Support StrictRedis.eval for Lua scripts

[blfoster]

Fixes jamesls#176

[coveralls]

Coverage decreased (-0.04%) to 97.949% when pulling 507a125 on amplifylitco:master into 9f881a8 on ska-sa:master.

[coveralls]

Coverage increased (+0.04%) to 98.024% when pulling 9f4d910 on amplifylitco:master into 9f881a8 on ska-sa:master.

[blfoster]

Coveralls report shows that new code has 100% coverage. I'm not sure why it reports a net decrease. The uncovered line seems unrelated to this PR.

[bmerry]

Thanks, I'll take a look soon. What happens if the user doesn't have Lua installed? Ideally it should gracefully fall back to not supporting the eval command, rather than being a hard requirement.

[blfoster]

Thanks. I'm testing it now on a clean install of Linux Mint without Lua, and it works fine. I don't have a great explanation for how that is possible at the moment. I would need to dig into the lupa source a bit more. I can look at that in the morning.

[bmerry]

Is it possible that lupa is bundling a local copy of Lua in a binary wheel? That might be something that will work only for people using platforms for which lupa ships a wheel.

[bmerry]

There are presumably attributes of self that shouldn't be visible to Lua - for a start, anything with an underscore prefix, plus things like delete and from_url. Also, when self is a FakeRedis rather than a FakeStrictRedis, it presumably should use the overload from the FakeStrictRedis base class.

[blfoster]

Probably yes. This is a bit of a hack, but I figure the tradeoff is that it doesn't have a huge mapping from Redis commands to Python functions that needs to be maintained as more Redis functions get added. I'll make it a bit more selective.

[blfoster]

It looks like Lupa includes the Lua source, which it builds as a fallback in the event that it can't find Lua installed locally.

[bmerry]

It looks like Lupa includes the Lua source, which it builds as a fallback in the event that it can't find Lua installed locally.

I'd prefer not to make a compiler (or an already-installed Lua) a hard requirement. I would suggest

• importing lupa locally in the eval function; and
• declaring it as an extras_require in setup.py.

[blfoster]

Code review fallout is complete.

[bmerry]

I still need to go through the docs to see if I missed anything.

Okay, let me know when you think it's all covered and I'll take another look.

[blfoster]

@bmerry I've added a bunch more tests and fixed some more issues. It seems that you're more familiar with Redis than I, so you may find that I've missed something, but it looks pretty good to me.

[bmerry]

I've added a bunch more tests and fixed some more issues. It seems that you're more familiar with Redis than I, so you may find that I've missed something, but it looks pretty good to me.

Great. I'll look over it again next week. Coveralls seems to indicate that there is an exception handler that isn't being covered by the tests - can you take a look?

[blfoster]

Oops, I don't think that exception handler is necessary. I took it out.

[bmerry]

Can you change this to "Development version". There is some possibility of re-merging with fakeredis, so I don't want to make assumptions about version numbers yet.

[blfoster]

Done.

[bmerry]

Can you put the description into the bullet point (to make the format of the other changelog entries).

[blfoster]

Done.

[bmerry]

You can delete the docstring. It's assumed that people will refer to redis-py for docs.

[blfoster]

Done.

[bmerry]

I imagine this will go wrong if numkeys is out of range; it should probably raise a ResponseError.

[blfoster]

Indeed.

[blfoster]

Fixed, along with a bunch of other edge cases.

[bmerry]

I don't think this is a good approach to preventing global variables being created: it doesn't make the script itself error out, and it doesn't actually prevent the globals from polluting the namespace.

Here is the code in redis itself that implements the protection. It may need some tweaks to adapt it - unfortunately I've never programmed in Lua so I'm not sure.

See also the function above the code in that link - it appears to disable readfile and dofile, presumably for security reasons.

[blfoster]

I think this is actually safe, because if we try to set a global variable and error out, the LuaRuntime instance will never be used again; if we try to run another Lua script, we'll get a new LuaRuntime, which will not have that global variable set. Unless there's something I'm missing. I do think this way is a bit more readable, but perhaps that's because I don't know Lua. I could add a few more lines to the unit test asserting that trying to set a global variable can't have a side effect...

[bmerry]

I hadn't spotted that the runtime gets discarded each time, so it's safer than I thought. I think it will still be different to real redis if a script sets a global variable, then modifies the database: in real redis it would error out as soon as it tries to set the global, whereas in this implementation it will get to modify the database before the error. Another case that will probably behave differently is a script that creates a global and then deletes it again, before your check.

We're starting to get to the point of diminishing returns. If you've got the time and energy to test it and fix things up, then go for it, but I realise that I've made you do a lot more work than you probably expected when you started. If you're running out of steam then this is something that can be left for another day.

[blfoster]

👍 I don't think it should be possible to modify the database either after setting a global, because _lua_redis_call calls _check_for_lua_globals before executing any command that could change the database.

[bmerry]

Aha, I'd missed that subtlety too. So then probably the only case that'll behave differently is if the script creates a global and deletes it again.

[blfoster]

Yep. I'll leave that alone for now if you're ok with it.

[bmerry]

This whole statement can go on one line.

[bmerry]

I don't think this test is testing what is implied by the name. redis-py converts all arguments through its to_bytes, so None as an argument becomes the string "None" in the script, rather than false. The following test currently fails (but passes for real redis):

        val = self.redis.eval('return ARGV[1] == "None"', 0, None)
        self.assertTrue(val)

[blfoster]

Huh, something went wrong here. I'll sort it out...

[blfoster]

Fixed.

[bmerry]

I think you need to catch more than just LuaSyntaxError. The following test fails with a LuaError.

    def test_eval_runtime_error(self):
        with self.assertRaises(ResponseError):
            self.redis.eval('error("CRASH")', 0)

[blfoster]

Fixed.

[bmerry]

It seems a bit odd to convert to uppercase for this check and then to lowercase to actually make the call. How about just expressing the whitelist in lowercase?

[blfoster]

Heh, the commands are uppercase because that's the way they were written in the Redis documentation I copied this from. I'll change it to lowercase.

[blfoster]

Done.

[bmerry]

This can go on one line.

[blfoster]

Done.

[blfoster]

There are some more subtleties to the numkeys argument (in addition to not being negative), which I've added. I'll push those in a few minutes when I have tests.

[blfoster]

Ready for review again.

[bmerry]

I'm going to merge this because I think it's at a point where it is a solid useful contribution - thanks! There are still some other things that could be done if you're feeling keen to work on them in a new PR. If not I can file them as bugs to be worked on later:

• The other script related commands (EVALSHA, SCRIPT LOAD etc)
• The Script convenience class provided by redis-py on top of the raw commands
• Loading modules like bitop, cjson etc
• Some environmental differences e.g. corner cases in global variable handling we've discussed, blocking database modifications after calling non-deterministic functions, removal of dofile and readfile. This is probably a rabbit-hole though.