Skip to content

fix(cloudwatch): guard Insights/filter-pattern panics, evaluate metric+composite alarms, list pagination#2247

Merged
vieiralucas merged 1 commit into
mainfrom
worktree-cloudwatch-hardening
Jul 14, 2026
Merged

fix(cloudwatch): guard Insights/filter-pattern panics, evaluate metric+composite alarms, list pagination#2247
vieiralucas merged 1 commit into
mainfrom
worktree-cloudwatch-hardening

Conversation

@vieiralucas

@vieiralucas vieiralucas commented Jul 13, 2026

Copy link
Copy Markdown
Member

Summary

Behavioral hardening of CloudWatch + Logs — two reachable request-path panics (DoS), an entirely-stubbed alarm-evaluation subsystem, and list-pagination gaps the conformance probe can't see.

Panics (DoS):

  • C1 Logs Insights query parser sliced out of range on a malformed stored query (filter x like /, filter x = ") — now length-guarded, returns a validation error.
  • C2 Logs filter-pattern engine sliced on a non-char boundary for any non-ASCII JSON pattern ({ café }); one bad stored PutMetricFilter panicked every subsequent JSON PutLogEvents. Now iterates on char boundaries.

Alarm evaluation (was entirely stubbed — no-stub rule):

  • H5 metric alarms are now evaluated from stored datapoints over evaluationPeriods × period applying comparison/threshold/datapointsToAlarm/statistic/treatMissingData (new alarm_eval.rs).
  • H3 composite AlarmRule is parsed (ALARM/OK/INSUFFICIENT_DATA, AND/OR/NOT, parens) and evaluated against child alarms; malformed rules rejected.
  • H4 SetAlarmState can now target composite alarms.

Correctness: M1 accept epoch-second timestamps on JSON-protocol input; M2 Insights like /regex/ compiles a real regex; M3 stable pagination cursor (new LogEvent.seq, not array index — all cross-crate ctors updated); M4 apply maxResults + emit nextToken across list ops; L4 reject empty/malformed InputLogEvents; metric_math recursion depth guard.

Test plan

  • cargo test -p fakecloud-cloudwatch -p fakecloud-logs — 52 + 308 pass, incl. new tests: malformed-query/non-ASCII-pattern no-panic, metric-alarm ALARM/OK transitions, composite-rule evaluation, epoch timestamps, regex like, stable pagination.
  • cargo build --workspace clean (new LogEvent.seq field propagated to every ctor incl. the eventbridge→logs delivery path). CI runs full clippy + conformance + e2e.

Summary by cubic

Hardened CloudWatch and Logs to prevent crashes, add real alarm evaluation, and make pagination and timestamps consistent. This improves correctness under malformed input and keeps queries and listings stable.

  • New Features

    • CloudWatch: evaluate metric alarms from stored datapoints and composite AlarmRule expressions; states update during DescribeAlarms; SetAlarmState now works for composite alarms.
    • Logs: like /regex/ compiles and matches real regex; list endpoints apply maxResults and return nextToken (DescribeExportTasks, ListQueries, ListQueryDefinitions).
    • Inputs: accept epoch-second timestamps in JSON/X-Amz-Target requests (e.g., PutMetricData, time filters).
  • Bug Fixes

    • Prevented two panics: Insights parser now errors on malformed filter (e.g., like /, unterminated quotes), and filter-pattern scanning uses char boundaries (no non-ASCII slice panic).
    • Query safety: StartQuery rejects malformed queries with MalformedQueryException; GetQueryResults handles stored bad queries without panicking.
    • Pagination and validation: FilterLogEvents cursors are stable using per-stream sequence ids; PutLogEvents rejects empty batches and events missing timestamp or message; metric math parser has a recursion-depth guard.

Written for commit 369fdfc. Summary will update on new commits.

Review in cubic

…c+composite alarms, list pagination

cloudwatch:
- H5: implement metric-alarm evaluation (new alarm_eval.rs) — compute state from
  stored datapoints over evaluation_periods x period with comparison_operator/
  threshold/datapoints_to_alarm/statistic/treat_missing_data
- H3: parse + evaluate composite AlarmRule (ALARM/OK/INSUFFICIENT_DATA, AND/OR/NOT)
  against child alarms; reject malformed rules
- H4: SetAlarmState can target composite alarms
- M1: accept epoch-second timestamps on JSON-protocol input parses
- metric_math: recursion depth guard
logs:
- C1: guard Insights query parser slices (no panic on 'filter x like /' etc.)
- C2: filter-pattern engine iterates on char boundaries (no non-ASCII panic)
- M2: 'like /regex/' compiles a real regex
- M3: stable pagination cursor via LogEvent.seq (not array index)
- M4: apply maxResults + emit nextToken across list ops
- L4: reject empty/malformed InputLogEvents
@vieiralucas vieiralucas merged commit b9e2e04 into main Jul 14, 2026
155 checks passed
@vieiralucas vieiralucas deleted the worktree-cloudwatch-hardening branch July 14, 2026 00:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant