Skip to content

Add regression/db-connection-leak-valgrind#981

Draft
sergio-correia wants to merge 2 commits into
RedHat-SP-Security:mainfrom
sergio-correia:db-leaks
Draft

Add regression/db-connection-leak-valgrind#981
sergio-correia wants to merge 2 commits into
RedHat-SP-Security:mainfrom
sergio-correia:db-leaks

Conversation

@sergio-correia
Copy link
Copy Markdown
Contributor

@sergio-correia sergio-correia commented Dec 17, 2025
edited
Loading

This test uses valgrind and is based on the existing test
regression/db-connection-leak-reproducer.

@sourcery-ai
Copy link
Copy Markdown

sourcery-ai Bot commented Dec 17, 2025
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This pull request currently contains no functional or content changes; it appears to be a placeholder or test PR with an empty diff for plans/main.fmf.

File-Level Changes

Change Details Files
No effective changes were made; the diff is empty and the file content is unchanged.
  • File is referenced in the diff header but has no added, removed, or modified lines.
  • There is currently nothing to validate functionally or logically in the codebase for this PR.
 plans/main.fmf
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai Bot reviewed Dec 17, 2025
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@sergio-correia sergio-correia marked this pull request as draft December 17, 2025 01:36
github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 22, 2026
View reviewed changes
Comment thread regression/db-connection-leak-valgrind/test.sh
@@ -0,0 +1,576 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
. /usr/share/beakerlib/beakerlib.sh || exit 1

Check warning

Code scanning / shellcheck

SC1091 Warning test

Not following: /usr/share/beakerlib/beakerlib.sh: openBinaryFile: does not exist (No such file or directory)
Comment thread regression/db-connection-leak-valgrind/test.sh
rlRun "chown keylime:keylime '$log_dir'"

# Find keylime_verifier path (works for both RPM and upstream installs)
local verifier_path=$(command -v keylime_verifier)

Check warning

Code scanning / shellcheck

SC2155 Warning test

Declare and assign separately to avoid masking return values.
Comment thread regression/db-connection-leak-valgrind/test.sh
return 1
fi

local log_files=$(find "$log_dir" -name "verifier-*.log" -type f)

Check warning

Code scanning / shellcheck

SC2155 Warning test

Declare and assign separately to avoid masking return values.
Comment thread regression/db-connection-leak-valgrind/test.sh

# Analyze each log file
for log_file in $log_files; do
local pid=$(basename "$log_file" | sed 's/verifier-\(.*\)\.log/\1/')

Check warning

Code scanning / shellcheck

SC2155 Warning test

Declare and assign separately to avoid masking return values.
Comment thread regression/db-connection-leak-valgrind/test.sh
rlLogInfo "Analyzing worker process $pid (worker #$num_workers)"

# Count open file descriptors at exit for this specific PID
local open_fds=$(grep "^==${pid}== Open file descriptor" "$log_file" | wc -l)

Check warning

Code scanning / shellcheck

SC2155 Warning test

Declare and assign separately to avoid masking return values.
Comment thread regression/db-connection-leak-valgrind/test.sh

# Check specifically for SQLite database FD leaks
local sqlite_fds=$(grep "^==${pid}== Open file descriptor.*cv_data.sqlite" "$log_file" | wc -l)
if [ $sqlite_fds -gt 0 ]; then

Check warning

Code scanning / shellcheck

SC2086 Warning test

Double quote to prevent globbing and word splitting.
Comment thread regression/db-connection-leak-valgrind/test.sh
rlLogWarning " Worker $pid: $sqlite_fds leaked SQLite database connections!"
leaked_sqlite_fds=$((leaked_sqlite_fds + sqlite_fds))
workers_with_sqlite_leaks=$((workers_with_sqlite_leaks + 1))
worker_sqlite_leaks[$pid]=$sqlite_fds

Check warning

Code scanning / shellcheck

SC2034 Warning test

worker_sqlite_leaks appears unused. Verify use (or export if used externally).
Comment thread regression/db-connection-leak-valgrind/test.sh
leaked_sqlite_fds=$((leaked_sqlite_fds + sqlite_fds))
workers_with_sqlite_leaks=$((workers_with_sqlite_leaks + 1))
worker_sqlite_leaks[$pid]=$sqlite_fds
has_leaks=1

Check warning

Code scanning / shellcheck

SC2034 Warning test

has_leaks appears unused. Verify use (or export if used externally).
Comment thread regression/db-connection-leak-valgrind/test.sh
rlLogInfo "=== VALGRIND TEST COMPLETE ==="
rlLogInfo "All valgrind logs saved to: $VALGRIND_BASE_DIR"
rlLogInfo "Phases analyzed:"
find "$VALGRIND_BASE_DIR" -mindepth 1 -maxdepth 1 -type d | while read phase_dir; do

Check warning

Code scanning / shellcheck

SC2162 Warning test

read without -r will mangle backslashes.
Comment thread regression/db-connection-leak-valgrind/test.sh
rlLogInfo "All valgrind logs saved to: $VALGRIND_BASE_DIR"
rlLogInfo "Phases analyzed:"
find "$VALGRIND_BASE_DIR" -mindepth 1 -maxdepth 1 -type d | while read phase_dir; do
rlLogInfo " - $(basename $phase_dir)"

Check warning

Code scanning / shellcheck

SC2086 Warning test

Double quote to prevent globbing and word splitting.
@sergio-correia sergio-correia changed the title DO NOT MERGE - test redirect Add regression/db-connection-leak-valgrind Jan 22, 2026
kkaarreell
kkaarreell requested changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@kkaarreell kkaarreell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have just a few nitpicks.
However, it seems that the test reports various connection leaks even for the current upstream code and not consistently.

Comment thread regression/db-connection-leak-valgrind/main.fmf Outdated
- valgrind
recommend:
- keylime
- python3-tomli
Copy link
Copy Markdown
Collaborator

@kkaarreell kkaarreell Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not needed as we are not running a revocation script

Copy link
Copy Markdown
Contributor Author

@sergio-correia sergio-correia Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"This" here meaning the python3-tomli line?

Copy link
Copy Markdown
Contributor Author

@sergio-correia sergio-correia Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed the python3-tomli line there. Please let me know if it still needs adjusts.

Comment thread regression/db-connection-leak-valgrind/test.sh
Comment thread regression/db-connection-leak-valgrind/test.sh
@sergio-correia
Add regression/db-connection-leak-valgrind
a790906 
This test uses valgrind and is based on the existing test
regression/db-connection-leak-reproducer.

It reproduces scenarios that would have caused connection leaks
before the fix from PR keylime/keylime#1782.

Signed-off-by: Sergio Correia <scorreia@redhat.com>
@sergio-correia
DO NOT MERGE - update repo/branch for testing
e2a09b7 
Also try to reduce the tests executed to the ones we care about.

Signed-off-by: Sergio Correia <scorreia@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@kkaarreell kkaarreell kkaarreell requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sergio-correia @kkaarreell @github-advanced-security