asf-tooling opened a new issue, #1065:
URL: https://github.com/apache/tooling-trusted-releases/issues/1065
**ASVS Level(s):** L2-only
**Description:**
### Summary
The distribution status check task queries all pending distributions and
processes them sequentially without batch size limits. If many distributions
are pending (e.g., 500 due to temporary external service outage), the task
attempts to process every one, potentially exceeding the 300s worker timeout.
This leaves distributions in inconsistent state when the worker is killed
mid-processing, with some updated and others remaining pending.
### Details
The issue exists in `atr/tasks/distribution.py` in the `status_check()`
function. The task queries all pending distributions and processes them without
batch limits.
### Recommended Remediation
Implement batch processing:
```python
_BATCH_SIZE = 20
async def status_check():
"""Check distribution status with batch processing."""
# Query only a batch of pending distributions
pending_distributions = # ... query with .limit(_BATCH_SIZE)
total_pending = # ... count query without limit
log.info(
"Processing distribution status checks",
batch_size=len(pending_distributions),
total_pending=total_pending
)
for distribution in pending_distributions:
# Process distribution
await check_and_update_status(distribution)
if total_pending > _BATCH_SIZE:
log.info(
f"Processed {_BATCH_SIZE} of {total_pending} pending
distributions. "
f"Remaining distributions will be processed in subsequent runs."
)
```
This prevents worker timeout and ensures consistent state. The task will be
rescheduled to process remaining distributions in subsequent runs.
### Acceptance Criteria
- [ ] Batch size limit implemented (_BATCH_SIZE = 20)
- [ ] LIMIT clause added to database query
- [ ] Progress logging added indicating batch processing
- [ ] Unit tests verify batch size is enforced
- [ ] Unit tests verify remaining items are left for next run
- [ ] Integration tests verify batch processing behavior
- [ ] Worker timeout monitoring confirms no timeouts occur
### References
- Source reports: L2:15.1.3.md
- Related findings: FINDING-193, FINDING-052
- ASVS sections: 15.1.3
- CWE: CWE-834
### Priority
Medium
---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
