Page MenuHomePhabricator
Create Task
Maniphest T318359

Enable the Re-Entrant Evaluator, Allowing for Two-Way Communication between `function-orchestrator` and `function-evaluator`
Closed, ResolvedPublic
Actions

Description

The benefits of this approach are

  1. making it possible to call other Wikifunctions from within native code;
  2. opening the door for Wikifunctions as a library in various programming languages;
  3. potentially (in the future) alleviating the strict vs. lazy execution difficulties which arise due to the need to resolve an entire ZObject before sending it to the evaluator

We should consider the project and security ramifications of this.

The major security flaw identified is that a websocket creates a new vector for DDOS and other malicious behavior, e.g. a fork bomb within a piece of Python code that makes infinite recursive calls to Wikifunctions. We have a mitigation plan for this at the request level (limiting concurrent requests based on IP and user ID), but two-way communication opens an almost literal back door to circumvent that.

Details

SubjectRepoBranchLines +/-
Support the use of websockets for re-entrant function calls.mediawiki/services/function-orchestratormaster+136 -10
Update function-schemata sub-module to HEAD (35c403f)mediawiki/extensions/WikiLambdamaster+1 -1
Update function-schemata sub-module to HEAD (35c403f)mediawiki/tools/wikilambda-climaster+1 -1
Use websockets in addition to REST to run Python code with the possibility of re-entrance.mediawiki/services/function-evaluatormaster+221 -277
Update function-schemata sub-module to HEAD (0ca117d)mediawiki/services/function-orchestratormaster+1 -1
Update function-schemata sub-module to HEAD (0ca117d)mediawiki/services/function-evaluatormaster+1 -1
Create v0.0.2 of Avro schema.mediawiki/services/function-schematamaster+86 -19
Customize query in gerrit

Related Objects
Search...

Event Timeline

cmassaro created this task.Sep 22 2022, 4:32 PM
cmassaro added projects: function-orchestrator, function-evaluator.
cmassaro renamed this task from Consider Enabling the Re-Entrant Evaluator, Allowing for Two-Way Communication between `function-orchestrator` and `function-evaluator` to Enable the Re-Entrant Evaluator, Allowing for Two-Way Communication between `function-orchestrator` and `function-evaluator`.Oct 4 2022, 5:45 PM
DVrandecic moved this task from To Triage to Phase θ – Throttling on the Abstract Wikipedia team board.Oct 4 2022, 6:44 PM
DVrandecic edited projects, added Abstract Wikipedia team (Phase θ – Throttling); removed Abstract Wikipedia team.
cmassaro moved this task from Incoming to Ready: G6. Stable and secure running (Performance) on the Abstract Wikipedia team (Phase θ – Throttling) board.Oct 5 2022, 3:16 PM
cmassaro moved this task from Ready: G6. Stable and secure running (Performance) to Ready: G6. Stable & secure on the Abstract Wikipedia team (Phase θ – Throttling) board.Oct 5 2022, 3:52 PM
cmassaro claimed this task.Oct 26 2022, 9:57 PM
gerritbot added a comment.Oct 27 2022, 3:37 PM

Change 849703 had a related patch set uploaded (by Cory Massaro; author: Cory Massaro):

[mediawiki/services/function-schemata@master] Create v0.0.2 of Avro schema.

https://gerrit.wikimedia.org/r/849703

gerritbot added a project: Patch-For-Review.Oct 27 2022, 3:37 PM
cmassaro moved this task from Ready: G6. Stable & secure to Ready: G2. Correct & efficient on the Abstract Wikipedia team (Phase θ – Throttling) board.Oct 27 2022, 3:56 PM
gerritbot added a comment.Oct 27 2022, 9:22 PM

Change 802663 had a related patch set uploaded (by Cory Massaro; author: Cory Massaro):

[mediawiki/services/function-evaluator@master] Use websockets in addition to REST to run Python code with the possibility of re-entrance.

https://gerrit.wikimedia.org/r/802663

gerritbot added a comment.Oct 27 2022, 9:30 PM

Change 849703 merged by jenkins-bot:

[mediawiki/services/function-schemata@master] Create v0.0.2 of Avro schema.

https://gerrit.wikimedia.org/r/849703

Jdforrester-WMF mentioned this in rMSFS0ca117d21ccd: Create v0.0.2 of Avro schema..Oct 27 2022, 9:32 PM
gerritbot added a comment.Oct 28 2022, 3:05 PM

