New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Protect against Git-repo jobs clobbering sys.modules #3859
Comments
As @gsnider2195 pointed out, since we add |
Add check in nautobot/nautobot/extras/models/datasources.py Lines 81 to 91 in 956c954
|
* Fix #3859 - add validation of GitRepository.slug against Python modules * Handle omitted slug case on initial create * Adjust wording
Implemented by #3943. |
As ...
Patti - Platform Admin
I want ...
To add Jobs via Git repositories without worrying about them impacting the overall stability of the platform.
After #3840 , there is a risk that a misnamed (or maliciously-named) Git repository could potentially clobber existing Python code. For example, creating a repository and assigning it the slug
nautobot
causes all sorts of havoc as it results in Nautobot unloading itself and then attempting to reimport all of Nautobot's code from the Git repository by that name.So that ...
The application is resilient to user error as well as mischievous/malicious actions by authenticated users.
I know this is done when...
slug
matches any currently loaded Python module in the Nautobot environment is rejected with an appropriate error message.Optional - Feature groups this request pertains to.
Database Changes
None
External Dependencies
None
The text was updated successfully, but these errors were encountered: