-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ZeroMQ publisher plugin #70
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice plugin, there is just the use of exec()
which raises a couple of red flags to me. See comment for how you could work around that using native tools :-)
zmq/cl-zmq.py
Outdated
for nt in NOTIFICATION_TYPES: | ||
# subscribe to all notifications | ||
subscribe = SUBSCRIBE_TEMPLATE.format(nt, nt, nt, nt) | ||
exec(subscribe) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems rather dangerous. I'd suggest creating a generic handler, use functools.partial
to generate variants with the notification type bound and then using plugin.add_subscription
to register them.
Something like the following would do I think:
def on_notification(notification_type, plugin, *args, **kwargs):
if len(args) != 0:
 plugin.log("got unexpected args: {}".format(args), level="warn")
 reactor.callFromThread(publisher.publish_notification, "{}",
 *args, **kwargs)
for nt in NOTIFICATION_TYPES:
f = functools.partial(on_notification, nt)
plugin.add_subscription(nt, f)
This would not call the python interpreter with a variable payload. In this case it's likely ok with your mechanism, since it just fills in the notification types, but in other cases this could be a security vulnerability since you execute code that was provided from outside.
Great suggestion. Defining code in a string also is kind of ugly and One issue I bumped into in the revised implementation is that
|
Good catch, I'll add a check that should make that no longer necessary. |
I have patched |
It might be interesting to write a couple of tests by the way so that we don't accidentally break compatibility while working on c-lightning 😉 |
A plugin that subscribes to notification and passes them through to be published to ZeroMQ endpoints. It utilizes Twisted and txZMQ to facilitate the publication. An additional script is provided to serve as an example for how to subscribe to the events.
The presentation was chosen to follow how
bitcoind
sets up its ZMQ publishing functionality.NOTE: The plugin source file is given the name
cl-zmq.py
as opposed tozmq.py
because the package dependencies import the official ZeroMQ python packages viafrom zmq import ...
which is a namespace conflict with a source file namedzmq.py
.