fix: guard RESP parser against deeply nested aggregate replies (#4116) #8695
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**/*.rst' | |
| - '**/*.md' | |
| branches: | |
| - master | |
| - '[0-9].[0-9]' | |
| pull_request: | |
| branches: | |
| - master | |
| - '[0-9].[0-9]' | |
| schedule: | |
| - cron: '0 1 * * *' # nightly build | |
| concurrency: | |
| group: ${{ github.event.pull_request.number || github.ref }}-integration | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| # this speeds up coverage with Python 3.12: https://github.com/nedbat/coveragepy/issues/1665 | |
| COVERAGE_CORE: sysmon | |
| # patch releases get included in the base version image when they are published | |
| # for example after 8.2.1 is published, 8.2 image contains 8.2.1 content | |
| CURRENT_REDIS_VERSION: '8.8.0' | |
| REDIS_VERSION_CUSTOM_MAP: >- | |
| 8.8:8.8.0 | |
| jobs: | |
| dependency-audit: | |
| name: Dependency audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: pypa/gh-action-pip-audit@v1.0.8 | |
| with: | |
| inputs: dev_requirements.txt | |
| ignore-vulns: | | |
| GHSA-w596-4wvx-j9j6 # subversion related git pull, dependency for pytest. There is no impact here. | |
| CVE-2026-34073 # DNS name constraints were validated only against SANs, not against the peer name used in verification | |
| # Update version when msal dependency in entraid is updated | |
| CVE-2026-4539 # pygments ReDoS in AdlLexer, local access only, no fix available yet | |
| lint: | |
| name: Code linters | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.10" | |
| cache: 'pip' | |
| - name: run code linters | |
| run: | | |
| pip install -r dev_requirements.txt | |
| pip uninstall -y redis # uninstall Redis package installed via redis-entraid | |
| invoke linters | |
| redis_version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| CURRENT: ${{ env.CURRENT_REDIS_VERSION }} | |
| steps: | |
| - name: Compute outputs | |
| run: | | |
| echo "CURRENT=${{ env.CURRENT_REDIS_VERSION }}" >> $GITHUB_OUTPUT | |
| tests: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| needs: redis_version | |
| strategy: | |
| max-parallel: 30 | |
| fail-fast: false | |
| matrix: | |
| redis-version: ['${{ needs.redis_version.outputs.CURRENT }}', '8.6.3', '8.4.3', '8.2.6', '8.0.6' ,'7.4.9', '7.2.14'] | |
| python-version: ['3.10', '3.14'] | |
| parser-backend: ['plain'] | |
| event-loop: ['asyncio'] | |
| test-config: | |
| - fixed-clients | |
| - default-legacy_responses-standalone | |
| - default-legacy_responses-cluster | |
| - default-unified_responses-standalone | |
| - default-unified_responses-cluster | |
| - 2-legacy_responses-standalone | |
| - 2-legacy_responses-cluster | |
| - 2-unified_responses-standalone | |
| - 2-unified_responses-cluster | |
| - 3-legacy_responses-standalone | |
| - 3-legacy_responses-cluster | |
| - 3-unified_responses-standalone | |
| - 3-unified_responses-cluster | |
| env: | |
| ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
| name: Redis ${{ matrix.redis-version }}; Python ${{ matrix.python-version }}; RESP Parser:${{matrix.parser-backend}}; EL:${{matrix.event-loop}}; Config:${{matrix.test-config}} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run tests | |
| uses: ./.github/actions/run-tests | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| parser-backend: ${{ matrix.parser-backend }} | |
| redis-version: ${{ matrix.redis-version }} | |
| test-config: ${{ matrix.test-config }} | |
| # Fold the MultiDBClient (active-active) integration tests into an | |
| # existing matrix cell instead of a dedicated job, so no extra CI | |
| # runners are added. Run them once, on the current Redis version's | |
