Do not refresh object store before fetching object.

[larssilven]

Before this commit the object store for a file token was always refreshed by reading
the file of the token every time an object of the token was fetched.
Now the HSM may be configured not to refresh when fetching an object. But the
refresh will still be done after an application gets a handle for an object.

The reason for this change is that the CPU time consumed by the reading may not
be negligible for some HW.

Summary by CodeRabbit

• New Features

  • Added a configurable option to control whether object store data is refreshed from disk before use, improving flexibility for performance or consistency needs.
  • Introduced a new configuration parameter objectstore.readrefresh, with documentation and example usage.

• Bug Fixes

  • Improved object validity checks to respect the new refresh setting, ensuring more predictable behavior when objects are modified externally.

• Documentation

  • Updated configuration documentation to describe the new objectstore.readrefresh option.

• Tests

  • Added and updated test suites to verify correct behavior with both refresh enabled and disabled.

[rijswijk]

Thanks for your PR; the reason it is implemented the way it currently is is to cope with multiple independent processes concurrently manipulating the same token through the SoftHSM library. If you disable the check, then a process will fail to pick up any changes to the token made by an external process. I understand that for performance reasons this is inconvenient, but perhaps it would be better, if you want to be able to disable it, to make this a configurable feature?

I'm wondering, though, if that should then be run-time configurable or compile-time (since you might not want two processes using SoftHSM with conflicting configurations). I'd like to ask @halderen for an opinion on this too.

[halderen]

It is really needed that multiple concurrent processes access the same token at the same time for many use cases. I'd first like to know the performance impact of such a thing. SoftHSMv2 isn't really that fast anyway (for security reasons) so if the effect isn't good for me. Not having the lock (so this PR) means bringing back the old SoftHSMv1 functionality and the way SoftHSMv2 sometimes operate due to a bug. This took us with OpenDNSSEC 2 1/2 years to find, so I'd rather not burn application programmers with this. In any case, this should not be a compile time option, as this would mean package maintainers may select this, and then everyone may be stuck with this. It should be a run-time, per slot/token option (but that might not be possible) option that is not default on.

[larssilven]

I'm glad that you are willing to accept my proposal with the modification that the 'refresh disabling' should be optional and disabled by default.

Could we add a key called objectstore.readrefresh to the softhsm2.conf . If this key has the value 'false' then no refreshing is done before fetching an object from the store, if something else or not define then the refresh is done (as before).

I have just tested this with the file mode. Maybe nothing should be done about the DB mode (I removed a mutex lock)?

I believe it should be possible in 'file mode' for several processes to use the same objects in a store with 'objectstore.readrefresh=false'. There will just be a problem if one of the processes use C_DestroyObject or C_SetAttribute;
then the other processes will continue to used the object as it was before.

[larssilven]

New version ready for review.

[larssilven]

Benchmarks

I have compared result from a Debian VM running the p11speed test with different configurations. p11speed has used 24 threads each doing 1000 signings with 2048 RSA_PKCS.
It has been done on 2 different kind of storage, ordinary VM qcow2 and 9p that access a storage on the hypervisor. Here is the result:

storage type	objectstore.readrefresh	objectstore.backend	signes/s
9p	true	file	386
9p	true	db	1275
9p	false	file	2393
9p	false	db	1263
qcow2	true	file	2534
qcow2	true	db	2170
qcow2	false	file	2379
qcow2	false	db	2163

I will remove my DB fix since it is not doing any difference.

[jschlyter]

Please rebase on develop and mark as ready when ready.

[larssilven]

Now all tests but windows are OK. But I don't think these problem has anything to do with this.

[larssilven]

how stupid of me. I did just assume the the windows build was not ready yet.
Thanks @bjosv

[coderabbitai]

Walkthrough

A new configuration-driven boolean flag, doRefresh, was introduced to control whether object validity checks refresh from storage. This flag is read during initialization and passed to isValid() methods throughout the codebase, with corresponding signature changes in related classes. Documentation and tests were updated to reflect and verify this new behavior.

