Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark all stormlib functions that are readonly safe as readonly safe (SYN-4905) #3402

Merged
merged 14 commits into from Nov 14, 2023
Merged

Mark all stormlib functions that are readonly safe as readonly safe (SYN-4905) #3402

merged 14 commits into from Nov 14, 2023

Conversation

vEpiphyte
Copy link
Contributor

No description provided.

@vEpiphyte vEpiphyte added enhancement reqChangelog requires changelog labels Oct 30, 2023
@vEpiphyte vEpiphyte closed this Oct 30, 2023
@vEpiphyte vEpiphyte changed the title Mark all stormlib functions that are readonly safe as readonly safe (SYN-4905) WIP Mark all stormlib functions that are readonly safe as readonly safe (SYN-4905) Oct 30, 2023
@vEpiphyte vEpiphyte reopened this Oct 30, 2023
@vEpiphyte vEpiphyte marked this pull request as draft October 30, 2023 17:19
@codecov Codecov
Copy link

codecov bot commented Nov 9, 2023
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (e81c266) 97.38% compared to head (c5e4eee) 97.30%.
Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3402      +/-   ##
==========================================
- Coverage   97.38%   97.30%   -0.09%     
==========================================
  Files         233      233              
  Lines       47899    48124     +225     
==========================================
+ Hits        46646    46825     +179     
- Misses       1253     1299      +46
Flag Coverage Δ
linux 97.30% <100.00%> (+0.01%) ⬆️
linux_replay ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@vEpiphyte vEpiphyte marked this pull request as ready for review November 13, 2023 18:14
@vEpiphyte vEpiphyte changed the title WIP Mark all stormlib functions that are readonly safe as readonly safe (SYN-4905) Mark all stormlib functions that are readonly safe as readonly safe (SYN-4905) Nov 13, 2023
@vEpiphyte vEpiphyte added this to the v2.15x.x milestone Nov 13, 2023
Cisphyx
Cisphyx reviewed Nov 13, 2023
View reviewed changes
synapse/lib/stormtypes.py Outdated Show resolved Hide resolved
MichaelSquires
MichaelSquires reviewed Nov 13, 2023
View reviewed changes
Copy link
Contributor

@MichaelSquires MichaelSquires left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it looks good but I had a couple of questions about some of the readonly APIs.

synapse/lib/stormlib/cell.py
async def _getCellInfo(self):
if not self.runt.isAdmin():
mesg = '$lib.cell.getCellInfo() requires admin privs.'
raise s_exc.AuthDeny(mesg=mesg, user=self.runt.user.iden, username=self.runt.user.name)
return await self.runt.snap.core.getCellInfo()

@s_stormtypes.stormfunc(readonly=True)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any concern about returning admin restricted info even if it doesn't modify anything?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not aware of any concerns there. An unprivileged execution context would still not be able to access this information.

One scenario where this could be used is in an extended HTTP API handler. A handler setup to run as the owner ( an admin ) in readonly mode could then access this information and that should be okay IMO; since that would be an opt-in behavior by the org/individuals configuring their Cortex.

synapse/lib/stormlib/compression.py Outdated Show resolved Hide resolved
synapse/lib/stormlib/compression.py Outdated Show resolved Hide resolved
synapse/lib/stormlib/compression.py Outdated Show resolved Hide resolved
synapse/lib/stormlib/stix.py
@@ -653,10 +653,12 @@ def getObjLocals(self):
'validate': self.validateBundle,
}

@s_stormtypes.stormfunc(readonly=True)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The semafork is limited to a fixed number of forks, right? Could this be used to fork bomb?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fork bomb; no. We limit the # of concurrent semafork calls such that the forkpool always has reserved workers for parsing storm queries.

Bad input here ( bad meaning the stix validation to go out to lunch ) would be a DOS regardless of readonly status.

Copy link
Contributor Author

@vEpiphyte vEpiphyte Nov 14, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per discussion we'll leave this as is ( with the readonly=true marking ).

@vEpiphyte vEpiphyte merged commit 7bcda4c into master Nov 14, 2023
5 checks passed
@vEpiphyte vEpiphyte deleted the feat_readonly_model branch November 14, 2023 16:30
@vEpiphyte vEpiphyte removed the reqChangelog requires changelog label Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaelSquires MichaelSquires MichaelSquires left review comments

@Cisphyx Cisphyx Cisphyx approved these changes

@invisig0th invisig0th Awaiting requested review from invisig0th

@mikemoritz mikemoritz Awaiting requested review from mikemoritz

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v2.154.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vEpiphyte @Cisphyx @MichaelSquires