mirrors/syncstorage-rs
1
0
Fork 0
mirror of https://github.com/mozilla-services/syncstorage-rs.git synced 2025-08-06 20:06:57 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: resolve pyo3 vuln deprecations (#1682)
Some checks failed
Glean probe-scraper / glean-probe-scraper (push) Has been cancelled
Details

Browse Source 
fix: resolve pyo3 vuln deprecations
This commit is contained in:
Taddes 2025-04-11 18:21:35 -04:00 committed by GitHub
parent 6f0c7b28db
commit 0675930a15
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 75 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cargo/audit.toml
View File

@ -2,5 +2,5 @@
ignore = [
"RUSTSEC-2024-0365", # Bound by diesel 1.4 (4GB limit n/a to tokenserver)
"RUSTSEC-2024-0421", # Bound by diesel 1.4, `idna` < 0.1.5, Upgrade to >=1.0.0
"RUSTSEC-2024-0437", # Bound by grpcio 0.13
"RUSTSEC-2024-0437", # Bound by grpcio 0.13,
]

212
Cargo.lock generated
View File

@ -1,6 +1,6 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
version = 4
[[package]]
name = "actix-codec"
@ -268,15 +268,6 @@ dependencies = [
"libc",
]
[[package]]
name = "ansi_term"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
dependencies = [
"winapi",
]
[[package]]
name = "anstream"
version = "0.6.18"
@ -372,17 +363,6 @@ version = "1.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
[[package]]
name = "atty"
version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
dependencies = [
"hermit-abi 0.1.19",
"libc",
"winapi",
]
[[package]]
name = "autocfg"
version = "1.4.0"
@ -412,25 +392,22 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
[[package]]
name = "bindgen"
version = "0.59.2"
version = "0.69.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2bd2a9a458e8f4304c52c43ebb0cfbd520289f8379a52e329a38afda99bf8eb8"
checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
dependencies = [
"bitflags 1.3.2",
"bitflags 2.9.0",
"cexpr",
"clang-sys",
"clap",
"env_logger 0.9.3",
"itertools",
"lazy_static",
"lazycell",
"log",
"peeking_take_while",
"proc-macro2",
"quote",
"regex",
"rustc-hash 1.1.0",
"shlex",
"which",
"syn 2.0.99",
]
[[package]]
@ -577,21 +554,6 @@ dependencies = [
"libloading",
]
[[package]]
name = "clap"
version = "2.34.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
dependencies = [
"ansi_term",
"atty",
"bitflags 1.3.2",
"strsim 0.8.0",
"textwrap",
"unicode-width",
"vec_map",
]
[[package]]
name = "cmake"
version = "0.1.54"
@ -675,9 +637,9 @@ dependencies = [
[[package]]
name = "crossbeam-channel"
version = "0.5.14"
version = "0.5.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"
checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2"
dependencies = [
"crossbeam-utils",
]
@ -945,19 +907,6 @@ dependencies = [
"regex",
]
[[package]]
name = "env_logger"
version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a12e6657c4c97ebab115a42dcee77225f7f482cdd841cf7088c657a42e9e00e7"
dependencies = [
"atty",
"humantime",
"log",
"regex",
"termcolor",
]
[[package]]
name = "env_logger"
version = "0.11.6"
@ -986,16 +935,6 @@ dependencies = [
"serde 1.0.218",
]
[[package]]
name = "errno"
version = "0.3.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
dependencies = [
"libc",
"windows-sys 0.59.0",
]
[[package]]
name = "findshlibs"
version = "0.10.2"
@ -1216,8 +1155,6 @@ dependencies = [
[[package]]
name = "grpcio-sys"
version = "0.13.0+1.56.2-patched"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b3dae9132320ae1b03ea55b5ddc88ca72a31fb85fa631a241a40157f5feffe43"
dependencies = [
"bindgen",
"boringssl-src",
@ -1294,15 +1231,6 @@ version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
[[package]]
name = "hermit-abi"
version = "0.1.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
dependencies = [
"libc",
]
[[package]]
name = "hermit-abi"
version = "0.3.9"
@ -1339,15 +1267,6 @@ dependencies = [
"digest",
]
[[package]]
name = "home"
version = "0.5.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf"
dependencies = [
"windows-sys 0.59.0",
]
[[package]]
name = "hostname"
version = "0.4.0"
@ -1704,6 +1623,15 @@ version = "1.70.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
[[package]]
name = "itertools"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
dependencies = [
"either",
]
[[package]]
name = "itoa"
version = "1.0.15"
@ -1817,12 +1745,6 @@ version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
[[package]]
name = "linux-raw-sys"
version = "0.4.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
[[package]]
name = "litemap"
version = "0.7.5"
@ -2099,12 +2021,6 @@ version = "1.0.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
