Skip to content

fix(sdk): Fix the bug in ResourceLocator serialization logic #2791

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 17, 2025
Merged

fix(sdk): Fix the bug in ResourceLocator serialization logic #2791

merged 4 commits into from
Oct 17, 2025

Conversation

sujankota
Copy link
Contributor

@sujankota sujankota commented Oct 7, 2025
edited
Loading

Proposed Changes

The setURLWithIdentifier function has been updated to correctly pad the rl.identifier field with null bytes (\x00) to the required length (2, 8, or 32 bytes) before it is written. This ensures that the serialized identifier always matches the length indicated by its protocol flag, allowing readResourceLocator to parse it correctly during decryption.

This change aligns the HTTPS identifier handling with the existing HTTP identifier padding logic, ensuring consistency and correctness across protocols.

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@sujankota sujankota requested review from a team as code owners October 7, 2025 18:49
@github-actions github-actions bot added the comp:sdk A software development kit, including library, for client applications and inter-service communicati label Oct 7, 2025
@gemini-code-assist
Copy link
Contributor

Summary of Changes

Hello @sujankota, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug in the ResourceLocator serialization within the SDK. The fix involves refining the identifier handling logic by introducing null-byte padding to ensure that identifiers always conform to their specified byte lengths (2, 8, or 32 bytes). This change prevents potential issues with inconsistent identifier lengths during serialization and deserialization, thereby improving the robustness and reliability of resource location.

Highlights

  • Identifier Padding Logic: Introduced null-byte padding for identifiers in ResourceLocator to ensure they always reach their expected byte length (2, 8, or 32 bytes) during serialization.
  • Corrected Identifier Length Checks: Adjusted the conditional checks for identifier lengths to use constants (identifier2ByteLength, identifier8ByteLength, identifier32ByteLength) and ensure correct range handling (e.g., > identifier2ByteLength instead of >= 3).
  • Bug Fix in Serialization: Resolved a bug in the ResourceLocator serialization logic where identifiers were not consistently padded, potentially leading to incorrect deserialization or data interpretation.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Short string, needs more space, Null bytes fill the empty gap, Data now aligns.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@github-actions github-actions bot added the size/s label Oct 7, 2025
gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 7, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request correctly fixes a bug in the ResourceLocator serialization logic by adding the necessary padding to identifiers. However, the implementation introduces significant code duplication between the handling of HTTP and HTTPS protocols. I've added comments with suggestions to refactor this to improve maintainability and avoid future inconsistencies. Additionally, it appears that unit tests covering this specific padding logic are missing. I strongly recommend adding tests to verify that identifiers are correctly padded to prevent regressions.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 7, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 156.491115ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 102.780316ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 357.46188ms
Throughput 279.75 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.972284128s
Average Latency 387.161084ms
Throughput 128.30 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.362537048s
Average Latency 272.922148ms
Throughput 182.73 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 7, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 167.832505ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 101.516726ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 358.637325ms
Throughput 278.83 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.283140579s
Average Latency 381.429681ms
Throughput 130.61 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.036118067s
Average Latency 269.307623ms
Throughput 184.94 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 7, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 154.208548ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 89.61928ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 375.371095ms
Throughput 266.40 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.646336098s
Average Latency 404.891396ms
Throughput 123.01 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 28.434359814s
Average Latency 283.205289ms
Throughput 175.84 requests/second

@sujankota sujankota enabled auto-merge October 8, 2025 14:30
@github-actions
Copy link
Contributor

github-actions bot commented Oct 9, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 179.336644ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 116.00985ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 380.317819ms
Throughput 262.94 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.385890559s
Average Latency 412.311737ms
Throughput 120.81 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 28.52583095s
Average Latency 284.306599ms
Throughput 175.28 requests/second

@sujankota sujankota added this pull request to the merge queue Oct 17, 2025
Merged via the queue into main with commit 01329d6 Oct 17, 2025
32 checks passed
@sujankota sujankota deleted the fix/DSPX-1731 branch October 17, 2025 12:09
@opentdf-automation opentdf-automation bot mentioned this pull request Oct 17, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Oct 21, 2025
@opentdf-automation
chore(main): release sdk 0.10.0 (#2801)
ebdc8bf 
🤖 I have created a release *beep* *boop*
---


##
[0.10.0](sdk/v0.9.0...sdk/v0.10.0)
(2025-10-21)


### Features

* **policy:** Proto - root certificates by namespace
([#2800](#2800))
([0edb359](0edb359))
* **policy:** Protos List obligation triggers
([#2803](#2803))
([b32df81](b32df81))
* **sdk:** Add obligations support.
([#2759](#2759))
([3cccfd2](3cccfd2))
* **sdk:** Call init if obligations are empty.
([#2825](#2825))
([14191e4](14191e4))


### Bug Fixes

* **deps:** bump github.com/opentdf/platform/lib/ocrypto from 0.6.0 to
0.7.0 in /sdk ([#2810](#2810))
([1c5cf5f](1c5cf5f))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.12.0 to
0.13.0 in /sdk
([#2813](#2813))
([1643ed2](1643ed2))
* **sdk:** Fix the bug in ResourceLocator serialization logic
([#2791](#2791))
([01329d6](01329d6))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmihalcik-virtru dmihalcik-virtru dmihalcik-virtru approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

comp:sdk A software development kit, including library, for client applications and inter-service communicati size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sujankota @dmihalcik-virtru