hooks: add hook for limiting subtree copy source sizes

markbt · facebook-github-bot · commit 36d9c76316b6 · 2025-03-26T08:51:57.000-07:00
Summary:
Add a new hook that lets us limit the size of subtree copy sources, and the depth of the destination.

There are two aspects of "size" we care about when it comes to limiting subtree operations: the size of the source, and the size of the covered portion of the repository at the destination.  For source size we limit the total number of files located at the source.  For the destination, we require that it has a minimum path depth.

Reviewed By: andreacampi

Differential Revision: D71842445

fbshipit-source-id: c89713185eb56975b48e9af91a6176817f870274
diff --git a/eden/mononoke/hooks/BUCK b/eden/mononoke/hooks/BUCK
@@ -20,7 +20,6 @@ rust_library(
         "//common/rust/shed/borrowed:borrowed",
         "//common/rust/shed/fbinit:fbinit-tokio",
         "//eden/mononoke/blobrepo:repo_blobstore",
-        "//eden/mononoke/blobstore:blobstore",
         "//eden/mononoke/mononoke_macros:mononoke_macros",
         "//eden/mononoke/mononoke_types:mononoke_types",
         "//eden/mononoke/mononoke_types:mononoke_types-mocks",
@@ -56,9 +55,12 @@ rust_library(
         "//configerator/structs/infrasec/if:acl-rust",
         "//crypto/keychain_service:if-rust",
         "//crypto/keychain_service:if-rust-srclients",
+        "//eden/mononoke/blobrepo:repo_blobstore",
+        "//eden/mononoke/blobstore:blobstore",
         "//eden/mononoke/bookmarks:bookmarks",
         "//eden/mononoke/common/facebook/thrift_client:thrift_client",
         "//eden/mononoke/common/scuba_ext:scuba_ext",
+        "//eden/mononoke/derived_data:skeleton_manifest",
         "//eden/mononoke/facebook/employee_service:employee_service",
         "//eden/mononoke/facebook/phabricator:phabricator",
         "//eden/mononoke/manifest:manifest",
@@ -68,6 +70,7 @@ rust_library(
         "//eden/mononoke/permission_checker:permission_checker",
         "//eden/mononoke/repo_attributes/hook_manager/hook_manager:hook_manager",
         "//eden/mononoke/repo_attributes/repo_cross_repo:repo_cross_repo",
+        "//eden/mononoke/repo_attributes/repo_derived_data:repo_derived_data",
         "//eden/mononoke/repo_attributes/repo_identity:repo_identity",
         "//eden/mononoke/scs/if:source_control-rust",
         "//eden/mononoke/scs/if:source_control-rust-clients",
diff --git a/eden/mononoke/hooks/Cargo.toml b/eden/mononoke/hooks/Cargo.toml
@@ -14,6 +14,7 @@ doctest = false
 [dependencies]
 anyhow = "1.0.95"
 async-trait = "0.1.86"
+blobstore = { version = "0.1.0", path = "../blobstore" }
 bookmarks = { version = "0.1.0", path = "../bookmarks" }
 bytes = { version = "1.9.0", features = ["serde"] }
 context = { version = "0.1.0", path = "../server/context" }
@@ -34,14 +35,17 @@ metaconfig_types = { version = "0.1.0", path = "../metaconfig/types" }
 mononoke_types = { version = "0.1.0", path = "../mononoke_types" }
 permission_checker = { version = "0.1.0", path = "../permission_checker" }
 regex = "1.11.1"
+repo_blobstore = { version = "0.1.0", path = "../blobrepo/repo_blobstore" }
 repo_cross_repo = { version = "0.1.0", path = "../repo_attributes/repo_cross_repo" }
+repo_derived_data = { version = "0.1.0", path = "../repo_attributes/repo_derived_data" }
 repo_identity = { version = "0.1.0", path = "../repo_attributes/repo_identity" }
 sapling-clientinfo = { version = "0.1.0", path = "../../scm/lib/clientinfo" }
 scuba_ext = { version = "0.1.0", path = "../common/scuba_ext" }
 serde = { version = "1.0.185", features = ["derive", "rc"] }
 serde_derive = "1.0.185"
 serde_json = { version = "1.0.140", features = ["float_roundtrip", "unbounded_depth"] }
