p6micgy9w
/
monkeyking
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feedback: validate sock-mode.

Browse Source
pull/4835/head
Kris Wilson 6 years ago
parent ee509ad2d9
commit 1af8283afa
2 changed files with 51 additions and 7 deletions
Show Stats Download Patch File Download Diff File

27
notebook/notebookapp.py
Unescape View File

@ -26,6 +26,7 @@ import re
import select
import signal
import socket
import stat
import sys
import tempfile
import threading
@ -759,7 +760,7 @@ class NotebookApp(JupyterApp):
return 'localhost'
@validate('ip')
def _valdate_ip(self, proposal):
def _validate_ip(self, proposal):
value = proposal['value']
if value == u'*':
value = u''
@ -786,10 +787,28 @@ class NotebookApp(JupyterApp):
help=_("The UNIX socket the notebook server will listen on.")
)
sock_mode = Unicode(u'0600', config=True,
help=_("The permissions mode/umask for UNIX socket creation (default: 0600).")
sock_mode = Integer(int('0600', 8), config=True,
help=_("The permissions mode for UNIX socket creation (default: 0600).")
)
@validate('sock_mode')
def _validate_sock_mode(self, proposal):
value = proposal['value']
try:
converted_value = int(value.encode(), 8)
# Ensure the mode is at least user readable/writable.
assert all((
bool(converted_value & stat.S_IRUSR),
bool(converted_value & stat.S_IWUSR),
))
except ValueError:
raise TraitError('invalid --sock-mode value: %s' % value)
except AssertionError:
raise TraitError(
'invalid --sock-mode value: %s, must have u+rw (0600) at a minimum' % value
)
return converted_value
port_retries = Integer(50, config=True,
help=_("The number of additional ports to try if the specified port is not available.")
)
@ -1616,7 +1635,7 @@ class NotebookApp(JupyterApp):
def _bind_http_server_unix(self):
try:
sock = bind_unix_socket(self.sock, mode=int(self.sock_mode.encode(), 8))
sock = bind_unix_socket(self.sock, mode=self.sock_mode)
self.http_server.add_socket(sock)
except socket.error as e:
if e.errno == errno.EADDRINUSE:

31
notebook/tests/test_notebookapp_integration.py
Unescape View File

@ -17,11 +17,13 @@ def test_shutdown_sock_server_integration():
encoded_sock_path = urlencode_unix_socket_path(sock)
p = subprocess.Popen(
['jupyter-notebook', '--sock=%s' % sock],
['jupyter-notebook', '--sock=%s' % sock, '--sock-mode=0700'],
stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
complete = False
for line in iter(p.stderr.readline, b''):
print(line)
if url in line:
complete = True
break
@ -30,8 +32,8 @@ def test_shutdown_sock_server_integration():
assert encoded_sock_path.encode() in subprocess.check_output(['jupyter-notebook', 'list'])
# Ensure default umask is properly applied.
assert stat.S_IMODE(os.lstat(sock).st_mode) == 0o600
# Ensure umask is properly applied.
assert stat.S_IMODE(os.lstat(sock).st_mode) == 0o700
try:
subprocess.check_output(['jupyter-notebook', 'stop'], stderr=subprocess.STDOUT)
@ -49,6 +51,29 @@ def test_shutdown_sock_server_integration():
p.wait()
def test_sock_server_validate_sockmode_type():
try:
subprocess.check_output(
['jupyter-notebook', '--sock=/tmp/nonexistent', '--sock-mode=badbadbad'],
stderr=subprocess.STDOUT
)
except subprocess.CalledProcessError as e:
assert 'badbadbad' in e.output.decode()
else:
raise AssertionError('expected execution to fail due to validation of --sock-mode param')
def test_sock_server_validate_sockmode_accessible():
try:
subprocess.check_output(
['jupyter-notebook', '--sock=/tmp/nonexistent', '--sock-mode=0444'],
stderr=subprocess.STDOUT
)
except subprocess.CalledProcessError as e:
assert '0444' in e.output.decode()
else:
raise AssertionError('expected execution to fail due to validation of --sock-mode param')
def _ensure_stopped(check_msg='There are no running servers'):
try:

Write Preview
Loading…
Cancel
Save