llama-stack-mirror

mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-03 09:53:45 +00:00

History

Ashwin Bharambe 4e6c769cc4 fix(context): prevent provider data leak between streaming requests (#3924 ) ## Summary - `preserve_contexts_async_generator` left `PROVIDER_DATA_VAR` (and other context vars) populated after a streaming generator completed on HEAD~1, so the asyncio context for request N+1 started with request N's provider payload. - FastAPI dependencies and middleware execute before `request_provider_data_context` rebinds the header data, meaning auth/logging hooks could observe a prior tenant's credentials or treat them as authenticated. Traces and any background work that inspects the context outside the `with` block leak as well—this is a real security regression, not just a CLI artifact. - The wrapper now restores each tracked `ContextVar` to the value it held before the iteration (falling back to clearing when necessary) after every yield and when the generator terminates, so provider data is wiped while callers that set their own defaults keep them. ## Test Plan - `uv run pytest tests/unit/core/test_provider_data_context.py -q` - `uv run pytest tests/unit/distribution/test_context.py -q` Both suites fail on HEAD~1 and pass with this change.		2025-10-27 23:01:12 -07:00
..
access_control	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
conversations	fix: add missing shutdown methods to PromptServiceImpl and ConversationServiceImpl (#3925 )	2025-10-27 13:41:38 -07:00
prompts	fix: add missing shutdown methods to PromptServiceImpl and ConversationServiceImpl (#3925 )	2025-10-27 13:41:38 -07:00
routers	chore(telemetry): more cleanup: remove apis.telemetry (#3919 )	2025-10-27 22:20:15 -07:00
routing_tables	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
server	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
storage	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
store	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
telemetry	chore(telemetry): more cleanup: remove apis.telemetry (#3919 )	2025-10-27 22:20:15 -07:00
ui	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
utils	fix(context): prevent provider data leak between streaming requests (#3924 )	2025-10-27 23:01:12 -07:00
__init__.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
build.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
client.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
common.sh	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
configure.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
datatypes.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
distribution.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
external.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
id_generation.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
inspect.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
library_client.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
providers.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
request_headers.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
resolver.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
stack.py	chore(telemetry): more cleanup: remove apis.telemetry (#3919 )	2025-10-27 22:20:15 -07:00
start_stack.sh	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00
testing_context.py	chore(package): migrate to src/ layout (#3920 )	2025-10-27 12:02:21 -07:00