[SF-11323] disallow sending command getkeys

bellatoris · bellatoris · commit bb738aeb14c5 · 2023-07-13T21:01:53.000+09:00
diff --git a/redis/connection.py b/redis/connection.py
@@ -878,6 +878,14 @@ def pack_command(self, *args):
         elif b" " in args[0]:
             args = tuple(args[0].split()) + args[1:]
 
+        # `COMMAND GETKEYS` can crash redis server entirely under certain conditions.
+        # So we have decided to make sure that `COMMAND GETKEYS` is never sent to the server.
+        # If you need to send `COMMAND GETKEYS` to the server, please reach out to Doogie
+        # and Zach to discuss the use case.
+        # ref: https://github.com/redis/redis/pull/12380
+        if len(args) > 1 and args[0].lower() == b'command' and args[1].lower().startswith(b'getkeys'):
+            raise Exception(f'Redis command "{args[0].decode()} {args[1].decode()}" is not supported')
+
         buff = SYM_EMPTY.join((SYM_STAR, str(len(args)).encode(), SYM_CRLF))
 
         buffer_cutoff = self._buffer_cutoff
diff --git a/tests/test_commands.py b/tests/test_commands.py
@@ -4585,21 +4585,22 @@ def test_command_list(self, r: redis.Redis):
     @skip_if_server_version_lt("2.8.13")
     @skip_if_redis_enterprise()
     def test_command_getkeys(self, r):
-        res = r.command_getkeys("MSET", "a", "b", "c", "d", "e", "f")
-        assert res == ["a", "c", "e"]
-        res = r.command_getkeys(
-            "EVAL",
-            '"not consulted"',
-            "3",
-            "key1",
-            "key2",
-            "key3",
-            "arg1",
-            "arg2",
-            "arg3",
-            "argN",
-        )
-        assert res == ["key1", "key2", "key3"]
+        with pytest.raises(Exception):
+            res = r.command_getkeys("MSET", "a", "b", "c", "d", "e", "f")
+            assert res == ["a", "c", "e"]
+            res = r.command_getkeys(
+                "EVAL",
+                '"not consulted"',
+                "3",
+                "key1",
+                "key2",
+                "key3",
+                "arg1",
+                "arg2",
+                "arg3",
+                "argN",
+            )
+            assert res == ["key1", "key2", "key3"]
 
     @skip_if_server_version_lt("2.8.13")
     def test_command(self, r):
@@ -4613,13 +4614,14 @@ def test_command(self, r):
     @skip_if_server_version_lt("7.0.0")
     @skip_if_redis_enterprise()
     def test_command_getkeysandflags(self, r: redis.Redis):
-        res = [
-            [b"mylist1", [b"RW", b"access", b"delete"]],
-            [b"mylist2", [b"RW", b"insert"]],
-        ]
-        assert res == r.command_getkeysandflags(
-            "LMOVE", "mylist1", "mylist2", "left", "left"
-        )
+        with pytest.raises(Exception):
+            res = [
+                [b"mylist1", [b"RW", b"access", b"delete"]],
+                [b"mylist2", [b"RW", b"insert"]],
+            ]
+            assert res == r.command_getkeysandflags(
+                "LMOVE", "mylist1", "mylist2", "left", "left"
+            )
 
     @pytest.mark.onlynoncluster
     @skip_if_server_version_lt("4.0.0")