Changes

File(s)	Change Summary
src/lib/SoftHSM.cpp, src/lib/SoftHSM.h	Added doRefresh member to SoftHSM; passed to OSObject::isValid() in all relevant methods.
src/lib/common/Configuration.cpp	Added objectstore.readrefresh boolean config key.
src/lib/common/softhsm2.conf.5.in, src/lib/common/softhsm2.conf.in	Documented/added objectstore.readrefresh config option and its usage.
src/lib/object_store/OSObject.h, src/lib/object_store/DBObject.h, src/lib/object_store/ObjectFile.h, src/lib/object_store/SessionObject.h	Changed isValid() to accept a doRefresh boolean parameter (defaulted where appropriate).
src/lib/object_store/ObjectFile.cpp, src/lib/object_store/DBObject.cpp, src/lib/object_store/SessionObject.cpp	Updated isValid() implementations to accept/use doRefresh argument.
src/lib/object_store/DBToken.cpp, src/lib/object_store/OSToken.cpp, src/lib/object_store/SessionObjectStore.cpp	Updated calls to isValid() to pass explicit doRefresh argument as per context.
src/lib/object_store/test/Makefile.am	Added new test files for refresh/no-refresh scenarios to build.
src/lib/object_store/test/ObjectFileTests.cpp, src/lib/object_store/test/ObjectFileTests.h	Refactored tests to parameterize refresh behavior; removed CppUnit macros; introduced constructor with doRefresh.
src/lib/object_store/test/ObjectFileTestsRefresh.cpp, src/lib/object_store/test/ObjectFileTestsRefresh.h	Added test suite for refresh-enabled behavior; handles setup/teardown and registers tests.
src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp, src/lib/object_store/test/ObjectFileTestsNoRefresh.h	Added test suite for refresh-disabled behavior; handles setup/teardown and registers tests.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant SoftHSM
    participant OSObject

    User->>SoftHSM: Call operation (e.g., C_CopyObject)
    SoftHSM->>OSObject: isValid(doRefresh)
    OSObject-->>SoftHSM: Validity result (with/without refresh)
    SoftHSM-->>User: Operation result

Loading

Estimated code review effort

4 (~80 minutes)

Poem

In the burrow, code refreshed anew,
A flag now guides what objects do—
Should we peek or should we trust,
The config tells us, as it must.
Tests now dance with fresh delight,
Ensuring things behave just right.
Hippity-hop, the code feels bright!

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

src/lib/common/softhsm2.conf.5.in (1)

105-129: Comprehensive documentation with clear trade-off explanation.

The documentation thoroughly explains the new configuration option, including its performance benefits and the important caveat about stale object handles in multi-process environments. The warning about potential issues when objects are modified by other processes is particularly valuable.

Note: There's a minor inconsistency where the text states "Default is true" but the example shows objectstore.readrefresh = false. Consider aligning the example with the documented default or clarifying this is showing the performance-optimized setting.

src/lib/object_store/test/ObjectFileTestsRefresh.cpp (1)

28-28: Fix the filename in the comment.

- ObjectObjectFileTests.cpp
+ ObjectFileTestsRefresh.cpp

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (2)

28-28: Fix typo in file comment.

The comment should read "ObjectFileTestsNoRefresh.cpp" instead of "ObjectObjectFileTests.cpp".

-/*****************************************************************************
- ObjectObjectFileTests.cpp
-
- Contains test cases to test the object file implementation
- *****************************************************************************/
+/*****************************************************************************
+ ObjectFileTestsNoRefresh.cpp
+
+ Contains test cases to test the object file implementation
+ *****************************************************************************/

---

39-55: Consider improving error handling consistency and command security.

