Skip to content

[8.0] Don't apply saferEval default length cap to workflow XML values#8629

Merged
fstagni merged 2 commits into
DIRACGrid:rel-v8r0from
sfayer:bp_wfevalv8
Jun 22, 2026
Merged

[8.0] Don't apply saferEval default length cap to workflow XML values#8629
fstagni merged 2 commits into
DIRACGrid:rel-v8r0from
sfayer:bp_wfevalv8

Conversation

@sfayer

@sfayer sfayer commented Jun 18, 2026

Copy link
Copy Markdown
Member

v8 backport of #8628.

BEGINRELEASENOTES
*Workflow
FIX: increased saferEval limit to 1 MiB for Workflow XML handling
ENDRELEASENOTES

@fstagni fstagni closed this Jun 18, 2026
@fstagni fstagni reopened this Jun 18, 2026
fstagni
fstagni previously approved these changes Jun 18, 2026
View reviewed changes
@fstagni

fstagni commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Please consider adding also #8635

ryuwd added 2 commits June 19, 2026 15:52
@ryuwd @sfayer
fix: Don't apply saferEval default length cap to workflow XML values
1418898 
Commit bf6858d replaced eval() with saferEval() in WorkflowReader to avoid
evaluating arbitrary code. saferEval enforces a 2048-byte cap, but non-string
workflow parameters (lists/dicts serialised as repr()) are KB-scale and
routinely exceed it, so parsing legitimate workflows failed with
"Object string is too long (>2048 bytes)".

Pass a generous finite cap (1 MiB) at this call site instead of the 2048
default. literal_eval still prevents code execution regardless of content;
the ceiling remains as defence-in-depth against pathological/malicious input,
bounding literal_eval's object-allocation blow-up. Legitimate workflow values
never approach it. SaferEval's default is left unchanged for its other callers.
@ryuwd @sfayer
fix: Don't apply saferEval default length cap to workflow substitution
7c7929e 
Commit bf6858d replaced eval() with saferEval() in Workflow/Utility.substitute
to avoid evaluating arbitrary code. saferEval enforces a 2048-byte cap, but
non-string workflow parameters (lists/dicts) are KB-scale and routinely exceed
it, so substituting variables into a large parameter failed with
"Object string is too long (>2048 bytes)".

Pass a generous finite cap (1 MiB) at this call site instead of the 2048
default, matching the fix in WorkflowReader. literal_eval still prevents code
execution regardless of content; the ceiling remains as defence-in-depth
against pathological/malicious input. SaferEval's default is unchanged for its
other callers.
@sfayer sfayer changed the title [8.0[ Don't apply saferEval default length cap to workflow XML values [8.0] Don't apply saferEval default length cap to workflow XML values Jun 19, 2026
@fstagni fstagni added the sweep:ignore Prevent sweeping from being ran for this PR label Jun 22, 2026
@fstagni fstagni merged commit e8373d7 into DIRACGrid:rel-v8r0 Jun 22, 2026
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fstagni fstagni fstagni approved these changes

Assignees

No one assigned

Labels

sweep:ignore Prevent sweeping from being ran for this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sfayer @fstagni @ryuwd