Re: [PR] Refactor 3.3 grpc http2 processes [dubbo]

via GitHub Thu, 04 Apr 2024 14:00:42 -0700


BitoAgent commented on code in PR #13786:
URL: https://github.com/apache/dubbo/pull/13786#discussion_r1552429153



##########
dubbo-remoting/dubbo-remoting-http12/src/main/java/org/apache/dubbo/remoting/http12/message/LengthFieldStreamingDecoder.java:
##########
@@ -167,8 +160,8 @@ private void processBody() throws IOException {
         requiredLength = lengthFieldOffset + lengthFieldLength;
     }
 
-    protected void invokeListener(InputStream inputStream) {
-        this.listener.onFragmentMessage(dataHeader, inputStream);
+    public void invokeListener(InputStream inputStream) {

Review Comment:
    **Security Issue**: Public method 'invokeListener' should not expose its 
internal InputStream directly, consider copying the data or using a safer 
access method. <br> **Fix**: Ensure encapsulation of internal streams to 
prevent unauthorized stream manipulation. <br> **Code Suggestion**: 
    ```
    -    protected void invokeListener(InputStream inputStream) {
    +    public void invokeListener(InputStream inputStream) {
    ```
   
   



##########
dubbo-common/src/main/java/org/apache/dubbo/config/AbstractInterfaceConfig.java:
##########
@@ -252,7 +252,7 @@ protected void postProcessAfterScopeModelChanged(ScopeModel 
oldScopeModel, Scope
         }
         if (CollectionUtils.isNotEmpty(this.registries)) {
             this.registries.forEach(registryConfig -> {
-                if (registryConfig.getScopeModel() != applicationModel) {
+                if (registryConfig != null && registryConfig.getScopeModel() 
!= applicationModel) {
                     registryConfig.setScopeModel(applicationModel);
                 }
             });

Review Comment:
    **Scalability Issue**: Null check added for registryConfig in the lambda 
expression. This change prevents potential NullPointerExceptions when iterating 
over registries, enhancing the robustness of the code, especially under scaling 
scenarios where dynamic registry updates might lead to temporary 
inconsistencies. <br> **Fix**: The fix properly handles cases where 
registryConfig might be null, ensuring that the system remains resilient and 
functional even when facing transient state inconsistencies during scaling 
operations or registry updates. <br> **Code Suggestion**: 
    ```
    -                if (registryConfig.getScopeModel() != applicationModel) {
    +                if (registryConfig != null && 
registryConfig.getScopeModel() != applicationModel) {
    ```
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org
For additional commands, e-mail: notifications-h...@dubbo.apache.org

Re: [PR] Refactor 3.3 grpc http2 processes [dubbo]

Reply via email to