While the system() calls are acceptable for test code, there are some improvements to consider:

1. The Windows version in setUp() doesn't assert on success like the Unix version
2. Static analysis flags system() calls as potential security risks (CWE-78)

For consistency, consider adding error checking to the Windows path in setUp():

 void ObjectFileTestsNoRefresh::setUp()
 {
 #ifndef _WIN32
 	CPPUNIT_ASSERT(!system("mkdir testdir"));
 #else
-	system("mkdir testdir 2> nul");
+	CPPUNIT_ASSERT(!system("mkdir testdir 2> nul"));
 #endif
 }

Note: The system() calls are flagged by static analysis but are acceptable here since they use hardcoded, safe commands in a test environment.

src/lib/object_store/test/ObjectFileTestsNoRefresh.h (1)

37-37: Consider removing unused include.

The include of "test/SessionObjectTests.h" appears unnecessary unless this class uses functionality from SessionObjectTests. Consider removing it if it's not needed.

 #include "ObjectFileTests.h"
-#include "test/SessionObjectTests.h"
 
 #include <cppunit/extensions/HelperMacros.h>

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 557b2fd and 03c8da5.

📒 Files selected for processing (22)

• src/lib/SoftHSM.cpp (23 hunks)
• src/lib/SoftHSM.h (1 hunks)
• src/lib/common/Configuration.cpp (1 hunks)
• src/lib/common/softhsm2.conf.5.in (1 hunks)
• src/lib/common/softhsm2.conf.in (1 hunks)
• src/lib/object_store/DBObject.cpp (1 hunks)
• src/lib/object_store/DBObject.h (1 hunks)
• src/lib/object_store/DBToken.cpp (1 hunks)
• src/lib/object_store/OSObject.h (1 hunks)
• src/lib/object_store/OSToken.cpp (5 hunks)
• src/lib/object_store/ObjectFile.cpp (1 hunks)
• src/lib/object_store/ObjectFile.h (1 hunks)
• src/lib/object_store/SessionObject.cpp (1 hunks)
• src/lib/object_store/SessionObject.h (1 hunks)
• src/lib/object_store/SessionObjectStore.cpp (1 hunks)
• src/lib/object_store/test/Makefile.am (1 hunks)
• src/lib/object_store/test/ObjectFileTests.cpp (31 hunks)
• src/lib/object_store/test/ObjectFileTests.h (2 hunks)
• src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (1 hunks)
• src/lib/object_store/test/ObjectFileTestsNoRefresh.h (1 hunks)
• src/lib/object_store/test/ObjectFileTestsRefresh.cpp (1 hunks)
• src/lib/object_store/test/ObjectFileTestsRefresh.h (1 hunks)

🧬 Code Graph Analysis (10)

src/lib/object_store/DBObject.h (3)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/object_store/DBObject.cpp (2)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/object_store/SessionObject.cpp (5)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/DBToken.cpp (2)

• isValid (746-749)
• isValid (746-746)

src/lib/object_store/OSToken.cpp (2)

• isValid (444-447)
• isValid (444-444)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/slot_mgr/Token.cpp (2)

• isValid (75-81)
• isValid (75-75)

src/lib/object_store/ObjectFile.cpp (3)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/Directory.cpp (4)

• isValid (68-71)
• isValid (68-68)
• refresh (94-222)
• refresh (94-94)

src/lib/object_store/SessionObject.h (6)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/DBToken.cpp (2)

• isValid (746-749)
• isValid (746-746)

src/lib/object_store/OSToken.cpp (2)

• isValid (444-447)
• isValid (444-444)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/slot_mgr/Token.cpp (2)

• isValid (75-81)
• isValid (75-75)

src/lib/object_store/test/ObjectFileTestsRefresh.cpp (1)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (4)

• setUp (39-46)
• setUp (39-39)
• tearDown (48-55)
• tearDown (48-48)

src/lib/object_store/test/ObjectFileTests.h (1)

src/lib/object_store/test/ObjectFileTests.cpp (3)

• ObjectFileTests (48-50)
• testBoolAttr (52-120)
• testBoolAttr (52-52)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (1)

src/lib/object_store/test/ObjectFileTestsRefresh.cpp (4)

