informix-db

warehack.ing/informix-db

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Malloy	0b13acb13d	Phase 30: Final hardening pass (2026.05.05.4) Closes the last 3 medium-severity items from Hamilton's system-wide audit. 0 critical, 0 high, 0 medium remaining. What changed: pool.py: * Pool acquire() growth path: restructured to remove _lock._is_owned() (CPython-private API) usage. Two explicit re-acquires (success path + exception path) replace the older try/finally + private check. connections.py: * _raise_from_rejection now extracts the server's human-readable error string from the rejection payload and surfaces it in the OperationalError. Wrong-password vs wrong-database now produce distinguishable errors. New helper _extract_server_error_text finds the longest printable-ASCII run (8-256 chars). Falls back to a hex preview when no string is found. * _send_exit: broadened catch from (OperationalError, InterfaceError, OSError, ProtocolError) to bare Exception. Best-effort by definition; the socket FD is freed by close()'s finally clause via _socket.IfxSocket.close (idempotent, never-raising). Prevents unexpected errors from escaping close() and leaving partial state. 5 new unit tests in test_protocol.py for _extract_server_error_text: finds-longest-run, picks-longest-of-multiple, too-short-returns-None, empty-handled, caps-at-256. 77 unit + 231 integration + 28 benchmark = 336 tests; ruff clean. Hamilton audit punch list final state: every actionable finding addressed. No CRITICAL, no HIGH, no MEDIUM remaining. Pre-Phase-26: 2 critical, 3 high, 5 medium Post-Phase-30: 0 critical, 0 high, 0 medium - PRODUCTION READY	2026-05-05 10:52:39 -06:00
Ryan Malloy	9b1fd8af2c	Phase 1: pure-Python SQLI login works end-to-end This commit takes informix-db from documentation-only (Phase 0 spike) to a functional connect() / close() against a real Informix server. To our knowledge, this is the first pure-socket Informix client in any language — no CSDK, no JVM, no native libraries. Layered architecture per the plan, mirroring PyMySQL's shape: src/informix_db/ __init__.py — PEP 249 surface (connect, exceptions, paramstyle="numeric") exceptions.py — full PEP 249 hierarchy declared up front _socket.py — raw socket I/O (read_exact, write_all, timeouts) _protocol.py — IfxStreamReader / IfxStreamWriter framing primitives (big-endian, 16-bit-aligned variable payloads, length-prefixed nul-terminated strings) _messages.py — SQ_* tags from IfxMessageTypes + ASF/login markers _auth.py — pluggable auth handlers; plain-password is the only Phase-1 implementation connections.py — Connection class: builds the binary login PDU (SLheader + PFheader byte-for-byte per PROTOCOL_NOTES.md §3), sends it, parses the server response, wires up close() Phase 1 design decisions locked in DECISION_LOG.md: - paramstyle = "numeric" (matches Informix ESQL/C convention) - Python >= 3.10 - autocommit defaults to off (PEP 249 implicit) - License: MIT - Distribution name: informix-db (verified PyPI-available) Test coverage: 34 unit tests (codec round-trips against synthetic byte streams; observed login-PDU values from the spike captures asserted as exact byte literals) + 6 integration tests (connect, idempotent close, context manager, bad-password → OperationalError, bad-host → OperationalError, cursor() raises NotImplementedError). pytest — runs 34 unit tests, no Docker needed pytest -m integration — runs 6 integration tests against the Developer Edition container (pinned by digest in tests/docker-compose.yml) pytest -m "" — runs everything ruff is clean across src/ and tests/. One bug found during smoke testing: threading.get_ident() can exceed signed 32-bit on some processes, overflowing struct.pack("!i"). Fixed the same way the JDBC reference does — clamp to signed 32-bit, fall back to 0 if out of range. The field is diagnostic only. One protocol-level observation that AMENDED the JDBC source reading: the "capability section" in the login PDU is three independently negotiated 4-byte ints (Cap_1=1, Cap_2=0x3c000000, Cap_3=0), not one int + 8 reserved zero bytes as my CFR decompile read suggested. The server echoes them back identically. Trust the wire over the decompiler. Phase 1 verification matrix (from PROTOCOL_NOTES.md §12): - Login byte layout: confirmed (server accepts our pure-Python PDU) - Disconnection: confirmed (SQ_EXIT round-trip works) - Framing primitives: confirmed (34 unit tests) - Error path: bad password → OperationalError, bad host → OperationalError Phase 2 (Cursor / SELECT / basic types) is the next phase. The hard unknowns there — exact column-descriptor layout, statement-time error format — were called out as bounded gaps in Phase 0 and have existing captures (02-select-1.socat.log, 02-dml-cycle.socat.log) to characterize against.	2026-05-02 19:10:24 -06:00

Author

SHA1

Message

Date

Ryan Malloy

0b13acb13d

Phase 30: Final hardening pass (2026.05.05.4)

