fix: add limits to ErrorInfo fields

lupko · lupko · commit a77ae150ca2c · 2025-04-09T11:55:20.000+02:00
- ErrorInfo is passed as FlightError.extra_info
- In turn, extra_info contents are transported via gRPC headers
- gRPC headers have hard limit of 16kB size (otherwise get gRPC Resource Exhausted: initial metadata too large)
- added code to truncate `msg` and `detail` if necessary. Limit for each is 1kB
- added code (breaking change) to limit `body` to 4kB
  - note: body is not used anywhere, and it is unlikely it is used 'in the wild' because as is it is
    not taken into account by the server (it will be used to pass polling info in the future)

JIRA: CQ-1268
diff --git a/gooddata-flight-server/gooddata_flight_server/errors/error_info.py b/gooddata-flight-server/gooddata_flight_server/errors/error_info.py
@@ -8,6 +8,33 @@
 
 from gooddata_flight_server.errors.error_code import ErrorCode
 
+_ERROR_INFO_MAX_MSG = 256
+_ERROR_INFO_MAX_DETAIL = 512
+_ERROR_INFO_MAX_BODY = 4096
+
+
+def _truncate_str_value(val: Optional[str], max_len: int) -> Optional[str]:
+    if val is None:
+        return None
+
+    if len(val) <= max_len:
+        return val
+
+    # no big deal that the actual max length is slightly exceeded
+    # all this truncating happens because ErrorInfo is eventually
+    # passed via gRPC headers which have 16k hard limit
+    return val[:max_len] + " [truncated]"
+
+
+def _body_of_allowed_size(val: Optional[bytes], max_len: int) -> Optional[bytes]:
+    if val is None:
+        return None
+
+    if len(val) > max_len:
+        raise ValueError(f"ErrorInfo.body can be at most {max_len}B long.")
+
+    return val
+
 
 class ErrorInfo:
     """
@@ -22,15 +49,15 @@ def __init__(
         body: Optional[bytes] = None,
         code: int = 0,
     ) -> None:
-        self._msg = msg
-        self._detail: Optional[str] = detail
-        self._body: Optional[bytes] = body
+        self._msg = _truncate_str_value(msg, _ERROR_INFO_MAX_MSG)
+        self._detail: Optional[str] = _truncate_str_value(detail, _ERROR_INFO_MAX_DETAIL)
+        self._body: Optional[bytes] = _body_of_allowed_size(body, _ERROR_INFO_MAX_BODY)
         self._code: int = code
 
     @property
     def msg(self) -> str:
         """
-        :return: human readable error message
+        :return: human-readable error message
         """
         return self._msg
 
@@ -60,33 +87,37 @@ def with_msg(self, msg: str) -> "ErrorInfo":
         """
         Updates error message.
 
-        :param msg: new message
+        :param msg: new message, up to 256 characters; will be truncated if the limit is exceeded
         :return: self, for call chaining sakes
         """
-        self._msg = msg
+        self._msg = _truncate_str_value(msg, _ERROR_INFO_MAX_MSG)
+
         return self
 
     def with_detail(self, detail: Optional[str] = None) -> "ErrorInfo":
         """
         Updates or resets the error detail.
 
-        :param detail: detail to set; if None, the detail stored in the meta will be removed; default is None
+        :param detail: detail to set; if None, the detail stored in the meta will be removed; default is None;
+         detail can be up to 512 characters; will be truncated if the limit is exceeded
         :return: self, for call chaining sakes
         """
-        self._detail = detail
+        self._detail = _truncate_str_value(detail, _ERROR_INFO_MAX_DETAIL)
+
         return self
 
     def with_body(self, body: Optional[Union[bytes, str]]) -> "ErrorInfo":
         """
         Updates or resets the error body.
 
+        The body can be at most 4096 bytes long. If you try to set a larger body, a ValueError will
+        be raised by this call.
+
         :param body: body to set; if None, the body stored in the meta will be removed; default is None
         :return: self, for call chaining sakes
         """
-        if isinstance(body, str):
-            self._body = body.encode("utf-8")
-        else:
-            self._body = body
+        _body = body if isinstance(body, bytes) else body.encode("utf-8")
+        self._body = _body_of_allowed_size(_body, _ERROR_INFO_MAX_BODY)
 
         return self
 
diff --git a/gooddata-flight-server/tests/errors/error_info.py b/gooddata-flight-server/tests/errors/error_info.py
@@ -1,5 +1,6 @@
 #  (C) 2024 GoodData Corporation
 import pyarrow.flight
+import pytest
 from gooddata_flight_server.errors.error_info import ErrorInfo, RetryInfo
 
 
@@ -22,6 +23,25 @@ def test_serde_error_info2():
     assert deserialized.detail == error.detail
 
 
+def test_error_info_limits1():
+    error = ErrorInfo.for_reason(666, "error" * 500).with_detail("detail" * 500)
+
+    assert "truncated" in error.msg
+    assert "truncated" in error.detail
+
+    error = ErrorInfo(code=666, msg="error" * 500, detail="detail" * 500)
+    assert "truncated" in error.msg
+    assert "truncated" in error.detail
+
+
+def test_error_info_limits2():
+    with pytest.raises(ValueError):
+        ErrorInfo.for_reason(666, "error").with_body(b"1234" * 2048)
+
+    with pytest.raises(ValueError):
+        ErrorInfo(code=666, msg="error", body=b"1234" * 2048)
+
+
 def test_serde_retry_info1():
     retry = RetryInfo(
         flight_info=None,