• setUp (39-46)
• setUp (39-39)
• tearDown (48-55)
• tearDown (48-48)

src/lib/object_store/OSObject.h (6)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/DBToken.cpp (2)

• isValid (746-749)
• isValid (746-746)

src/lib/object_store/OSToken.cpp (2)

• isValid (444-447)
• isValid (444-444)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/object_store/File.cpp (2)

• isValid (147-150)
• isValid (147-147)

src/lib/object_store/test/ObjectFileTestsNoRefresh.h (3)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (5)

• ObjectFileTestsNoRefresh (37-37)
• setUp (39-46)
• setUp (39-39)
• tearDown (48-55)
• tearDown (48-48)

src/lib/object_store/test/ObjectFileTests.h (1)

• ObjectFileTests (37-55)

src/lib/object_store/test/ObjectFileTests.cpp (23)

• ObjectFileTests (48-50)
• testBoolAttr (52-120)
• testBoolAttr (52-52)
• testULongAttr (122-190)
• testULongAttr (122-122)
• testByteStrAttr (192-259)
• testByteStrAttr (192-192)
• testMechTypeSetAttr (261-303)
• testMechTypeSetAttr (261-261)
• testAttrMapAttr (305-369)
• testAttrMapAttr (305-305)
• testMixedAttr (371-428)
• testMixedAttr (371-371)
• testDoubleAttr (430-548)
• testDoubleAttr (430-430)
• testRefresh (550-692)
• testRefresh (550-550)
• testCorruptFile (694-716)
• testCorruptFile (694-694)
• testTransactions (718-882)
• testTransactions (718-718)
• testDestroyObjectFails (884-898)
• testDestroyObjectFails (884-884)

🪛 ast-grep (0.38.6)

src/lib/object_store/test/ObjectFileTestsRefresh.cpp

[warning] 43-43: Don't call system. It's a high-level wrapper that allows for stacking multiple commands. Always prefer a more restrictive API such as calling execve from the exec family.
Context: system("mkdir testdir 2> nul");
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS
Command ('OS Command Injection').
[REFERENCES]
- https://owasp.org/Top10/A03_2021-Injection

(dont-call-system-cpp)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp

[warning] 43-43: Don't call system. It's a high-level wrapper that allows for stacking multiple commands. Always prefer a more restrictive API such as calling execve from the exec family.
Context: system("mkdir testdir 2> nul");
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS
Command ('OS Command Injection').
[REFERENCES]
- https://owasp.org/Top10/A03_2021-Injection

(dont-call-system-cpp)

🧰 Additional context used

🧬 Code Graph Analysis (10)

src/lib/object_store/DBObject.h (3)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/object_store/DBObject.cpp (2)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/object_store/SessionObject.cpp (5)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/DBToken.cpp (2)

• isValid (746-749)
• isValid (746-746)

src/lib/object_store/OSToken.cpp (2)

• isValid (444-447)
• isValid (444-444)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/slot_mgr/Token.cpp (2)

• isValid (75-81)
• isValid (75-75)

src/lib/object_store/ObjectFile.cpp (3)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/Directory.cpp (4)

• isValid (68-71)
• isValid (68-68)
• refresh (94-222)
• refresh (94-94)

src/lib/object_store/SessionObject.h (6)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/DBToken.cpp (2)

• isValid (746-749)
• isValid (746-746)

src/lib/object_store/OSToken.cpp (2)

• isValid (444-447)
• isValid (444-444)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/slot_mgr/Token.cpp (2)

• isValid (75-81)
• isValid (75-75)

src/lib/object_store/test/ObjectFileTestsRefresh.cpp (1)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (4)

• setUp (39-46)
• setUp (39-39)
• tearDown (48-55)
• tearDown (48-48)

src/lib/object_store/test/ObjectFileTests.h (1)

src/lib/object_store/test/ObjectFileTests.cpp (3)

