fix(config): make ClientIpWhiteList.isOpen volatile and null-safe#14780
fix(config): make ClientIpWhiteList.isOpen volatile and null-safe#14780daguimu wants to merge 1 commit intoalibaba:developfrom
Conversation
|
Thanks for your this PR. 🙏 感谢您提交的PR。 🙏 |
The isOpen field is written by the config-load thread and read by HTTP request threads. Without volatile, changes may not be visible across threads due to the Java Memory Model. Additionally, acl.getIsOpen() returns a Boolean wrapper that can be null. Assigning a null Boolean to the previous Boolean field and then auto-unboxing it in isEnableWhitelist() (which returns primitive boolean) would throw NullPointerException. Change isOpen to volatile boolean and use Boolean.TRUE.equals() for null-safe assignment.
daguimu
force-pushed
the
fix/client-ip-whitelist-volatile
branch
from
9964119 to
aa0e159
Compare
|
@daguimu Hi, we are welcome you contribute nacos community and do many PR help nacos to do enhancement and bugfix. But I suggest you submit issue to describe issues before submit PRs. |
|
And welcome provide an dingtalk number, which we can invite you join the nacos community contributor groups. |
|
2 participants
Problem
ClientIpWhiteList.isOpenhas two issues:Visibility bug: The field is written by the config-load thread (in
load()) and read by HTTP request threads (inisEnableWhitelist()). Withoutvolatile, the Java Memory Model does not guarantee cross-thread visibility, so request threads may read a stale value indefinitely.NullPointerException risk:
isOpenis aBooleanwrapper, andacl.getIsOpen()can returnnullwhen the JSON field is absent. TheisEnableWhitelist()method returns primitiveboolean, so anullisOpenwould cause auto-unboxing NPE.Root Cause
private static Boolean isOpen = false;— notvolatile, not thread-safe for cross-thread reads/writes.isOpen = acl.getIsOpen();— no null guard, yet downstream returns primitiveboolean.Fix
Boolean isOpentovolatile boolean isOpenfor guaranteed visibility.Boolean.TRUE.equals(acl.getIsOpen())for null-safe assignment — treatsnullasfalse.Tests Added
isOpenfield is volatiletestIsOpenFieldIsVolatile()— reflection check on field modifierstestLoadValidContentEnablesWhitelist()— verifies isOpen=true and IP matchingtestLoadBlankContentDisablesWhitelist()— load then cleartestLoadNullIsOpenDoesNotThrowNpe()— JSON without isOpen fieldtestLoadWithIsOpenFalse()— explicit falsetestIsLegalClientThrowsOnBlankInput()— boundary checktestLoadInvalidJsonDoesNotCrash()— malformed inputImpact
Only affects
ClientIpWhiteListinternal state. No API or behavioral change for correctly-formed inputs — the fix prevents stale reads and NPE on malformed ACL config.