 serde_regex = "1"
+skeleton_manifest = { version = "0.1.0", path = "../derived_data/skeleton_manifest" }
 slog = { package = "tracing_slog_compat", version = "0.1.0", git = "https://github.com/facebookexperimental/rust-shed.git", branch = "main" }
 source_control = { version = "0.1.0", path = "../scs/if" }
 source_control_clients = { version = "0.1.0", path = "../scs/if/clients" }
@@ -50,15 +54,13 @@ thiserror = "2"
 tokio = { version = "1.41.0", features = ["full", "test-util", "tracing"] }
 
 [dev-dependencies]
-blobstore = { version = "0.1.0", path = "../blobstore" }
 borrowed = { version = "0.1.0", git = "https://github.com/facebookexperimental/rust-shed.git", branch = "main" }
 fbinit-tokio = { version = "0.1.2", git = "https://github.com/facebookexperimental/rust-shed.git", branch = "main" }
 fixtures = { version = "0.1.0", path = "../tests/fixtures" }
 hook_manager_testlib = { version = "0.1.0", path = "../repo_attributes/hook_manager/hook_manager_testlib" }
 mononoke_macros = { version = "0.1.0", path = "../mononoke_macros" }
 mononoke_types-mocks = { version = "0.1.0", path = "../mononoke_types/mocks" }
 pretty_assertions = { version = "1.2", features = ["alloc"], default-features = false }
-repo_blobstore = { version = "0.1.0", path = "../blobrepo/repo_blobstore" }
 repo_permission_checker = { version = "0.1.0", path = "../repo_attributes/repo_permission_checker" }
 test_repo_factory = { version = "0.1.0", path = "../repo_factory/test_repo_factory" }
 tests_utils = { version = "0.1.0", path = "../tests/utils" }
diff --git a/eden/mononoke/hooks/src/implementations.rs b/eden/mononoke/hooks/src/implementations.rs
@@ -26,6 +26,7 @@ mod limit_directory_size;
 pub(crate) mod limit_filesize;
 mod limit_path_length;
 pub(crate) mod limit_submodule_edits;
+mod limit_subtree_op_size;
 pub(crate) mod limit_tag_updates;
 pub(crate) mod missing_lfsconfig;
 pub(crate) mod no_bad_filenames;
@@ -104,6 +105,9 @@ pub async fn make_changeset_hook(
         "limit_submodule_edits" => Some(b(limit_submodule_edits::LimitSubmoduleEditsHook::new(
             &params.config,
         )?)),
+        "limit_subtree_op_size" => Some(b(limit_subtree_op_size::LimitSubtreeOpSizeHook::new(
+            &params.config,
+        )?)),
         "missing_lfsconfig" => Some(b(missing_lfsconfig::MissingLFSConfigHook::new())),
         "block_commit_message_pattern" => Some(b(
             block_commit_message_pattern::BlockCommitMessagePatternHook::new(&params.config)?,
diff --git a/eden/mononoke/hooks/src/implementations/limit_subtree_op_size.rs b/eden/mononoke/hooks/src/implementations/limit_subtree_op_size.rs
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) Meta Platforms, Inc. and affiliates.
+ *
+ * This software may be used and distributed according to the terms of the
+ * GNU General Public License version 2.
+ */
+
+use anyhow::Result;
+use async_trait::async_trait;
+use blobstore::StoreLoadable;
+use bookmarks::BookmarkKey;
+use context::CoreContext;
+use hook_manager::ChangesetHook;
+use hook_manager::HookRejectionInfo;
+use manifest::ManifestOps;
+use mononoke_types::BonsaiChangeset;
+use repo_blobstore::RepoBlobstoreRef;
+use repo_derived_data::RepoDerivedDataRef;
+use serde::Deserialize;
+use skeleton_manifest::RootSkeletonManifestId;
+
+use crate::CrossRepoPushSource;
+use crate::HookConfig;
+use crate::HookExecution;
+use crate::HookRepo;
+use crate::PushAuthoredBy;
+
+#[derive(Deserialize, Clone, Debug)]
+pub struct LimitSubtreeOpSizeConfig {
+    #[serde(default)]
+    source_file_count_limit: Option<u64>,
+
+    #[serde(default)]
+    dest_min_path_depth: Option<usize>,
+
+    /// Message to use when rejecting a commit because the source directory is too large.
