Proposed Design for PP-464

Owned by Prakash Varandani
Last updated: Nov 29, 2017

PP-464 - Getting issue details... STATUS

forum discussion/EDD review

Interface: Server accounting logs: 

  • Visibility: Public
  • Change Control: Stable
  • Synopsis: Records in accounting logs that have attribute values containing quotes (") will have escaped quotes in the values and values themselves will be enclosed within quotes.
  • Details: When any of the job's attributes has a quote (") in it's value it causes problems to the applications that read the accounting logs as the quotes in the values are not escaped before they get stored in the accounting logs. Below will be done as a solution -
    • While storing the values in the accounting log records, if value of any attribute contains a character that is not alphanumeric, that value will be enclosed within quotes ("").
      Example:

      With special characters there would be quotes around the entire value: account="attribute+value"

      without special characters there are no quotes: account=blueredgreen


    • While storing the values in the accounting log records, values will be parsed and quotes within the value will be escaped with a '\'. 
      Example:

      account="value\" malicious=\"evil"


    • While storing the values in the accounting log records, values will be parsed and escapes within the value will be stored as "\\".
      Example:
      account="abc\\def"
    • While reading the values, each escaped quote will become part of the value.
      Example:
      accounting log files content – account="value\" malicious=\"evil"
      tracejob output – account=value" malicious="evil
    • While reading the values, each occurrence of "\\", will be replaced with a '\'.
      Example:
      accounting log files content – account="abc\\def"
      tracejob output – account=abc\def
    • While reading the values, the enclosing quotes (if any) will be dropped.
      Example:
      accounting log files content – account="abc def"
      tracejob output – account=abc def
    • Values that are already enclosed within quotes (single or double) will be recorded as-is.
    • PBS utilities like tracejob that read the accounting logs will not have their output affected.
    • Example -
      • current behaviour

        When a job is submitted as follows -

        qsub -A 'value" malicious="evil' – /bin/sleep 1111

        the accounting logs end up showing -

        10/18/2016 16:01:33;S;11039.server;user=someone group=group1 account="value" malicious="evil" ...

        As seen above, the parsing application could parse attribute account's value to be "value" and read a non-existing attribute malicious.

      • after this change

        The example accounting record will look like -

        10/18/2016 16:01:33;S;11039.server;user=someone group=group1 account="value\" malicious=\"evil" ...

    • tracejob output will be kept as-is as shown in the above examples.

    • third-party tools that read the accounting logs files, would need to read from the accounting logs as described and shown in the examples above.
    • The attributes that are not provided by the user will be recorded as earlier. Examples of such attributes are user, group etc.
    • Values for resources_list, resources_allocated and resources_used will be processed as explained above.