review "assert" usage · borgbackup/borg#8649

(17 留言) (0 反應) (1 負責人)Python (10,086 star) (732 fork)batch import

bughelp wantedsecurity

描述

See there for the problem description:

https://community.sonarsource.com/t/feature-python-assert-should-be-consider-harmful/38501

TL;DR: for now, do not run borg via python3 -O or with PYTHONOPTIMIZE set.

In the code, assert should be only used for:

our test suite
at places in production code where it doesn't really matter if the assert is executed or not. it must never be used if not executing the assert would influence correctness or security.
if it matters, the assert should be replaced by if <condition>: raise SomeException

So, the task for borg master branch is to do a systematic review and fix all problematic asserts.

In case we find a lot of places to fix, a quick workaround for 1.4-maint branch could be to disallow running borg with assertions switched off, something like:

+try:
+    assert False
+except AssertionError:
+    pass  # OK
+else:
+    print("Borg requires working assertions. Please run Python without -O and/or unset PYTHONOPTIMIZE")
+    sys.exit(2)

Note: 2 is the classic error code for a fatal error, but borg 1.4.x also supports modern exit codes, so an appropriate one (2 or more specific) needs to be returned for that.

貢獻者指南

技術棧: python
領域: security
議題類型: refactor
難度: 3
預計時間: over 1 week
活動狀態: blocked
清晰度: clear
前置要求: Pythonborg codebase understanding
新手友善度: 40
研究方向: Search for all assert statements in production code (excluding tests). For each assert, determine if its execution is critical for correctness or security. If so, replace with an if statement raising an appropriate exception. If not, leave as is. The workaround for 1.4 maint is to add a check at startup to ensure assertions are enabled. The main work is in the master branch.