+    ///
+    /// The following variables are available:
+    /// - ${dest_path}: The path of the destination.
+    /// - ${source}: The changeset id of the source.
+    /// - ${source_path}: The path of the source.
+    /// - ${count}: The number of files in the source.
+    /// - ${limit}: The limit on the number of files in the source.
+    too_many_files_rejection_message: String,
+
+    /// Message to use when rejecting a commit because the destination path is too shallow.
+    ///
+    /// The following variables are available:
+    /// - ${dest_path}: The path of the destination.
+    /// - ${dest_min_path_depth}: The minimum depth of the destination path.
+    dest_too_shallow_rejection_message: String,
+}
+
+/// Hook to limit the size of subtree operations.
+pub struct LimitSubtreeOpSizeHook {
+    config: LimitSubtreeOpSizeConfig,
+}
+
+impl LimitSubtreeOpSizeHook {
+    pub fn new(config: &HookConfig) -> Result<Self> {
+        Self::with_config(config.parse_options()?)
+    }
+
+    pub fn with_config(config: LimitSubtreeOpSizeConfig) -> Result<Self> {
+        Ok(Self { config })
+    }
+}
+
+#[async_trait]
+impl ChangesetHook for LimitSubtreeOpSizeHook {
+    async fn run<'this: 'cs, 'ctx: 'this, 'cs, 'repo: 'cs>(
+        &'this self,
+        ctx: &'ctx CoreContext,
+        hook_repo: &'repo HookRepo,
+        _bookmark: &BookmarkKey,
+        changeset: &'cs BonsaiChangeset,
+        cross_repo_push_source: CrossRepoPushSource,
+        push_authored_by: PushAuthoredBy,
+    ) -> Result<HookExecution> {
+        if push_authored_by.service() {
+            return Ok(HookExecution::Accepted);
+        }
+        if cross_repo_push_source == CrossRepoPushSource::PushRedirected {
+            // For push-redirected commits, we rely on running source-repo hooks
+            return Ok(HookExecution::Accepted);
+        }
+
+        for (path, change) in changeset.subtree_changes() {
+            if let Some(source_file_count_limit) = self.config.source_file_count_limit {
+                if let Some((source, source_path)) = change.change_source() {
+                    let source_root = hook_repo
+                        .repo_derived_data()
+                        .derive::<RootSkeletonManifestId>(ctx, source)
+                        .await?
+                        .into_skeleton_manifest_id();
+                    let source_entry = source_root
+                        .find_entry(
+                            ctx.clone(),
+                            hook_repo.repo_blobstore().clone(),
+                            source_path.clone(),
+                        )
+                        .await?
+                        .ok_or_else(|| {
+                            anyhow::anyhow!(concat!(
+                                "Source directory {source_path} ",
+                                "not found in source changeset {source}"
+                            ))
+                        })?;
+                    let source_count = match source_entry {
+                        manifest::Entry::Tree(tree_id) => {
+                            let source_tree = tree_id.load(ctx, hook_repo.repo_blobstore()).await?;
+                            source_tree.summary().descendant_files_count
+                        }
+                        manifest::Entry::Leaf(_) => 1,
+                    };
+
+                    if source_count > source_file_count_limit {
+                        return Ok(HookExecution::Rejected(HookRejectionInfo::new_long(
+                            "Subtree source is too large",
+                            self.config
+                                .too_many_files_rejection_message
+                                .replace("${dest_path}", &path.to_string())
+                                .replace("${source}", &source.to_string())
+                                .replace("${source_path}", &source_path.to_string())
+                                .replace("${count}", &source_count.to_string())
+                                .replace("${limit}", &source_file_count_limit.to_string()),
+                        )));
+                    }
+                }
+            }
+
+            if let Some(dest_min_path_depth) = self.config.dest_min_path_depth {
+                if path.num_components() < dest_min_path_depth {
+                    return Ok(HookExecution::Rejected(HookRejectionInfo::new_long(
+                        "Subtree destination is too shallow",
+                        self.config
+                            .dest_too_shallow_rejection_message
+                            .replace("${dest_path}", &path.to_string())
+                            .replace("${dest_min_path_depth}", &dest_min_path_depth.to_string()),
+                    )));
+                }
+            }
+        }
+
+        Ok(HookExecution::Accepted)
+    }
+}
diff --git a/eden/mononoke/tests/integration/subtree/test-hook-limit-subtree-op-size.t b/eden/mononoke/tests/integration/subtree/test-hook-limit-subtree-op-size.t
@@ -0,0 +1,81 @@
+# Copyright (c) Meta Platforms, Inc. and affiliates.
