metaflow-service
metaflow-service copied to clipboard
Harden service against ID length overflows
Right now, various Metaflow Ids (e.g. flow ids, run ids, etc.) are passed straight from client request to Postgres SQL query without any validation.
With the advent of tag mutation CLI, it is now more likely for the service to receive invalid (not necessarily maliciously) ids. E.g. a local metadata service generated run id string based on epoch time ms will overflow on Postgres as a run number.
This issue suggests we harden all IDs referenced in a client request (e.g. could be part of URL params, or body), and have the service respond with appropriate error responses to the user (rather than raw Postgres errors).