feat: Prevent Parse Server start in case of unknown option in server configuration #8987
Conversation
Thanks for opening this pull request! |
There was a problem hiding this comment.
Could you please separate the test into distinct tests, each with their own specific description, for example these scenarios:
a) no warning logged if no unknown option is set
b) warning logged if unknown option is set on root { unknown: 1 }
c) ... on sub object { a: { unknown: 1 }}
d) 2 warnings logged on 2 invalid options
Could you also please rename the warning msg to:
“The following Parse Server option is not recognized”, instead of “key”.
Also, I believe the server shouldn’t even start up if an invalid option has been set, because it is likely configured incorrectly, which could affect data integrity, security, app performance or user experience.
|
Hello @mtrezza, For tests, the given test includes these 3 conditions that you mentioned. Is there something else that you want me to do in that respect? |
|
Yes, could you please refactor the test into individual tests, one for reach scenario? The purpose of a test is to test a specific scenario that is described in the test title. So that it's easier to debug if a specific test fails, than a composite test that contains many smaller tests. The repetitive code can be moved into the |
|
Hi @mtrezza, Before I was checking for config variables based on the keys of defnitions from Definitions.js, but now I realize that there are several other keys that are being used that are not mentioned in those defnitions: level, loggerController, filesController, userController, pushController, pushWorker, .... |
|
Not sure, I think all these options should be somewhere in the code; but I'm not sure if there is a comprehensive list of all options. Maybe the definitions file of the Parse Server options is the best source for that? |
The definitions files doesn't give most of the variables. |
|
I believe we need a solution that doesn't require maintaining a separate list if we already have a list, like the definitions. What is missing in the definitions file, for example? |
state, loggerController, hasPushScheduledSupport, authDataManager, masterKeyIpsStore, maintenanceKeyIpsStore to name some. |
|
Are these really Parse Server options? I mean the main issue is, if they are not in the definitions file, then they are not (poorly) documented Parse Server options, because the docs for them is auto generated from the definitions file. If they are really undocumented then I suggest to add them to the definitions file, which is fairly easy to do. You could take a look at the existing options and then just add them. There are instructions on how to do that here. |
|
Yes, I understand but at one point or another they are expected in the config variable. They are also used in test files as well which is causing a lot of log messages during tests. |
|
Yes, so I believe the definitions file is the actual source to determine whether an option key is valid or not. If an options is missing there then that's likely a bug and we could simply add it, as part of this feature. I assume they are not many? |
|
I ran tests, some of them didn't pass, but I got warning messages for these keys: cacheController, loggerController, filesController, 3, masterKeyIpsStore, pushController, exampleKey, rateLimits, 5, userController, state, hasPushScheduledSupport, version, _mount, retryWrites, 4, databaseController, authDataManager, parseGraphQLController, schemaCache, RateLimitZone, 0, liveQueryController, database, generateEmailVerifyTokenExpiresAt, generateSessionExpiresAt, analyticsController, maintenanceKeyIpsStore, patternValidator, 2, hooksController, SchemaCacheTtl, level, hasPushSupport, pushWorker, applicationId, 1, pushControllerQueue |
|
The items |
|
Sorry for late reply. You were right there was a slight mistake that numbers were getting printed. But I looked into other keys and the locations they are set: _mount and some others keys. |
|
Yes, so whatever is missing and is really a Parse Server option may need to to be added to the definitions file. That's easy, see the link I shared previously. I doubt that |
…nfig variables | fixed issues with initial validations
|
Hey @mtrezza, I'm done with this one. Please review and let me know if something else needs to be changed. |