[[package]]
name = "peeking_take_while"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
[[package]]
name = "percent-encoding"
version = "1.0.1"
@ -2195,9 +2111,9 @@ checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94"
[[package]]
name = "pyo3"
version = "0.22.6"
version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f402062616ab18202ae8319da13fa4279883a2b8a9d9f83f20dbade813ce1884"
checksum = "17da310086b068fbdcefbba30aeb3721d5bb9af8db4987d6735b2183ca567229"
dependencies = [
"cfg-if",
"indoc",
@ -2213,9 +2129,9 @@ dependencies = [
[[package]]
name = "pyo3-build-config"
version = "0.22.6"
version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b14b5775b5ff446dd1056212d778012cbe8a0fbffd368029fd9e25b514479c38"
checksum = "e27165889bd793000a098bb966adc4300c312497ea25cf7a690a9f0ac5aa5fc1"
dependencies = [
"once_cell",
"target-lexicon",
@ -2223,9 +2139,9 @@ dependencies = [
[[package]]
name = "pyo3-ffi"
version = "0.22.6"
version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ab5bcf04a2cdcbb50c7d6105de943f543f9ed92af55818fd17b660390fc8636"
checksum = "05280526e1dbf6b420062f3ef228b78c0c54ba94e157f5cb724a609d0f2faabc"
dependencies = [
"libc",
"pyo3-build-config",
@ -2233,9 +2149,9 @@ dependencies = [
[[package]]
name = "pyo3-macros"
version = "0.22.6"
version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fd24d897903a9e6d80b968368a34e1525aeb719d568dba8b3d4bfa5dc67d453"
checksum = "5c3ce5686aa4d3f63359a5100c62a127c9f15e8398e5fdeb5deef1fed5cd5f44"
dependencies = [
"proc-macro2",
"pyo3-macros-backend",
@ -2245,9 +2161,9 @@ dependencies = [
[[package]]
name = "pyo3-macros-backend"
version = "0.22.6"
version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "36c011a03ba1e50152b4b394b479826cad97e7a21eb52df179cd91ac411cbfbe"
checksum = "f4cf6faa0cbfb0ed08e89beb8103ae9724eb4750e3a78084ba4017cbe94f3855"
dependencies = [
"heck",
"proc-macro2",
@ -2533,19 +2449,6 @@ dependencies = [
"semver",
]
[[package]]
name = "rustix"
version = "0.38.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
dependencies = [
"bitflags 2.9.0",
"errno",
"libc",
"linux-raw-sys",
"windows-sys 0.59.0",
]
[[package]]
name = "rustls"
version = "0.23.23"
@ -2959,12 +2862,6 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]]
name = "strsim"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
[[package]]
name = "strsim"
version = "0.10.0"
@ -3124,7 +3021,7 @@ version = "0.18.2"
dependencies = [
"async-trait",
"cadence",
"env_logger 0.11.6",
"env_logger",
"futures 0.3.31",
"hostname",
"lazy_static",
@ -3170,7 +3067,7 @@ dependencies = [
"diesel",
"diesel_logger",
"diesel_migrations",
"env_logger 0.11.6",
"env_logger",
"futures 0.3.31",
"http 1.2.0",
"slog-scope",
@ -3202,7 +3099,7 @@ dependencies = [
"backtrace",
"cadence",
"deadpool",
"env_logger 0.11.6",
"env_logger",
"form_urlencoded",
"futures 0.3.31",
"google-cloud-rust-raw",
@ -3240,9 +3137,9 @@ checksum = "f764005d11ee5f36500a149ace24e00e3da98b0158b3e2d53a7495660d3f4d60"
[[package]]
name = "target-lexicon"
version = "0.12.16"
version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
checksum = "e502f78cdbb8ba4718f566c418c52bc729126ffd16baee5baa718cf25dd5a69a"
[[package]]
name = "term"
@ -3255,24 +3152,6 @@ dependencies = [
"winapi",
]
[[package]]
name = "termcolor"
version = "1.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755"
dependencies = [
"winapi-util",
]
[[package]]
name = "textwrap"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060"
dependencies = [
"unicode-width",
]
[[package]]
name = "thiserror"
version = "1.0.69"
@ -3414,6 +3293,7 @@ dependencies = [
"backtrace",
"http 1.2.0",
"jsonwebtoken",
"pyo3",
"serde 1.0.218",
"serde_json",
"syncserver-common",
@ -3430,7 +3310,7 @@ dependencies = [
"diesel",
"diesel_logger",
"diesel_migrations",
"env_logger 0.11.6",
"env_logger",
"futures 0.3.31",
"http 1.2.0",
"serde 1.0.218",
@ -3615,12 +3495,6 @@ dependencies = [
"tinyvec",
]
[[package]]
name = "unicode-width"
version = "0.1.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"
[[package]]
name = "unindent"
version = "0.2.4"
@ -3731,12 +3605,6 @@ version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]]
name = "vec_map"
version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
[[package]]
name = "version_check"
version = "0.9.5"
@ -3877,18 +3745,6 @@ dependencies = [
"rustls-pki-types",
]
[[package]]
name = "which"
version = "4.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
dependencies = [
"either",
"home",
"once_cell",
"rustix",
]
[[package]]
name = "winapi"
version = "0.3.9"