• ObjectFileTests (48-50)
• testBoolAttr (52-120)
• testBoolAttr (52-52)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (1)

src/lib/object_store/test/ObjectFileTestsRefresh.cpp (4)

• setUp (39-46)
• setUp (39-39)
• tearDown (48-55)
• tearDown (48-48)

src/lib/object_store/OSObject.h (6)

src/lib/object_store/DBObject.cpp (2)

• isValid (1367-1372)
• isValid (1367-1367)

src/lib/object_store/DBToken.cpp (2)

• isValid (746-749)
• isValid (746-746)

src/lib/object_store/OSToken.cpp (2)

• isValid (444-447)
• isValid (444-444)

src/lib/object_store/SessionObject.cpp (2)

• isValid (221-224)
• isValid (221-221)

src/lib/object_store/ObjectFile.cpp (2)

• isValid (266-273)
• isValid (266-266)

src/lib/object_store/File.cpp (2)

• isValid (147-150)
• isValid (147-147)

src/lib/object_store/test/ObjectFileTestsNoRefresh.h (3)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (5)

• ObjectFileTestsNoRefresh (37-37)
• setUp (39-46)
• setUp (39-39)
• tearDown (48-55)
• tearDown (48-48)

src/lib/object_store/test/ObjectFileTests.h (1)

• ObjectFileTests (37-55)

src/lib/object_store/test/ObjectFileTests.cpp (23)

• ObjectFileTests (48-50)
• testBoolAttr (52-120)
• testBoolAttr (52-52)
• testULongAttr (122-190)
• testULongAttr (122-122)
• testByteStrAttr (192-259)
• testByteStrAttr (192-192)
• testMechTypeSetAttr (261-303)
• testMechTypeSetAttr (261-261)
• testAttrMapAttr (305-369)
• testAttrMapAttr (305-305)
• testMixedAttr (371-428)
• testMixedAttr (371-371)
• testDoubleAttr (430-548)
• testDoubleAttr (430-430)
• testRefresh (550-692)
• testRefresh (550-550)
• testCorruptFile (694-716)
• testCorruptFile (694-694)
• testTransactions (718-882)
• testTransactions (718-718)
• testDestroyObjectFails (884-898)
• testDestroyObjectFails (884-884)

🪛 ast-grep (0.38.6)

src/lib/object_store/test/ObjectFileTestsRefresh.cpp

[warning] 43-43: Don't call system. It's a high-level wrapper that allows for stacking multiple commands. Always prefer a more restrictive API such as calling execve from the exec family.
Context: system("mkdir testdir 2> nul");
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS
Command ('OS Command Injection').
[REFERENCES]
- https://owasp.org/Top10/A03_2021-Injection

(dont-call-system-cpp)

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp

[warning] 43-43: Don't call system. It's a high-level wrapper that allows for stacking multiple commands. Always prefer a more restrictive API such as calling execve from the exec family.
Context: system("mkdir testdir 2> nul");
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS
Command ('OS Command Injection').
[REFERENCES]
- https://owasp.org/Top10/A03_2021-Injection

(dont-call-system-cpp)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Windows (x64, botan)
• GitHub Check: Windows (x64, openssl)
• GitHub Check: Windows (x86, openssl)
• GitHub Check: macOS (openssl)
• GitHub Check: macOS (botan)

🔇 Additional comments (34)

src/lib/SoftHSM.h (1)

189-190: LGTM! Clean addition of configuration flag.

The new doRefresh boolean member is well-documented and appropriately placed in the private section. This will effectively control whether objects are refreshed from storage before validation based on the configuration setting.

src/lib/common/softhsm2.conf.in (1)

19-20: LGTM! Good configuration option with safe default.

The new objectstore.readrefresh parameter is well-documented and uses true as the default to maintain backward compatibility. This addresses the performance concerns raised in the PR while preserving existing multi-process safety by default.

src/lib/object_store/DBObject.h (1)

99-99: LGTM! Interface consistency maintained.