|
Could you resolve the conflicts? |
|
@mtrezza, Conflicts resolved. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## alpha #8987 +/- ##
=======================================
Coverage 94.13% 94.14%
=======================================
Files 186 186
Lines 14687 14722 +35
=======================================
+ Hits 13826 13860 +34
- Misses 861 862 +1 ☔ View full report in Codecov by Sentry. |
|
Yes, sounds good! |
Signed-off-by: Manuel <[email protected]>
yes it is done from my end. |
mtrezza
changed the title
# [7.1.0-alpha.5](7.1.0-alpha.4...7.1.0-alpha.5) (2024-04-07) ### Features * Prevent Parse Server start in case of unknown option in server configuration ([#8987](#8987)) ([8758e6a](8758e6a))
|
🎉 This change has been released in version 7.1.0-alpha.5 |
# [7.1.0-beta.1](7.0.0...7.1.0-beta.1) (2024-06-30) ### Bug Fixes * `Parse.Cloud.startJob` and `Parse.Push.send` not returning status ID when setting Parse Server option `directAccess: true` ([#8766](#8766)) ([5b0efb2](5b0efb2)) * `Required` option not handled correctly for special fields (File, GeoPoint, Polygon) on GraphQL API mutations ([#8915](#8915)) ([907ad42](907ad42)) * Facebook Limited Login not working due to incorrect domain in JWT validation ([#9122](#9122)) ([9d0bd2b](9d0bd2b)) * Live query throws error when constraint `notEqualTo` is set to `null` ([#8835](#8835)) ([11d3e48](11d3e48)) * Parse Server option `extendSessionOnUse` not working for session lengths < 24 hours ([#9113](#9113)) ([0a054e6](0a054e6)) * Rate limiting can fail when using Parse Server option `rateLimit.redisUrl` with clusters ([#8632](#8632)) ([c277739](c277739)) * SQL injection when using Parse Server with PostgreSQL; fixes security vulnerability [GHSA-c2hr-cqg6-8j6r](GHSA-c2hr-cqg6-8j6r) ([#9167](#9167)) ([2edf1e4](2edf1e4)) ### Features * Add `silent` log level for Cloud Code ([#8803](#8803)) ([5f81efb](5f81efb)) * Add server security check status `security.enableCheck` to Features Router ([#8679](#8679)) ([b07ec15](b07ec15)) * Prevent Parse Server start in case of unknown option in server configuration ([#8987](#8987)) ([8758e6a](8758e6a)) * Upgrade to @parse/push-adapter 6.0.0 ([#9066](#9066)) ([18bdbf8](18bdbf8)) * Upgrade to @parse/push-adapter 6.2.0 ([#9127](#9127)) ([ca20496](ca20496)) * Upgrade to Parse JS SDK 5.2.0 ([#9128](#9128)) ([665b8d5](665b8d5))
|
🎉 This change has been released in version 7.1.0-beta.1 |
# [7.1.0](7.0.0...7.1.0) (2024-06-30) ### Bug Fixes * `Parse.Cloud.startJob` and `Parse.Push.send` not returning status ID when setting Parse Server option `directAccess: true` ([#8766](#8766)) ([5b0efb2](5b0efb2)) * `Required` option not handled correctly for special fields (File, GeoPoint, Polygon) on GraphQL API mutations ([#8915](#8915)) ([907ad42](907ad42)) * Facebook Limited Login not working due to incorrect domain in JWT validation ([#9122](#9122)) ([9d0bd2b](9d0bd2b)) * Live query throws error when constraint `notEqualTo` is set to `null` ([#8835](#8835)) ([11d3e48](11d3e48)) * Parse Server option `extendSessionOnUse` not working for session lengths < 24 hours ([#9113](#9113)) ([0a054e6](0a054e6)) * Rate limiting can fail when using Parse Server option `rateLimit.redisUrl` with clusters ([#8632](#8632)) ([c277739](c277739)) * SQL injection when using Parse Server with PostgreSQL; fixes security vulnerability [GHSA-c2hr-cqg6-8j6r](GHSA-c2hr-cqg6-8j6r) ([#9167](#9167)) ([2edf1e4](2edf1e4)) ### Features * Add `silent` log level for Cloud Code ([#8803](#8803)) ([5f81efb](5f81efb)) * Add server security check status `security.enableCheck` to Features Router ([#8679](#8679)) ([b07ec15](b07ec15)) * Prevent Parse Server start in case of unknown option in server configuration ([#8987](#8987)) ([8758e6a](8758e6a)) * Upgrade to @parse/push-adapter 6.0.0 ([#9066](#9066)) ([18bdbf8](18bdbf8)) * Upgrade to @parse/push-adapter 6.2.0 ([#9127](#9127)) ([ca20496](ca20496)) * Upgrade to Parse JS SDK 5.2.0 ([#9128](#9128)) ([665b8d5](665b8d5))
|
🎉 This change has been released in version 7.1.0 |
Pull Request
Issue
Closes: #8938
Approach
Created a simple function that checks provided configuration keys against a list of possible keys (retrieved from the definitions file at src/Options/Definition.js). If any provided key is not valid, the function logs a warning message.