From 92536e4731d11b0e3b8eb2b055502b4a10707d94 Mon Sep 17 00:00:00 2001 From: Michiel de Mare Date: Wed, 21 Aug 2024 14:50:12 +0200 Subject: [PATCH 1/3] Don't throw error on release expired lock --- src/nl/surf/eduhub_rio_mapper/worker.clj | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/nl/surf/eduhub_rio_mapper/worker.clj b/src/nl/surf/eduhub_rio_mapper/worker.clj index 5acf13c2..f83961c9 100644 --- a/src/nl/surf/eduhub_rio_mapper/worker.clj +++ b/src/nl/surf/eduhub_rio_mapper/worker.clj @@ -62,7 +62,7 @@ lua-result (car/wcar redis-conn (car/lua lua-script {:k k} {:token token}))] (assert (number? lua-result)) (when (not= 1 lua-result) - (throw (ex-info "Lock lost before release!" {:lock-name k}))))) + (log/error (str "Lock " k " lost before release!"))))) (defn extend-lock! "Extend TTL on lock on `queue` with `token` by `ttl-ms`. @@ -202,7 +202,8 @@ retryable-fn run-job-fn set-status-fn] - :or {lock-ttl-ms 10000 + ;; Set lock expiry to 1 minute; locks in production have unexpectedly expired with shorter intervals + :or {lock-ttl-ms 60000 nap-ms 1000}} :worker :as config} stop-atom] @@ -212,7 +213,8 @@ (fn? run-job-fn) (fn? set-status-fn) (ifn? retryable-fn) (ifn? error-fn) (ifn? queue-fn)]} - (let [timeout-ms (/ lock-ttl-ms 2)] + ;; Extend lock at least each second + (let [timeout-ms (min 1000 (/ lock-ttl-ms 2))] (loop [queues (occupied-queues config)] (if-let [[queue & queues] queues] (do @@ -237,6 +239,7 @@ (loop [] (let [result (async/alt!! c ([v] v) (async/timeout timeout-ms) ::ping)] + ;; this throws an exception if the lock has expired (extend-lock! config queue @token lock-ttl-ms) (cond From cfb86062c9d072fa6d53959c10a0957183962378 Mon Sep 17 00:00:00 2001 From: Michiel de Mare Date: Fri, 23 Aug 2024 13:32:09 +0200 Subject: [PATCH 2/3] Log error when lock lost in extend --- src/nl/surf/eduhub_rio_mapper/worker.clj | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/nl/surf/eduhub_rio_mapper/worker.clj b/src/nl/surf/eduhub_rio_mapper/worker.clj index f83961c9..86811d7c 100644 --- a/src/nl/surf/eduhub_rio_mapper/worker.clj +++ b/src/nl/surf/eduhub_rio_mapper/worker.clj @@ -79,7 +79,7 @@ lua-result (car/wcar redis-conn (car/lua lua-script {:k k} {:token token, :ttl-ms ttl-ms}))] (assert (number? lua-result)) (when (not= 1 lua-result) - (throw (ex-info "Lock lost before extend!" {:lock-name k}))))) + (log/error (str "Lock lost before extend!" {:lock-name k}))))) (defn- queue-key [config queue] (prefix-key config (str "queue:" queue))) @@ -239,7 +239,6 @@ (loop [] (let [result (async/alt!! c ([v] v) (async/timeout timeout-ms) ::ping)] - ;; this throws an exception if the lock has expired (extend-lock! config queue @token lock-ttl-ms) (cond From 32a08212776afb63ba409b7984a4d8f84a275d38 Mon Sep 17 00:00:00 2001 From: Michiel de Mare Date: Mon, 26 Aug 2024 15:49:16 +0200 Subject: [PATCH 3/3] Added nve suppression --- .nvd-suppressions.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.nvd-suppressions.xml b/.nvd-suppressions.xml index cc7bafe8..d09d07b2 100644 --- a/.nvd-suppressions.xml +++ b/.nvd-suppressions.xml @@ -4,4 +4,8 @@ Using clojure higher than 1.9.0 and not earlier as implied by some dependencies. CVE-2017-20189 + + We don't use zgrep + CVE-2022-1271 +