| # cluster cell. | |
| run-multidb-integration: ${{ (matrix.redis-version == needs.redis_version.outputs.CURRENT && matrix.test-config == 'default-unified_responses-cluster') && 'true' || 'false' }} | |
| python-compatibility-tests: | |
| runs-on: ubuntu-latest | |
| needs: [ redis_version ] | |
| timeout-minutes: 60 | |
| strategy: | |
| max-parallel: 30 | |
| fail-fast: false | |
| matrix: | |
| redis-version: [ '${{ needs.redis_version.outputs.CURRENT }}' ] | |
| python-version: ['3.11', '3.12', '3.13'] | |
| parser-backend: [ 'plain' ] | |
| event-loop: [ 'asyncio' ] | |
| test-config: | |
| - fixed-clients | |
| - default-legacy_responses-standalone | |
| - default-legacy_responses-cluster | |
| - default-unified_responses-standalone | |
| - default-unified_responses-cluster | |
| - 2-legacy_responses-standalone | |
| - 2-legacy_responses-cluster | |
| - 2-unified_responses-standalone | |
| - 2-unified_responses-cluster | |
| - 3-legacy_responses-standalone | |
| - 3-legacy_responses-cluster | |
| - 3-unified_responses-standalone | |
| - 3-unified_responses-cluster | |
| env: | |
| ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
| name: Redis ${{ matrix.redis-version }}; Python ${{ matrix.python-version }}; RESP Parser:${{matrix.parser-backend}}; EL:${{matrix.event-loop}}; Config:${{matrix.test-config}} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run tests | |
| uses: ./.github/actions/run-tests | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| parser-backend: ${{ matrix.parser-backend }} | |
| redis-version: ${{ matrix.redis-version }} | |
| test-config: ${{ matrix.test-config }} | |
| pypy-compatibility-tests: | |
| runs-on: ubuntu-latest | |
| needs: [ redis_version ] | |
| # in pipeline ofter these pypy jobs hang, so their timeout is set | |
| # to just 50 minutes - close to the max time the jobs are running at the moment | |
| # adding more tests will make them even slower, and we will need to adjust the timeout | |
| timeout-minutes: 50 | |
| strategy: | |
| max-parallel: 30 | |
| fail-fast: false | |
| matrix: | |
| redis-version: [ '${{ needs.redis_version.outputs.CURRENT }}' ] | |
| python-version: ['pypy-3.10', 'pypy-3.11'] | |
| parser-backend: [ 'plain' ] | |
| event-loop: [ 'asyncio' ] | |
| test-config: | |
| - fixed-clients | |
| - default-legacy_responses-standalone | |
| - default-legacy_responses-cluster | |
| - default-unified_responses-standalone | |
| - default-unified_responses-cluster | |
| - 2-legacy_responses-standalone | |
| - 2-legacy_responses-cluster | |
| - 2-unified_responses-standalone | |
| - 2-unified_responses-cluster | |
| - 3-legacy_responses-standalone | |
| - 3-legacy_responses-cluster | |
| - 3-unified_responses-standalone | |
| - 3-unified_responses-cluster | |
| env: | |
| ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
| name: PyPy Redis ${{ matrix.redis-version }}; ${{ matrix.python-version }}; RESP Parser:${{matrix.parser-backend}}; EL:${{matrix.event-loop}}; Config:${{matrix.test-config}} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run tests | |
| uses: ./.github/actions/run-tests | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| parser-backend: ${{ matrix.parser-backend }} | |
| redis-version: ${{ matrix.redis-version }} | |
| test-config: ${{ matrix.test-config }} | |
| hiredis-tests: | |
| runs-on: ubuntu-latest | |
| needs: [redis_version] | |
| timeout-minutes: 60 | |
| strategy: | |
| max-parallel: 30 | |
| fail-fast: false | |
| matrix: | |
| redis-version: [ '${{ needs.redis_version.outputs.CURRENT }}' ] | |
| python-version: [ '3.10', '3.14'] | |
