Secure core import

.travis.yml

@@ -5,12 +5,6 @@ python:
     - 2.7
 sudo: false
 install:
-  - |
-    # install pip 10 on python 3.3
-    # to get requires_python support
-    if [[ $TRAVIS_PYTHON_VERSION == "3.3" ]]; then
-      pip install pip==10.*
-    fi
   - pip install --upgrade setuptools pip
   - pip install --upgrade --upgrade-strategy eager --pre -e .[test] pytest-cov pytest-warnings codecov
   - pip freeze

jupyter_client/connect.py

@@ -32,78 +32,7 @@
 from traitlets import (
     Bool, Integer, Unicode, CaselessStrEnum, Instance, Type,
 )
-from jupyter_core.paths import jupyter_data_dir, jupyter_runtime_dir
-
-
-# TODO: Move to jupyter_core
-def win32_restrict_file_to_user(fname):
-    """Secure a windows file to read-only access for the user.
-    Follows guidance from win32 library creator:
-    http://timgolden.me.uk/python/win32_how_do_i/add-security-to-a-file.html
-
-    This method should be executed against an already generated file which
-    has no secrets written to it yet.
-
-    Parameters
-    ----------
-
-    fname : unicode
-        The path to the file to secure
-    """
-    import win32api
-    import win32security
-    import ntsecuritycon as con
-
-    # everyone, _domain, _type = win32security.LookupAccountName("", "Everyone")
-    admins = win32security.CreateWellKnownSid(win32security.WinBuiltinAdministratorsSid)
-    user, _domain, _type = win32security.LookupAccountName("", win32api.GetUserName())
-
-    sd = win32security.GetFileSecurity(fname, win32security.DACL_SECURITY_INFORMATION)
-
-    dacl = win32security.ACL()
-    # dacl.AddAccessAllowedAce(win32security.ACL_REVISION, con.FILE_ALL_ACCESS, everyone)
-    dacl.AddAccessAllowedAce(win32security.ACL_REVISION, con.FILE_GENERIC_READ | con.FILE_GENERIC_WRITE, user)
-    dacl.AddAccessAllowedAce(win32security.ACL_REVISION, con.FILE_ALL_ACCESS, admins)
-
-    sd.SetSecurityDescriptorDacl(1, dacl, 0)
-    win32security.SetFileSecurity(fname, win32security.DACL_SECURITY_INFORMATION, sd)
-
-
-# TODO: Move to jupyter_core
-@contextmanager
-def secure_write(fname, binary=False):
-    """Opens a file in the most restricted pattern available for
-    writing content. This limits the file mode to `600` and yields
-    the resulting opened filed handle.
-
-    Parameters
-    ----------
-
-    fname : unicode
-        The path to the file to write
-    """
-    mode = 'wb' if binary else 'w'
-    open_flag = os.O_CREAT | os.O_WRONLY | os.O_TRUNC
-    try:
-        os.remove(fname)
-    except (IOError, OSError):
-        # Skip any issues with the file not existing
-        pass
-
-    if os.name == 'nt':
-        # Python on windows does not respect the group and public bits for chmod, so we need
-        # to take additional steps to secure the contents.
-        # Touch file pre-emptively to avoid editing permissions in open files in Windows
-        fd = os.open(fname, os.O_CREAT | os.O_WRONLY | os.O_TRUNC, 0o600)
-        os.close(fd)
-        open_flag = os.O_WRONLY | os.O_TRUNC
-        win32_restrict_file_to_user(fname)
-
-    with os.fdopen(os.open(fname, open_flag, 0o600), mode) as f:
-        if os.name != 'nt':
-            # Enforce that the file got the requested permissions before writing
-            assert '0600' == oct(stat.S_IMODE(os.stat(fname).st_mode)).replace('0o', '0')
-        yield f
+from jupyter_core.paths import jupyter_data_dir, jupyter_runtime_dir, secure_write
 
 
 def write_connection_file(fname=None, shell_port=0, iopub_port=0, stdin_port=0, hb_port=0,

setup.py

@@ -88,7 +88,7 @@ def run(self):
     ],
     install_requires = [
         'traitlets',
-        'jupyter_core',
+        'jupyter_core>=4.6.0',
         'pyzmq>=13',
         'python-dateutil>=2.1',
         'tornado>=4.1',