[tahoe-dev] [tahoe-lafs] #833: reject mutable children when *reading* an immutable dirnode

tahoe-lafs trac at allmydata.org
Tue Jan 26 03:47:06 UTC 2010

#833: reject mutable children when *reading* an immutable dirnode
 Reporter:  warner                                                                                |           Owner:  kevan   
     Type:  defect                                                                                |          Status:  assigned
 Priority:  critical                                                                              |       Milestone:  1.6.0   
Component:  code-dirnodes                                                                         |         Version:  1.5.0   
 Keywords:  integrity forward-compatibility backward-compatibility confidentiality review-needed  |   Launchpad_bug:          

Comment(by kevan):

 I've looked through the changes to behavior (with the exception of those
 to the webapi) and documentation, and have the following comments so far.
 I'll probably have more after I start working on the remaining parts, but
 posting what I have now might make this patchset more likely to make it
 into trunk by Thursday.

 interfaces.py looks okay, but I was a bit confused when I read "...and
 then used" at the end of {{{MustBeDeepImmutableError}}} and
 {{{MustBeReadOnlyError}}}. This is possibly me being dense after work, but
 maybe you could clarify the context in which those are being used to
 trigger that error?

 The docstring for {{{strip_prefix_for_ro}}} should be inside the function,
 not before it.

 In the {{{__init__}}} method of UnknownNode, you say {{{if x is not
 None:}}} instead of {{{if x}}}. I'm assuming that that's to deal with
 empty string arguments/other arguments that evaluate to False in a

 if given_ro_uri is not None:
             read_cap = uri.from_string(given_ro_uri,
 deep_immutable=deep_immutable, name=name)
             if isinstance(read_cap, uri.UnknownURI):
                 self.error = read_cap.get_error()
                 if self.error:
                     assert self.rw_uri is None and self.ro_uri is None

 How does this know the difference between an UnknownURI that is an
 UnknownURI because we don't know what it is, and an UnknownURI that is
 unknown because we know what it is but it is prefixed with something that
 makes it nonsensical? From what I can understand by reading the code in
 UnknownURI, it is possible to get that result in either case. Apologies if
 this is a case of me being dense.

 if deep_immutable:
             assert self.rw_uri is None
             # strengthen the constraint on ro_uri to
             if given_ro_uri is not None:
                 if given_ro_uri.startswith(ALLEGED_IMMUTABLE_PREFIX):
                     self.ro_uri = given_ro_uri
                 elif given_ro_uri.startswith(ALLEGED_READONLY_PREFIX):
                     self.ro_uri = ALLEGED_IMMUTABLE_PREFIX +
                     self.ro_uri = ALLEGED_IMMUTABLE_PREFIX + given_ro_uri
 What is this assertion meant to do? I don't think that anything so far in
 the code would have assigned anything other than none to self.rw_uri. I
 don't suppose that it hurts to have it there, aside from maybe meaning
 that the calling code needs to be more complicated if it wants to handle
 all of the error conditions that UnknownNode can enter. It also serves as
 self-documentation, I guess.

 Any reason for implementing {{{is_unknown}}} in {{{_BaseURI}}}? Is it
 anything that might need to be added to the {{{IURI}}} interface? What
 about {{{is_readonly}}}, {{{is_mutable}}}, {{{get_readonly}}},
 {{{get_verify_cap}}}, which were added to a number of URIs in uri.py.
 Should they be added to one of the URI interfaces?

 The spacing on your changes to SSKVerifierURI is inconsistent with your
 changes in the other URI classes.

 I didn't see any problems in nodemaker.py or dirnode.py.

 If you're correcting things in webapi.txt, you might try replacing Tahoe
 with Tahoe-LAFS, which (I gather) is more correct. But maybe that's out of
 scope for this ticket.

 I think it would be easier to read if you changed the from_string_ methods
 in uri.py to use explicit named keyword arguments instead of the **kwargs

 I have a block of free time tomorrow, so I'm hoping I will have the rest
 of the review done by then.

Ticket URL: <http://allmydata.org/trac/tahoe/ticket/833#comment:48>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid

More information about the tahoe-dev mailing list