Add strict param to enforce RECAP_URLS for gateway
#408
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The gateway has a gaping security hole. It allows users to ls/schema on arbitrary URLs using whatever credentials the gateway host might have. This is dangerous in a cloud environment where the host might be given a service account with access to systems that end users should not have access to. It also is dangerous now that we have a FilesystemClient that allows users to read the local disk. I've fixed this by forcing the gateway to run `ls` and `schema` commands with `struct=True`. This parmater forces any URLs to be defined in the RECAP_URLS environment variable. Unknown URLs will now fail with a ValueError. I have left the CLI with `strict=False` because the users running locally should be able to query whatever they want using the credentials they have on their machine.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The gateway has a gaping security hole. It allows users to ls/schema on arbitrary URLs using whatever credentials the gateway host might have. This is dangerous in a cloud environment where the host might be given a service account with access to systems that end users should not have access to. It also is dangerous now that we have a FilesystemClient that allows users to read the local disk.
I've fixed this by forcing the gateway to run
lsandschemacommands withstruct=True. This parmater forces any URLs to be defined in the RECAP_URLS environment variable. Unknown URLs will now fail with a ValueError.I have left the CLI with
strict=Falsebecause the users running locally should be able to query whatever they want using the credentials they have on their machine.