What to test
jonascarpay opened this issue · comments
These are some of my thoughts on things that should be probably be tested. Each of these things should probably be spun into a separate issue, but they all need to be addressed at some point. We should also discuss how to actually test.
- SQL injection
Package/platform/binary names all end up in SQL queries.sqlite-simple
promises it takes care of escaping, but it can't hurt to double-check. - Other forms of injection
Package/platform/binary names all end up in calls tonix build
. As far as I know, calling a command directly the way we do should make this pretty safe, but we should probably check - Timing attacks/thread safety issues
If we request a package while it's already being built by another thread, I'm not sure what happens on the nix side, but what's definitely true is that we get an SQL error. That is because both threads initially determine that the package is not present, and then afterwards try to insert it into the database. When the second thread does this, it fails because the supposedly unique triplet is already present in the database.
This is just one example though. - DoS
What happens if we get a bunch of garbage requests?
What happens if we get a bunch of requests for the same long-running, failing build? This one should actually be taken care of by the negative cache, but we should make sure that that's the case.