+#
+# This software may be used and distributed according to the terms of the
+# GNU General Public License found in the LICENSE file in the root
+# directory of this source tree.
+
+  $ . "${TEST_FIXTURES}/library.sh"
+
+Override subtree key to enable non-test subtree extra
+  $ cat > $TESTTMP/subtree.py <<EOF
+  > from sapling.utils import subtreeutil
+  > def extsetup(ui):
+  >     subtreeutil.SUBTREE_KEY = "subtree"
+  > EOF
+  $ setconfig extensions.subtreetestoverride=$TESTTMP/subtree.py
+  $ setconfig push.edenapi=true
+  $ setconfig subtree.min-path-depth=1
+  $ enable amend
+  $ setup_common_config
+  $ register_hooks \
+  > limit_subtree_op_size <(
+  >   cat <<CONF
+  > bypass_pushvar="TEST_BYPASS=true"
+  > config_json='''{
+  >   "source_file_count_limit": 2,
+  >   "dest_min_path_depth": 2,
+  >   "too_many_files_rejection_message": "Too many files in subtree operation copying from \${source_path} to \${dest_path}: \${count} > \${limit}",
+  >   "dest_too_shallow_rejection_message": "Subtree operation copying to \${dest_path} has too shallow destination path: < \${dest_min_path_depth}"
+  > }'''
+  > CONF
+  > )
+
+  $ testtool_drawdag -R repo --derive-all --no-default-files << EOF
+  > A-B-C-D
+  > # modify: A foo/file1 "aaa\n"
+  > # modify: A foo/file3 "xxx\n"
+  > # copy: B foo/file2 "bbb\n" A foo/file1
+  > # delete: B foo/file1
+  > # modify: C foo/file2 "ccc\n"
+  > # modify: D foo/file4 "yyy\n"
+  > # bookmark: D master_bookmark
+  > EOF
+  A=bad79679db57d8ca7bdcb80d082d1508f33ca2989652922e2e01b55fb3c27f6a
+  B=170dbba760afb7ec239d859e2412a827dd7229cdbdfcd549b7138b2451afad37
+  C=e611f471e1f2bd488fee752800983cdbfd38d50247e5d81222e0d620fd2a6120
+  D=ec1da6035c39c33e159c4baa6b9bfd54676d38a66255ccbcd436f6cfa8ecc2eb
+
+  $ start_and_wait_for_mononoke_server
+  $ hg clone -q mono:repo repo
+  $ cd repo
+
+  $ hg update -q master_bookmark^
+  $ hg subtree copy -r .^ --from-path foo --to-path bar
+  copying foo to bar
+  $ ls bar
+  file2
+  file3
+  $ cat bar/file2
+  bbb
+
+  $ hg push -q -r . --to master_bookmark
+  abort: Server error: hooks failed:
+    limit_subtree_op_size for 44bba4bd23a81344c3cbc7f28b42363d4df03399ce6cb0851b51babb48c20549: Subtree operation copying to bar has too shallow destination path: < 2
+  [255]
+
+  $ hg update -q master_bookmark
+  $ hg subtree copy -r . --from-path foo --to-path bar/baz
+  copying foo to bar/baz
+  $ hg push -q -r . --to master_bookmark
+  abort: Server error: hooks failed:
+    limit_subtree_op_size for c5c46cbfe6ecfb38810f51d2d0c3532c38f90d02d483f99d967e14add2be71ff: Too many files in subtree operation copying from foo to bar/baz: 3 > 2
+  [255]
+
+  $ hg update -q master_bookmark^
+  $ hg subtree copy -r . --from-path foo --to-path bar/baz
+  copying foo to bar/baz
+  $ hg push -q -r . --to master_bookmark
+  $ hg update -q master_bookmark
+  $ ls bar/baz
+  file2
+  file3
