Updating dice example based on Updated Specification for the reference application
#8099
Conversation
lightsta1ker
changed the title
dice exampledice example based on Updated Specification for the reference application
lightsta1ker
force-pushed
the
dice/issue-7937
branch
from
ddae343 to
a337ba6
Compare
lightsta1ker
changed the title
dice example based on Updated Specification for the reference applicationdice example based on Updated Specification for the reference application
| if player == "" { | ||
| logger.DebugContext(r.Context(), "anonymous player rolled", results) | ||
| } else { | ||
| msg = "Anonymous player is rolling the dice" | ||
| logger.DebugContext(r.Context(), "player=%s rolled %v", player, results) | ||
| } |
| msg = "Anonymous player is rolling the dice" | ||
| logger.DebugContext(r.Context(), "player=%s rolled %v", player, results) | ||
| } | ||
| logger.InfoContext(r.Context(), " %s %s -> 200 OK", r.Method, r.URL.String()) |
There was a problem hiding this comment.
It is it what other languages are doing? I do not see such requirements in https://opentelemetry.io/docs/getting-started/reference-application-specification/ apart from "an INFO-level message for each HTTP request with a status code <400".
This could simply be
| logger.InfoContext(r.Context(), " %s %s -> 200 OK", r.Method, r.URL.String()) | |
| logger.InfoContext(r.Context(), "Some player rolled a dice.") |
There was a problem hiding this comment.
I've just kept the "200 OK" to fullfill the "an INFO-level message for each HTTP request with a status code <400". . But it could simply be the above suggestion. Will update.
| // Check if rolls is a number. | ||
| rolls, err := strconv.Atoi(rollsParam) | ||
| if err != nil { | ||
| w.WriteHeader(http.StatusBadRequest) |
There was a problem hiding this comment.
Thought of leaving it to the defaults as it's a simple app and not explicitly specified in the reference. But I will set application/json as that's how the app responds.
| if rolls <= 0 { | ||
| err := errors.New("rolls must be positive") | ||
| span.RecordError(err) | ||
| logger.ErrorContext(ctx, "error", "error", err) |
There was a problem hiding this comment.
Isn't the caller already logging the error ?
| logger.ErrorContext(ctx, "error", "error", err) |
There was a problem hiding this comment.
Ah, Yes. The caller does log the same error at line 100
logger.ErrorContext(r.Context(), err.Error())
I think, this line was from earlier that escaped refactor. Will update.
|
@lightsta1ker, I won't have time to review it further until I am back from KubeCon NA. Hopefully other @open-telemetry/go-approvers are going to help with reviews. |
|
Sure, @pellared . Thank you for the review & suggestions! |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return []int{val}, nil | ||
| } | ||
|
|
||
| results := make([]int, rolls) |
Check failure
Code scanning / CodeQL
Slice memory allocation with excessive size value High
| return []int{rollOnce()}, nil | ||
| } | ||
|
|
||
| results := make([]int, rolls) |
Check failure
Code scanning / CodeQL
Slice memory allocation with excessive size value High
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
| rollsAttr := attribute.Int("rolls", rolls) | ||
| span.SetAttributes(rollsAttr) | ||
| rollCnt.Add(ctx, 1, metric.WithAttributes(rollsAttr)) | ||
| outcomeHist.Record(ctx, int64(val)) |
There was a problem hiding this comment.
Can we consolidate the logic of this part? Currently, it contains the same logic twice.
There was a problem hiding this comment.
Yes, the loop handles rolls == 1 just fine. Thank you, will update.
| // Parse query parameters. | ||
| rollsParam := r.URL.Query().Get("rolls") | ||
| player := r.URL.Query().Get("player") | ||
| maxRolls := 1000 // Arbitrary limit to prevent Slice memory allocation with excessive size value. |
There was a problem hiding this comment.
From a performance perspective, this is a good configuration.
However, I am considering that since the specification does not mention this situation and it is just an example.
Therefore, extreme cases can be temporarily ignored. I recommend removing it to comply with the specification.
There was a problem hiding this comment.
I kindly disagree. We should not have vulnerabilities in examples. People are using them for learning purposes.
There was a problem hiding this comment.
The codeQL CI check picked up the vulnerability. I would like to keep the example vulnerability free as well.
There was a problem hiding this comment.
I think it can be kept, but defining it as a constant is a better choice.
| if err != nil || rolls > maxRolls { | ||
| // Signals invalid input (<=0). | ||
| w.WriteHeader(http.StatusInternalServerError) | ||
| logger.ErrorContext(r.Context(), err.Error()) |
There was a problem hiding this comment.
Since the condition if err != nil || rolls > maxRolls { implies that err might be nil.
Of course, once maxRolls is removed, this issue is naturally resolved.
|
@lightsta1ker We still have some issues to resolve, including CI checks. |
|
@flc1125 I thought those checks were not relevant to this PR as it's not customer facing. |
3 participants
Addresses #7937