The Source model assumes that its star attribute will return either zero or one SourceStar instance:
|
star = relationship("SourceStar", uselist=False, backref="source") |
But SourceStar.source_id has no uniqueness constraint and is implicitly many-to-one:
|
class SourceStar(db.Model): |
|
__tablename__ = "source_stars" |
|
id = Column("id", Integer, primary_key=True) |
|
source_id = Column("source_id", Integer, ForeignKey("sources.id")) |
Two "star source" operations for source s could race and each result in a separate SourceStar(source_id=s.id) record, which would cause subsequent one_or_none() queries to raise MultipleResultsFound.
Summarized from findings by Claude while investigating other data races. It's not obvious to me from GitHub history why SourceStar is a separate model rather than a Boolean attribute on Source itself, but that's a bigger refactoring than just making sure there is exactly either zero or one of them for a given source.
The
Sourcemodel assumes that itsstarattribute will return either zero or oneSourceStarinstance:securedrop/securedrop/models.py
Line 93 in 33d51db
But
SourceStar.source_idhas no uniqueness constraint and is implicitly many-to-one:securedrop/securedrop/models.py
Lines 465 to 468 in 33d51db
Two "star source" operations for source
scould race and each result in a separateSourceStar(source_id=s.id)record, which would cause subsequentone_or_none()queries to raiseMultipleResultsFound.Summarized from findings by Claude while investigating other data races. It's not obvious to me from GitHub history why
SourceStaris a separate model rather than a Boolean attribute onSourceitself, but that's a bigger refactoring than just making sure there is exactly either zero or one of them for a given source.