move(cf_name))
|
|
{
|
|
}
|
|
|
|
void cf_statement::prepare_keyspace(const service::client_state& state)
|
|
{
|
|
if (!_cf_name->has_keyspace()) {
|
|
// XXX: We explicitly only want to call state.getKeyspace() in this case, as we don't want to throw
|
|
// if not logged in any keyspace but a keyspace is explicitly set on the statement. So don't move
|
|
// the call outside the 'if' or replace the method by 'prepareKeyspace(state.getKeyspace())'
|
|
_cf_name->set_keyspace(state.get_keyspace(), true);
|
|
}
|
|
}
|
|
|
|
void cf_statement::prepare_keyspace(std::string_view keyspace)
|
|
{
|
|
if (!_cf_name->has_keyspace()) {
|
|
_cf_name->set_keyspace(keyspace, true);
|
|
}
|
|
}
|
|
|
|
bool cf_statement::has_keyspace() const {
|
|
throwing_assert(_cf_name.has_value());
|
|
return _cf_name->has_keyspace();
|
|
}
|
|
|
|
const sstring& cf_statement::keyspace() const
|
|
{
|
|
throwing_assert(_cf_name->has_keyspace()); // "The statement hasn't be prepared correctly";
|
|
return _cf_name->get_keyspace();
|
|
}
|
|
|
|
const sstring& cf_statement::column_family() const
|
|
{
|
|
thread_local static sstring empty = "";
|
|
return bool(_cf_name) ? _cf_name->get_column_family() : empty;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|