AndrewJSchofield commented on code in PR #20819:
URL: https://github.com/apache/kafka/pull/20819#discussion_r2490275502
##########
core/src/main/scala/kafka/server/KafkaApis.scala:
##########
@@ -3178,13 +3178,11 @@ class KafkaApis(val requestChannel: RequestChannel,
val shareFetchData = shareFetchRequest.shareFetchData(topicIdNames)
val forgottenTopics = shareFetchRequest.forgottenTopics(topicIdNames)
-
- val newReqMetadata: ShareRequestMetadata = new
ShareRequestMetadata(Uuid.fromString(memberId), shareSessionEpoch)
Review Comment:
The tricky thing here is that previously we expected the member ID to be a
UUID formatted in the way that the Kafka Java class does it. But, the RPCs
define it as a string and there's no need for it to be formatted in that way,
provided it's unique across the clients. We should validate the incoming member
ID string to ensure that it's non-zero in length, and that it's length does not
extend beyond the length of a human-readable UUID (36 characters).
Also, we use `AAAAAAAAAAAAAAAAAAAAAAAA` as the comparison value for no
member ID, so that's a bad choice too. We could change the comparison value for
no member ID to the empty string `""`, which the validation above would reject
for use as a member ID, and then it would be permissible (but ill-advised) to
use `AAAAAAAAAAAAAAAAAAAAAAAA` as the member ID, just because that's a
well-known value.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