The isValid() method signature update to accept the doRefresh parameter maintains consistency across the object store hierarchy. For database objects, this parameter is appropriately ignored since they don't need refresh from storage (as seen in the implementation at src/lib/object_store/DBObject.cpp lines 1366-1371).

src/lib/object_store/SessionObject.h (1)

76-77: LGTM! Clean interface update with clear documentation.

The addition of the doRefresh parameter with default value maintains interface consistency across object store classes. The comment clearly explains why this parameter is not applicable to session objects (since they don't persist on disk), and the implementation correctly ignores it as expected.

src/lib/common/Configuration.cpp (1)

54-54: LGTM! Proper configuration key registration.

The new objectstore.readrefresh configuration key is correctly registered with the appropriate CONFIG_TYPE_BOOL type. This enables the configuration system to properly validate and handle the new refresh control parameter.

src/lib/object_store/ObjectFile.h (1)

79-79: LGTM! Clean method signature update.

The addition of the doRefresh parameter to the isValid() method is consistent with the PR's goal of making refresh behavior configurable.

src/lib/object_store/SessionObjectStore.cpp (1)

109-109: LGTM! Appropriate parameter value for session objects.

Passing false for doRefresh is correct since session objects are not persisted to disk and have nothing to refresh from storage.

src/lib/object_store/test/Makefile.am (1)

20-21: LGTM! Proper test integration.

The new test source files are correctly added to the build system, providing test coverage for both refresh and no-refresh scenarios.

src/lib/object_store/DBObject.cpp (1)

1367-1367: Verify Windows compatibility of __attribute__((unused)).

Based on the past review comments on SessionObject.cpp, there was a Windows build failure with the __attribute__((unused)) syntax. Please ensure this has been addressed consistently across all files using this pattern.

Consider using portable alternatives like:

bool DBObject::isValid(const bool /*doRefresh*/)

or adding (void)doRefresh; in the function body if the attribute approach causes build issues.

src/lib/object_store/SessionObject.cpp (1)

220-221: Excellent approach for cross-platform compatibility.

Using the commented parameter name /*doRefresh*/ instead of __attribute__((unused)) is the correct portable solution for unused parameters. This approach avoids the Windows build issues mentioned in previous reviews while maintaining clear documentation of the parameter's purpose.

src/lib/object_store/ObjectFile.cpp (1)

265-273: LGTM! Clean implementation of configurable refresh behavior.

The method correctly implements the conditional refresh logic while maintaining backward compatibility. The updated comment accurately reflects that refreshing "may" occur as a side effect rather than always occurring.

src/lib/object_store/DBToken.cpp (1)

687-687: LGTM! Correct alignment with updated method signature.

The change appropriately passes true to maintain the original behavior of refreshing before validation, which is suitable for newly created objects where we want to ensure proper validation.

src/lib/object_store/OSObject.h (1)

67-68: LGTM! Well-designed interface update with backward compatibility.

The addition of the doRefresh parameter with a default value of true maintains backward compatibility while enabling the new configurable refresh behavior. The accompanying comment clearly explains the parameter's purpose.

src/lib/object_store/test/ObjectFileTestsRefresh.cpp (1)

37-55: Test class structure is well-designed.

The test class correctly inherits from ObjectFileTests with refresh enabled (true), and the setUp/tearDown methods follow the established pattern used in similar test files. The use of system() calls, while flagged by static analysis, is consistent with the existing test infrastructure in this codebase.

src/lib/object_store/OSToken.cpp (5)

182-183: Good approach to handle token metadata operations.

Hardcoding refresh to true for token metadata operations is appropriate since these are infrequent but critical operations where data consistency is paramount.

---

227-228: Consistent implementation with appropriate refresh behavior.

The forced refresh for user PIN operations maintains data integrity for this security-critical function.

---

248-249: Proper refresh handling for token label retrieval.

The comment correctly explains that this operation is rare enough that the refresh overhead is acceptable for ensuring consistency.