| parser-backend: [ 'hiredis' ] | |
| hiredis-version: [ '>=3.2.0', '<3.0.0' ] | |
| event-loop: [ 'asyncio' ] | |
| test-config: | |
| - fixed-clients | |
| - default-legacy_responses-standalone | |
| - default-legacy_responses-cluster | |
| - default-unified_responses-standalone | |
| - default-unified_responses-cluster | |
| - 2-legacy_responses-standalone | |
| - 2-legacy_responses-cluster | |
| - 2-unified_responses-standalone | |
| - 2-unified_responses-cluster | |
| - 3-legacy_responses-standalone | |
| - 3-legacy_responses-cluster | |
| - 3-unified_responses-standalone | |
| - 3-unified_responses-cluster | |
| env: | |
| ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
| name: Redis ${{ matrix.redis-version }}; Python ${{ matrix.python-version }}; RESP Parser:${{matrix.parser-backend}} (${{ matrix.hiredis-version }}); EL:${{matrix.event-loop}}; Config:${{matrix.test-config}} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run tests | |
| uses: ./.github/actions/run-tests | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| parser-backend: ${{ matrix.parser-backend }} | |
| redis-version: ${{ matrix.redis-version }} | |
| hiredis-version: ${{ matrix.hiredis-version }} | |
| test-config: ${{ matrix.test-config }} | |
| uvloop-tests: | |
| runs-on: ubuntu-latest | |
| needs: [redis_version] | |
| timeout-minutes: 60 | |
| strategy: | |
| max-parallel: 30 | |
| fail-fast: false | |
| matrix: | |
| redis-version: [ '${{ needs.redis_version.outputs.CURRENT }}' ] | |
| python-version: [ '3.10', '3.14' ] | |
| parser-backend: [ 'plain' ] | |
| event-loop: [ 'uvloop' ] | |
| test-config: | |
| - fixed-clients | |
| - default-legacy_responses-standalone | |
| - default-legacy_responses-cluster | |
| - default-unified_responses-standalone | |
| - default-unified_responses-cluster | |
| - 2-legacy_responses-standalone | |
| - 2-legacy_responses-cluster | |
| - 2-unified_responses-standalone | |
| - 2-unified_responses-cluster | |
| - 3-legacy_responses-standalone | |
| - 3-legacy_responses-cluster | |
| - 3-unified_responses-standalone | |
| - 3-unified_responses-cluster | |
| env: | |
| ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
| name: Redis ${{ matrix.redis-version }}; Python ${{ matrix.python-version }}; RESP Parser:${{matrix.parser-backend}}; EL:${{matrix.event-loop}}; Config:${{matrix.test-config}} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Run tests | |
| uses: ./.github/actions/run-tests | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| parser-backend: ${{ matrix.parser-backend }} | |
| redis-version: ${{ matrix.redis-version }} | |
| event-loop: ${{ matrix.event-loop }} | |
| test-config: ${{ matrix.test-config }} | |
| build-and-test-package: | |
| name: Validate building and installing the package | |
| runs-on: ubuntu-latest | |
| needs: [redis_version] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| extension: ['tar.gz', 'whl'] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.10" | |
| - name: Run installed unit tests | |
| env: | |
| CLIENT_LIBS_TEST_IMAGE_TAG: ${{ env.CURRENT_REDIS_VERSION }} | |
| CLIENT_LIBS_TEST_STACK_IMAGE_TAG: ${{ env.CURRENT_REDIS_VERSION }} | |
| run: | | |
| bash .github/workflows/install_and_test.sh ${{ matrix.extension }} | |
| install-package-from-commit: | |
| name: Install package from commit hash | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ['3.10', '3.11', '3.12', '3.13', '3.14', 'pypy-3.10', 'pypy-3.11'] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: install from pip | |
| run: | | |
| pip install --quiet git+${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git@${GITHUB_SHA} |