2
tokenserver-auth/Cargo.toml
View File

@ -28,7 +28,7 @@ syncserver-common = { path = "../syncserver-common" }
tokenserver-common = { path = "../tokenserver-common" }
tokenserver-settings = { path = "../tokenserver-settings" }
tokio = { workspace = true }
pyo3 = { version = "0.22", features = ["auto-initialize"], optional = true }
pyo3 = { version = "0.24", features = ["auto-initialize"], optional = true }
[dev-dependencies]

16
tokenserver-auth/src/oauth/py.rs
View File

@ -1,11 +1,13 @@
use async_trait::async_trait;
use jsonwebtoken::jwk::{AlgorithmParameters, Jwk, PublicKeyUse, RSAKeyParameters};
use pyo3::{
ffi::c_str,
prelude::{Py, PyAny, PyErr, PyModule, Python},
types::{IntoPyDict, PyAnyMethods, PyDictMethods, PyString},
types::{IntoPyDict, PyAnyMethods, PyString},
Bound,
};
use serde_json;
use std::ffi::CStr;
use syncserver_common::{BlockingThreadpool, Metrics};
use tokenserver_common::TokenserverError;
use tokenserver_settings::Settings;
@ -26,18 +28,16 @@ pub struct Verifier {
}
impl Verifier {
const FILENAME: &'static str = "verify.py";
pub fn new(
settings: &Settings,
blocking_threadpool: Arc<BlockingThreadpool>,
) -> Result<Self, TokenserverError> {
let inner: Py<PyAny> = Python::with_gil::<_, Result<Py<PyAny>, TokenserverError>>(|py| {
let code = include_str!("verify.py");
let module = PyModule::from_code_bound(py, code, Self::FILENAME, Self::FILENAME)
let code: &CStr = c_str!(include_str!("verify.py"));
let module = PyModule::from_code(py, code, c_str!("verify.py"), c_str!("verify.py"))
.map_err(pyerr_to_tokenserver_error)?;
let kwargs = {
let dict = [("server_url", &settings.fxa_oauth_server_url)].into_py_dict_bound(py);
let dict = [("server_url", &settings.fxa_oauth_server_url)].into_py_dict(py)?;
let parse_jwk = |jwk: &Jwk| {
let (n, e) = match &jwk.algorithm {
AlgorithmParameters::RSA(RSAKeyParameters { key_type: _, n, e }) => (n, e),
@ -71,7 +71,7 @@ impl Verifier {
("n", n),
("e", e),
]
.into_py_dict_bound(py);
.into_py_dict(py)?;
Ok(dict)
};
@ -85,7 +85,7 @@ impl Verifier {
(Some(jwk), None) | (None, Some(jwk)) => Some(vec![parse_jwk(jwk)?]),
(None, None) => None,
};
dict.set_item("jwks", jwks).unwrap();
dict.set_item("jwks", jwks)?;
dict
};
let object: Py<PyAny> = module