---

269-270: Appropriate refresh behavior for token serial operations.

Maintaining consistency for token serial retrieval by forcing refresh is the right choice given the infrequent nature of this operation.

---

290-291: Correct refresh handling for token flags.

Token flags are critical for security state management, so forcing refresh ensures the most current state is always retrieved.

src/lib/object_store/test/ObjectFileTests.h (2)

37-40: Well-designed refactoring to support configurable test scenarios.

Converting ObjectFileTests to a parameterized base class is an excellent approach for testing both refresh-enabled and refresh-disabled behaviors. The constructor parameter allows concrete test classes to specify their refresh behavior.

---

53-54: Good use of const member for immutable configuration.

Making doRefresh const ensures the refresh behavior cannot be accidentally modified during test execution, providing clear and consistent test semantics.

src/lib/object_store/test/ObjectFileTestsNoRefresh.cpp (1)

37-37: Constructor correctly configures refresh behavior.

The constructor properly passes false to the base class, ensuring that all tests in this suite run without refresh enabled.

src/lib/object_store/test/ObjectFileTestsRefresh.h (1)

41-62: Well-structured test class design.

The class design effectively combines the parameterized ObjectFileTests base class with CppUnit test infrastructure. The complete test suite registration ensures all object file functionality is tested with refresh enabled.

src/lib/object_store/test/ObjectFileTestsNoRefresh.h (1)

41-62: Consistent and well-designed test class structure.

The class design properly mirrors ObjectFileTestsRefresh and correctly integrates with the CppUnit framework. All necessary test methods are registered in the suite.

src/lib/object_store/test/ObjectFileTests.cpp (7)

48-50: LGTM! Clean constructor implementation.

The constructor properly initializes the doRefresh member variable using the initialization list, which is the correct C++ pattern.

---

62-893: LGTM! Systematic addition of doRefresh parameter to isValid() calls.

All isValid() calls have been consistently updated to pass the doRefresh parameter throughout the test file. This systematic change properly supports the new configurable refresh behavior while maintaining existing test functionality.

---

670-674: LGTM! Conditional test logic correctly validates refresh behavior.

The conditional assertions properly test that when doRefresh=false, the first object instance doesn't see changes made by the second instance, which is the expected behavior for the performance optimization.

---

687-691: LGTM! Proper validation of refresh behavior in multi-instance scenario.

The conditional assertion correctly verifies that when doRefresh=false, changes made by one object instance are not reflected in another instance, which aligns with the performance optimization goals.

---

814-824: LGTM! Transaction test logic properly handles both refresh modes.

The conditional assertions correctly test that after a transaction commit, changes are only visible to other instances when doRefresh=true. This validates both the traditional behavior and the new performance optimization mode.

---

853-856: LGTM! Consistent conditional testing pattern.

The assertions maintain the same pattern of validating that when doRefresh=false, object instances maintain their cached state without reflecting external changes.

---

878-881: LGTM! Final validation of refresh behavior after transaction abort.

The conditional assertions properly test that even after transaction abort, the refresh behavior is consistent with the doRefresh flag setting.

src/lib/SoftHSM.cpp (3)

613-614: LGTM!

The initialization correctly reads the configuration value with a sensible default that preserves backward compatibility.

---

1615-1615: Consistent parameter passing.

The change correctly propagates the doRefresh flag to the validity check.

---

1784-1784: Consistent implementation of configurable refresh behavior.

All the isValid() calls have been systematically updated to pass the doRefresh parameter. The changes maintain appropriate error codes for different contexts (object vs key operations) and preserve the existing error handling logic.

Also applies to: 1832-1832, 1856-1856, 1903-1903, 2173-2173, 2421-2421, 2902-2902, 3151-3151, 3802-3802, 3953-3953, 4105-4105, 4931-4931, 5083-5083, 6519-6519, 6561-6561, 6987-6987, 7287-7287, 10393-10393, 10725-10725, 11079-11079, 11605-11605