Closes the last 3 medium-severity items from Hamilton's system-wide
audit. **0 critical, 0 high, 0 medium remaining.**

What changed:

pool.py:
* Pool acquire() growth path: restructured to remove _lock._is_owned()
  (CPython-private API) usage. Two explicit re-acquires (success path
  + exception path) replace the older try/finally + private check.

connections.py:
* _raise_from_rejection now extracts the server's human-readable
  error string from the rejection payload and surfaces it in the
  OperationalError. Wrong-password vs wrong-database now produce
  distinguishable errors. New helper _extract_server_error_text
  finds the longest printable-ASCII run (8-256 chars). Falls back
  to a hex preview when no string is found.
* _send_exit: broadened catch from (OperationalError, InterfaceError,
  OSError, ProtocolError) to bare Exception. Best-effort by
  definition; the socket FD is freed by close()'s finally clause via
  _socket.IfxSocket.close (idempotent, never-raising). Prevents
  unexpected errors from escaping close() and leaving partial state.

5 new unit tests in test_protocol.py for _extract_server_error_text:
finds-longest-run, picks-longest-of-multiple, too-short-returns-None,
empty-handled, caps-at-256.

77 unit + 231 integration + 28 benchmark = 336 tests; ruff clean.

Hamilton audit punch list final state: every actionable finding
addressed. No CRITICAL, no HIGH, no MEDIUM remaining.

  Pre-Phase-26: 2 critical, 3 high, 5 medium
  Post-Phase-30: 0 critical, 0 high, 0 medium - PRODUCTION READY

2026-05-05 10:52:39 -06:00

Ryan Malloy

9b1fd8af2c

Phase 1: pure-Python SQLI login works end-to-end

This commit takes informix-db from documentation-only (Phase 0 spike)
to a functional connect() / close() against a real Informix server.
To our knowledge, this is the first pure-socket Informix client in any
language — no CSDK, no JVM, no native libraries.

Layered architecture per the plan, mirroring PyMySQL's shape:

  src/informix_db/
    __init__.py        — PEP 249 surface (connect, exceptions, paramstyle="numeric")
    exceptions.py      — full PEP 249 hierarchy declared up front
    _socket.py         — raw socket I/O (read_exact, write_all, timeouts)
    _protocol.py       — IfxStreamReader / IfxStreamWriter framing primitives
                         (big-endian, 16-bit-aligned variable payloads,
                         length-prefixed nul-terminated strings)
    _messages.py       — SQ_* tags from IfxMessageTypes + ASF/login markers
    _auth.py           — pluggable auth handlers; plain-password is the
                         only Phase-1 implementation
    connections.py     — Connection class: builds the binary login PDU
                         (SLheader + PFheader byte-for-byte per
                         PROTOCOL_NOTES.md §3), sends it, parses the
                         server response, wires up close()

Phase 1 design decisions locked in DECISION_LOG.md:
  - paramstyle = "numeric" (matches Informix ESQL/C convention)
  - Python >= 3.10
  - autocommit defaults to off (PEP 249 implicit)
  - License: MIT
  - Distribution name: informix-db (verified PyPI-available)

Test coverage: 34 unit tests (codec round-trips against synthetic byte
streams; observed login-PDU values from the spike captures asserted as
exact byte literals) + 6 integration tests (connect, idempotent close,
context manager, bad-password → OperationalError, bad-host →
OperationalError, cursor() raises NotImplementedError).

  pytest                 — runs 34 unit tests, no Docker needed
  pytest -m integration  — runs 6 integration tests against the
                           Developer Edition container (pinned by digest
                           in tests/docker-compose.yml)
  pytest -m ""           — runs everything

ruff is clean across src/ and tests/.

One bug found during smoke testing: threading.get_ident() can exceed
signed 32-bit on some processes, overflowing struct.pack("!i"). Fixed
the same way the JDBC reference does — clamp to signed 32-bit, fall
back to 0 if out of range. The field is diagnostic only.

One protocol-level observation that AMENDED the JDBC source reading:
the "capability section" in the login PDU is three independently
negotiated 4-byte ints (Cap_1=1, Cap_2=0x3c000000, Cap_3=0), not one
int + 8 reserved zero bytes as my CFR decompile read suggested. The
server echoes them back identically. Trust the wire over the
decompiler.

Phase 1 verification matrix (from PROTOCOL_NOTES.md §12):
  - Login byte layout: confirmed (server accepts our pure-Python PDU)
  - Disconnection: confirmed (SQ_EXIT round-trip works)
  - Framing primitives: confirmed (34 unit tests)
  - Error path: bad password → OperationalError, bad host → OperationalError

Phase 2 (Cursor / SELECT / basic types) is the next phase. The hard
unknowns there — exact column-descriptor layout, statement-time error
format — were called out as bounded gaps in Phase 0 and have existing
captures (02-select-1.socat.log, 02-dml-cycle.socat.log) to characterize
against.

2026-05-02 19:10:24 -06:00

2 Commits