30
tokenserver-auth/src/token/py.rs
View File

@ -1,12 +1,17 @@
use crate::{MakeTokenPlaintext, TokenserverError};
use pyo3::{
prelude::{IntoPy, PyErr, PyModule, PyObject, Python},
types::{IntoPyDict, PyAnyMethods, PyDictMethods},
prelude::{IntoPyObject, PyErr, PyModule, Python},
types::{IntoPyDict, PyAnyMethods, PyDict},
Bound,
};
pub struct PyTokenlib {}
impl IntoPy<PyObject> for MakeTokenPlaintext {
fn into_py(self, py: Python<'_>) -> PyObject {
impl<'py> IntoPyObject<'py> for MakeTokenPlaintext {
type Target = PyDict;
type Output = Bound<'py, Self::Target>;
type Error = PyErr;
fn into_pyobject(self, py: Python<'py>) -> Result<Self::Output, Self::Error> {
let dict = [
("node", self.node),
("fxa_kid", self.fxa_kid),
@ -15,14 +20,14 @@ impl IntoPy<PyObject> for MakeTokenPlaintext {
("hashed_fxa_uid", self.hashed_fxa_uid),
("tokenserver_origin", self.tokenserver_origin.to_string()),
]
.into_py_dict_bound(py);
.into_py_dict(py)?;
// These need to be set separately since they aren't strings, and
// Rust doesn't support heterogeneous arrays
dict.set_item("expires", self.expires).unwrap();
dict.set_item("uid", self.uid).unwrap();
dict.set_item("expires", self.expires)?;
dict.set_item("uid", self.uid)?;
dict.into()
Ok(dict)
}
}
impl PyTokenlib {
@ -32,12 +37,15 @@ impl PyTokenlib {
) -> Result<(String, String), TokenserverError> {
Python::with_gil(|py| {
// `import tokenlib`
let module = PyModule::import_bound(py, "tokenlib")
let module = PyModule::import(py, "tokenlib")
.inspect_err(|e| e.print_and_set_sys_last_vars(py))?;
// `kwargs = { 'secret': shared_secret }`
let kwargs = [("secret", shared_secret)].into_py_dict_bound(py);
let kwargs = [("secret", shared_secret)].into_py_dict(py)?;
// `token = tokenlib.make_token(plaintext, **kwargs)`
let token = module
// Adding a note, since not having explicit string type resulted in a very pesky and hard to find
// error, described https://github.com/PyO3/pyo3/issues/4702. To reproduce, remove type annotation
// from token.
let token: String = module
.getattr("make_token")?
.call((plaintext,), Some(&kwargs))
.inspect_err(|e| e.print_and_set_sys_last_vars(py))

5
tokenserver-common/Cargo.toml
View File

@ -15,4 +15,9 @@ jsonwebtoken.workspace = true
thiserror.workspace = true
tokio.workspace = true
pyo3 = { version = "0.24", features = ["auto-initialize"], optional = true }
syncserver-common = { path = "../syncserver-common" }
[features]
default = ["py"]
py = ["pyo3"]

7
tokenserver-common/src/error.rs
View File

@ -3,6 +3,7 @@ use std::{cmp::PartialEq, error::Error, fmt};
use actix_web::{HttpResponse, ResponseError};
use backtrace::Backtrace;
use http::StatusCode;
use pyo3::prelude::PyErr;
use serde::{
ser::{SerializeMap, Serializer},
Serialize,
@ -328,6 +329,12 @@ impl InternalError for TokenserverError {
}
}
impl From<PyErr> for TokenserverError {
fn from(err: PyErr) -> Self {
InternalError::internal_error(err.to_string())
}
}
#[cfg(test)]
mod tests {
use super::TokenserverError;