zeroshade commented on code in PR #676: URL: https://github.com/apache/iceberg-go/pull/676#discussion_r2728941025
########## puffin/puffin_reader.go: ########## @@ -0,0 +1,376 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package puffin + +import ( + "bytes" + "encoding/binary" + "encoding/json" + "errors" + "fmt" + "io" + "sort" +) + +// ReaderAtSeeker combines io.ReaderAt and io.Seeker for reading Puffin files. +// This interface is implemented by *os.File, *bytes.Reader, and similar types. +type ReaderAtSeeker interface { + io.ReaderAt + io.Seeker +} + +// Reader reads blobs and metadata from a Puffin file. +// +// Usage: +// +// r, err := puffin.NewReader(file) +// if err != nil { +// return err +// } +// for i := range r.Footer().Blobs { +// blob, err := r.ReadBlob(i) +// // process blob.Data +// } +type Reader struct { + r ReaderAtSeeker + size int64 + footer *Footer + footerStart int64 // cached after ReadFooter + maxBlobSize int64 +} + +// BlobData pairs a blob's metadata with its content. +type BlobData struct { + Metadata BlobMetadata + Data []byte +} + +// ReaderOption configures a Reader. +type ReaderOption func(*Reader) + +// WithMaxBlobSize sets the maximum blob size allowed when reading. +// This prevents OOM attacks from malicious files with huge blob lengths. +// Default is DefaultMaxBlobSize (256 MB). +func WithMaxBlobSize(size int64) ReaderOption { + return func(r *Reader) { + r.maxBlobSize = size + } +} + +// NewReader creates a new Puffin file reader. +// The file size is auto-detected using Seek. +// It validates magic bytes and reads the footer eagerly. +// The caller is responsible for closing the underlying reader. +func NewReader(r ReaderAtSeeker, opts ...ReaderOption) (*Reader, error) { + if r == nil { + return nil, errors.New("puffin: reader is nil") + } + + // Auto-detect file size + size, err := r.Seek(0, io.SeekEnd) + if err != nil { + return nil, fmt.Errorf("puffin: detect file size: %w", err) + } + + // Minimum size: header magic + footer magic + footer trailer + // [Magic] + zero for blob + [Magic] + [FooterPayloadSize (assuming ~0)] + [Flags] + [Magic] + minSize := int64(MagicSize + MagicSize + footerTrailerSize) + if size < minSize { + return nil, fmt.Errorf("puffin: file too small (%d bytes, minimum %d)", size, minSize) + } + + // Validate header magic + var headerMagic [MagicSize]byte + if _, err := r.ReadAt(headerMagic[:], 0); err != nil { + return nil, fmt.Errorf("puffin: read header magic: %w", err) + } + if !bytes.Equal(headerMagic[:], magic[:]) { + return nil, errors.New("puffin: invalid header magic") + } + + pr := &Reader{ + r: r, + size: size, + maxBlobSize: DefaultMaxBlobSize, + } + + for _, opt := range opts { + opt(pr) + } + + // Read footer + if _, err := pr.readFooter(); err != nil { + return nil, err + } + + return pr, nil +} + +// Footer returns the parsed footer metadata. +// The footer is read during NewReader, so this always returns a valid footer. +func (r *Reader) Footer() *Footer { + return r.footer +} Review Comment: in what scenario would a user actually want to grab the entire footer? I'd prefer if we provide accessors to individual objects/pieces rather than allow unfettered access to the whole footer -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
