|
|
@@ -1126,6 +1126,26 @@
|
|
|
no admin rate limit (F29), this amplifies query cost
|
|
|
significantly. Refactor to batch-load enrichment by ip_bin set.
|
|
|
- **Severity: 2**
|
|
|
+- **Status:** Fixed in `0594305`. `IpsController::list` no longer issues per-row
|
|
|
+ lookups. Two new batch methods replace the inner loop:
|
|
|
+ `IpEnrichmentRepository::findByIpBins()` runs a single
|
|
|
+ `WHERE ip_bin IN (…)` SELECT and returns a bin-keyed map;
|
|
|
+ `IpScoreRepository::topCategoryByIpBins()` runs one
|
|
|
+ `score > 0 AND ip_bin IN (…) ORDER BY ip_bin, score DESC` SELECT
|
|
|
+ and groups in PHP. The third per-row call —
|
|
|
+ `EffectiveStatusService::forIp` — is replaced by
|
|
|
+ `effectiveStatusFromRow()`, which derives the `Scored` decision
|
|
|
+ from the search row's existing `max_score` column and reuses the
|
|
|
+ in-memory `CidrEvaluator` for the `Allowlisted` / `ManuallyBlocked`
|
|
|
+ checks (already O(1) hash lookups, loaded once per request). Net
|
|
|
+ cost drops from `2 + 3·page_size` round-trips per page (601 at
|
|
|
+ page_size=200) to 4: search + count, plus the two batch lookups —
|
|
|
+ invariant in page size. Combined with the per-token admin rate
|
|
|
+ limit added under F29 and the deep-pagination guard added under
|
|
|
+ F31, a Viewer can no longer drive query cost via either depth or
|
|
|
+ per-row amplification. Regression tests in
|
|
|
+ `api/tests/Integration/Admin/IpsControllerTest.php`
|
|
|
+ (`testSearchBatchesPerRowLookups`, `testSearchStatusUsesMaxScoreColumn`).
|
|
|
|
|
|
---
|
|
|
|
chiappa