Change 850511 had a related patch set uploaded (by Cory Massaro; author: Cory Massaro):

[mediawiki/services/function-evaluator@master] Update function-schemata sub-module to HEAD (0ca117d)

https://gerrit.wikimedia.org/r/850511

gerritbot added a comment.Oct 28 2022, 3:06 PM

Change 850512 had a related patch set uploaded (by Cory Massaro; author: Cory Massaro):

[mediawiki/services/function-orchestrator@master] Update function-schemata sub-module to HEAD (0ca117d)

https://gerrit.wikimedia.org/r/850512

gerritbot added a comment.Oct 28 2022, 3:12 PM

Change 850512 merged by jenkins-bot:

[mediawiki/services/function-orchestrator@master] Update function-schemata sub-module to HEAD (0ca117d)

https://gerrit.wikimedia.org/r/850512

gerritbot added a comment.Oct 28 2022, 3:12 PM

Change 850511 merged by jenkins-bot:

[mediawiki/services/function-evaluator@master] Update function-schemata sub-module to HEAD (0ca117d)

https://gerrit.wikimedia.org/r/850511

cmassaro mentioned this in rMSFOc210e575494d: Update function-schemata sub-module to HEAD (0ca117d).Oct 28 2022, 3:12 PM
cmassaro mentioned this in rMSFE44c1b2946227: Update function-schemata sub-module to HEAD (0ca117d).
gerritbot added a comment.Oct 28 2022, 3:27 PM

Change 822182 had a related patch set uploaded (by Cory Massaro; author: Cory Massaro):

[mediawiki/services/function-orchestrator@master] socket

https://gerrit.wikimedia.org/r/822182

gerritbot added a comment.Nov 1 2022, 1:27 PM

Change 851627 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/tools/wikilambda-cli@master] Update function-schemata sub-module to HEAD (35c403f)

https://gerrit.wikimedia.org/r/851627

gerritbot added a comment.Nov 1 2022, 1:27 PM

Change 851628 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/extensions/WikiLambda@master] Update function-schemata sub-module to HEAD (35c403f)

https://gerrit.wikimedia.org/r/851628

gerritbot added a comment.Nov 1 2022, 1:32 PM

Change 802663 merged by jenkins-bot:

[mediawiki/services/function-evaluator@master] Use websockets in addition to REST to run Python code with the possibility of re-entrance.

https://gerrit.wikimedia.org/r/802663

cmassaro mentioned this in rMSFE27fb459ab93b: Use websockets in addition to REST to run Python code with the possibility of….Nov 1 2022, 1:33 PM
gerritbot added a comment.Nov 4 2022, 4:18 PM

Change 851627 merged by jenkins-bot:

[mediawiki/tools/wikilambda-cli@master] Update function-schemata sub-module to HEAD (35c403f)

https://gerrit.wikimedia.org/r/851627

Jdforrester-WMF mentioned this in rMTWC5c2984a1b8a4: Update function-schemata sub-module to HEAD (35c403f).Nov 4 2022, 4:28 PM
gerritbot added a comment.Nov 4 2022, 5:56 PM

Change 851628 merged by jenkins-bot:

[mediawiki/extensions/WikiLambda@master] Update function-schemata sub-module to HEAD (35c403f)

https://gerrit.wikimedia.org/r/851628

gerritbot added a comment.Nov 7 2022, 3:25 PM

Change 822182 merged by jenkins-bot:

[mediawiki/services/function-orchestrator@master] Support the use of websockets for re-entrant function calls.

https://gerrit.wikimedia.org/r/822182

Jdforrester-WMF mentioned this in rMSFO2ac357732f49: Support the use of websockets for re-entrant function calls..Nov 7 2022, 3:27 PM
cmassaro removed a subtask: T321866: Create Re-Entrant Evaluator for JavaScript and Fix Re-Entrancy for Python.Nov 7 2022, 4:45 PM
cmassaro moved this task from Ready: G2. Correct & efficient to QA / Ready to close on the Abstract Wikipedia team (Phase θ – Throttling) board.Nov 7 2022, 6:31 PM
DVrandecic added a subtask: T323046: Implement per-request timeout / resource consumption limits in the evaluator.Dec 7 2022, 11:50 PM
DVrandecic closed this task as Resolved.Dec 22 2022, 12:33 AM
Jdforrester-WMF closed subtask T323046: Implement per-request timeout / resource consumption limits in the evaluator as Resolved.Jan 9 2023, 4:51 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits