Skip to content

Commit

Permalink
STAR-431: Add option to prevent any file-I/O from cqlsh
Browse files Browse the repository at this point in the history 
Co-authored-by: Robert Stupp <snazy@snazy.de>
  • Loading branch information
@mfleming @snazy @jtgrabowski
2 people authored and jtgrabowski committed Jun 14, 2021
1 parent c0fa154 commit d7e5ff4
Showing 1 changed file with 28 additions and 1 deletion.
29 changes: 28 additions & 1 deletion bin/cqlsh.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ def find_zip(libprefix):
DEFAULT_SSL = False
DEFAULT_CONNECT_TIMEOUT_SECONDS = 5
DEFAULT_REQUEST_TIMEOUT_SECONDS = 10
DEFAULT_NO_FILE_IO = False

DEFAULT_FLOAT_PRECISION = 5
DEFAULT_DOUBLE_PRECISION = 5
Expand Down Expand Up @@ -231,6 +232,8 @@ def find_zip(libprefix):
help='Specify the default request timeout in seconds (default: %default seconds).')
parser.add_option("-t", "--tty", action='store_true', dest='tty',
help='Force tty mode (command prompt).')
parser.add_option("--no-file-io", action='store_true', dest='no_file_io',
help='Disable cqlsh commands that perform file I/O.')

optvalues = optparse.Values()
(options, arguments) = parser.parse_args(sys.argv[1:], values=optvalues)
Expand Down Expand Up @@ -422,6 +425,7 @@ class Shell(cmd.Cmd):
last_hist = None
shunted_query_out = None
use_paging = True
no_file_io = False

default_page_size = 100

Expand All @@ -442,7 +446,8 @@ def __init__(self, hostname, port, color=False,
request_timeout=DEFAULT_REQUEST_TIMEOUT_SECONDS,
protocol_version=None,
connect_timeout=DEFAULT_CONNECT_TIMEOUT_SECONDS,
is_subshell=False):
is_subshell=False,
no_file_io=False):
cmd.Cmd.__init__(self, completekey=completekey)
self.hostname = hostname
self.port = port
Expand Down Expand Up @@ -532,6 +537,7 @@ def __init__(self, hostname, port, color=False,
self.statement_error = False
self.single_statement = single_statement
self.is_subshell = is_subshell
self.no_file_io = no_file_io

@property
def batch_mode(self):
Expand Down Expand Up @@ -1547,6 +1553,10 @@ def do_copy(self, parsed):
on a line by itself to end the data input.
"""

if self.no_file_io:
self.printerr('No file I/O permitted')
return

ks = self.cql_unprotect_name(parsed.get_binding('ksname', None))
if ks is None:
ks = self.current_keyspace
Expand Down Expand Up @@ -1631,6 +1641,11 @@ def do_source(self, parsed):
See also the --file option to cqlsh.
"""

if self.no_file_io:
self.printerr('No file I/O permitted')
return

fname = parsed.get_binding('fname')
fname = os.path.expanduser(self.cql_unprotect_value(fname))
try:
Expand Down Expand Up @@ -1691,6 +1706,11 @@ def do_capture(self, parsed):
To inspect the current capture configuration, use CAPTURE with no
arguments.
"""

if self.no_file_io:
self.printerr('No file I/O permitted')
return

fname = parsed.get_binding('fname')
if fname is None:
if self.shunted_query_out is not None:
Expand Down Expand Up @@ -1888,6 +1908,11 @@ def do_clear(self, parsed):
do_cls = do_clear

def do_debug(self, parsed):

if self.no_file_io:
self.printerr('No file I/O permitted')
return

import pdb
pdb.set_trace()

Expand Down Expand Up @@ -2153,6 +2178,7 @@ def read_options(cmdlineargs, environment):
optvalues.connect_timeout = option_with_default(configs.getint, 'connection', 'timeout', DEFAULT_CONNECT_TIMEOUT_SECONDS)
optvalues.request_timeout = option_with_default(configs.getint, 'connection', 'request_timeout', DEFAULT_REQUEST_TIMEOUT_SECONDS)
optvalues.execute = None
optvalues.no_file_io = option_with_default(configs.getboolean, 'ui', 'no_file_io', False)

(options, arguments) = parser.parse_args(cmdlineargs, values=optvalues)
# Make sure some user values read from the command line are in unicode
Expand Down Expand Up @@ -2323,6 +2349,7 @@ def main(options, hostname, port):
single_statement=options.execute,
request_timeout=options.request_timeout,
connect_timeout=options.connect_timeout,
no_file_io=options.no_file_io,
encoding=options.encoding)
except KeyboardInterrupt:
sys.exit('Connection aborted.')
Expand Down

0 comments on commit d7e5ff4

Please sign in to comment.