fix: prevent CPU runaway in HttpNodesStatsAction JSON parsing#18
Merged
fix: prevent CPU runaway in HttpNodesStatsAction JSON parsing#18
Conversation
Three parse methods introduced in #14 were missing `parser.nextToken()` before calling `consumeObject()` or sub-parse methods when the current token was START_OBJECT. This caused `consumeObject()` to consume tokens beyond its scope (including sibling fields), corrupting the parser state and eventually leading to an infinite loop at EOF — spinning all eshttp threads at 100% CPU each. Fixes: - Add `parser.nextToken()` in parseSearchBackpressureStats, parseTaskCancellationStats, and parseSearchPipelineStats - Add null-token (EOF) guards in fromXContent, parseNodes, parseNodeStats, and consumeObject to throw IOException instead of spinning - Add START_ARRAY handling in consumeObject - Remove orphan `new ArrayList<>()` in parseNodeStats Tests: add 61 unit tests covering token boundary verification, field ordering, multiple nodes, partial sub-fields, deeply nested structures, truncated JSON, and concurrent parsing.
- Fix fromXContent to call nextToken() when parser is uninitialized (currentToken is null before first read), preventing false EOF detection that broke integration tests - Change test log level from ALL to INFO in 5 integration test classes to reduce output from ~30k lines to ~1k lines for GitHub Actions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
parser.nextToken()in three parse methods (parseSearchBackpressureStats,parseTaskCancellationStats,parseSearchPipelineStats) introduced in feat(action): add HTTP action implementations for cluster and node APIs #14START_ARRAYhandling inconsumeObjectand remove orphannew ArrayList<>()Root Cause
When
consumeObject()or sub-parse methods were called with the parser atSTART_OBJECT(without first callingparser.nextToken()to advance into the object),consumeObject()consumed not only the target object but also all sibling fields up to the parent'sEND_OBJECT. This caused cascading scope corruption:parseNodeStatswould exit at the wrongEND_OBJECT,parseNodeswould read past the JSON stream end, andnull != END_OBJECTwould evaluate totrueindefinitely — an infinite busy loop.Each periodic
_nodes/statsAPI call spawned a new thread that got stuck, accumulating to 1098% CPU usage.Test plan
mvn formatter:format && mvn license:formatapplied