Skip to content

[9.0] Don't apply saferEval default length cap to workflow XML values#8630

Merged
fstagni merged 2 commits into
DIRACGrid:rel-v9r0from
sfayer:bp_wfevalv9
Jun 22, 2026
Merged

[9.0] Don't apply saferEval default length cap to workflow XML values#8630
fstagni merged 2 commits into
DIRACGrid:rel-v9r0from
sfayer:bp_wfevalv9

Conversation

@sfayer

@sfayer sfayer commented Jun 18, 2026

Copy link
Copy Markdown
Member

v9 backport of #8628.

BEGINRELEASENOTES
*Workflow
FIX: increased saferEval limit to 1 MiB for Workflow XML handling
ENDRELEASENOTES

@sfayer sfayer requested review from atsareg and fstagni as code owners June 18, 2026 08:17
@fstagni fstagni closed this Jun 18, 2026
@fstagni fstagni reopened this Jun 18, 2026
fstagni
fstagni previously approved these changes Jun 18, 2026
View reviewed changes
@fstagni

fstagni commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Please consider adding also #8635

ryuwd added 2 commits June 19, 2026 15:53
@ryuwd @sfayer
fix: Don't apply saferEval default length cap to workflow XML values
6abe383 
Commit bf6858d replaced eval() with saferEval() in WorkflowReader to avoid
evaluating arbitrary code. saferEval enforces a 2048-byte cap, but non-string
workflow parameters (lists/dicts serialised as repr()) are KB-scale and
routinely exceed it, so parsing legitimate workflows failed with
"Object string is too long (>2048 bytes)".

Pass a generous finite cap (1 MiB) at this call site instead of the 2048
default. literal_eval still prevents code execution regardless of content;
the ceiling remains as defence-in-depth against pathological/malicious input,
bounding literal_eval's object-allocation blow-up. Legitimate workflow values
never approach it. SaferEval's default is left unchanged for its other callers.
@ryuwd @sfayer
fix: Don't apply saferEval default length cap to workflow substitution
3c6dcd1 
Commit bf6858d replaced eval() with saferEval() in Workflow/Utility.substitute
to avoid evaluating arbitrary code. saferEval enforces a 2048-byte cap, but
non-string workflow parameters (lists/dicts) are KB-scale and routinely exceed
it, so substituting variables into a large parameter failed with
"Object string is too long (>2048 bytes)".

Pass a generous finite cap (1 MiB) at this call site instead of the 2048
default, matching the fix in WorkflowReader. literal_eval still prevents code
execution regardless of content; the ceiling remains as defence-in-depth
against pathological/malicious input. SaferEval's default is unchanged for its
other callers.
@fstagni fstagni added the sweep:ignore Prevent sweeping from being ran for this PR label Jun 22, 2026
@fstagni fstagni merged commit 0e8544d into DIRACGrid:rel-v9r0 Jun 22, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fstagni fstagni fstagni approved these changes

@atsareg atsareg Awaiting requested review from atsareg atsareg is a code owner

Assignees

No one assigned

Labels

sweep:ignore Prevent sweeping from being ran for this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sfayer @fstagni @ryuwd