diff options
author | Nick Vatamaniuc <vatamane@gmail.com> | 2022-11-22 11:31:54 -0500 |
---|---|---|
committer | Nick Vatamaniuc <nickva@users.noreply.github.com> | 2022-11-30 00:23:07 -0500 |
commit | f13ceb46ce3c120e1960fa47bfda0a606601900e (patch) | |
tree | abfe7681f984cf8d3071929420ef124790b7fa90 /rel/overlay | |
parent | fb5ade222d887bb92a564de0e1b8f818d3ffc915 (diff) | |
download | couchdb-f13ceb46ce3c120e1960fa47bfda0a606601900e.tar.gz |
Improve validation of replicator job parameters
There are two main improvements:
* Replace the auto-inserted replicator VDU with a BDU. Replicator already had
a BDU to update the `"owner"` field, so plug right into it and validate
everything we need there. This way, the validation and parsing logic is all
in one module. The previously inserted VDU design doc will be deleted.
* Allow constraining endpoint protocol types and socket options. Previously,
users could create replications with any low level socket options. Some of
those are dangerous and are possible "foot-guns". Restrict those options to
a more usable set.
In addition to those improvements, increase test coverage a bit by explicitly
checking a few more parsing corner cases.
Fixes #4273
Diffstat (limited to 'rel/overlay')
-rw-r--r-- | rel/overlay/etc/default.ini | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 04448aabd..0efc4cb23 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -555,6 +555,18 @@ partitioned||* = true ; See the `inet` Erlang module's man page for the full list of options. ;socket_options = [{keepalive, true}, {nodelay, false}] +; Valid socket options. Options not in this list are ignored. The full list of +; options may be found at https://www.erlang.org/doc/man/inet.html#setopts-2. +;valid_socket_options = buffer,keepalive,nodelay,priority,recbuf,sndbuf + +; Valid replication endpoint protocols. Replication jobs with endpoint urls not +; in this list will fail to run. +;valid_endpoint_protocols = http,https + +; Valid replication proxy protocols. Replication jobs with proxy urls not in +; this list will fail to run. +;valid_proxy_protocols = http,https,socks5 + ; Path to a file containing the user's certificate. ;cert_file = /full/path/to/server_cert.pem |