[openstack-dev] [Oslo] Does ZeroMQ RPCs handle caller side exceptions correctly?
eric at cloudscaling.com
Mon Jan 28 17:19:10 UTC 2013
> I think you could also add some hardening by using dictionary get() method on the "data" variable in ConsumerBase.process(), but that probably isn't a big concern.
The primary concern here would be that 'method' isn't in data, which is something that is a bit of a concern. I have thought about it, too, because we ran into a bug around receiving messages with a missing 'args' key. Practically, what would happen here is that it would stacktrace, but since process() is wrapped in an eventlet.spawn_n(), there isn't much effect other than ugly/bad logging.
I have a patch that I'm preparing to submit for review that depreciates the '-' methods and leverages the currently unused and reserved 'style' field that is presently included in the ZeroMQ messages. This will eliminate a fair number of string comparisons and the need to unpack messages in the ZmqProxy, resulting in both security and performance benefits (no-msg-unpack has clearly positive consequences for signed messaging as well as reducing what is currently a too-high likelihood of hitting an IndexError or KeyError).
More information about the OpenStack-dev