Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: disable plugin in default and persist file in specified dir #7087

Merged
merged 8 commits into from
Sep 22, 2023
Merged

security: disable plugin in default and persist file in specified dir #7087

merged 8 commits into from
Sep 22, 2023

Conversation

HuSharp
Copy link
Member

@HuSharp HuSharp commented Sep 13, 2023
edited
Loading

What problem does this PR solve?

Issue Number: Close #7094

What is changed and how does it work?

  • Load plugin and persist file in specified dir [config data dir]
  • Judge persist file name rather than delete this interface to keep compatible
  • Support a config to decide whether to enable the plugin

Check List

Tests

  • Unit test

Release note

Add compile configuration to enable `Load Plugin` and disable `Load Plugin` by default. Need to `make pd-server-plugin` when want to enable plugin

@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 13, 2023
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • lhy1024
  • nolouch

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 13, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@ti-chi-bot ti-chi-bot bot added release-note-none Denotes a PR that doesn't merit a release note. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/needs-linked-issue labels Sep 13, 2023
@ti-chi-bot ti-chi-bot bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 13, 2023
@HuSharp HuSharp marked this pull request as ready for review September 13, 2023 09:42
@ti-chi-bot ti-chi-bot bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 13, 2023
@ti-chi-bot ti-chi-bot bot added the status/LGT1 Indicates that a PR has LGTM 1. label Sep 14, 2023
@ti-chi-bot ti-chi-bot bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 14, 2023
@HuSharp
fix
2df55d6 
Signed-off-by: husharp <[email protected]>
@codecov
Copy link

codecov bot commented Sep 14, 2023
edited
Loading

Codecov Report

Merging #7087 (0859671) into master (e6c8841) will increase coverage by 0.02%.
Report is 2 commits behind head on master.
The diff coverage is 31.81%.

❗ Current head 0859671 differs from pull request most recent head 31954ca. Consider uploading reports for the commit 31954ca to get more accurate results

@@            Coverage Diff             @@
##           master    #7087      +/-   ##
==========================================
+ Coverage   74.31%   74.33%   +0.02%     
==========================================
  Files         440      440              
  Lines       47217    47202      -15     
==========================================
  Hits        35088    35088              
+ Misses       9034     9015      -19     
- Partials     3095     3099       +4
Flag Coverage Δ
unittests 74.33% <31.81%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@HuSharp HuSharp changed the title api/server:fix data dir to avoid inject virus file security: disable plugin in default and persist file in specified dir Sep 14, 2023
lhy1024
lhy1024 reviewed Sep 14, 2023
View reviewed changes
pkg/schedule/config/config.go Outdated
@@ -57,6 +57,7 @@ const (
defaultEnablePlacementRules = true
defaultEnableWitness = false
defaultHaltScheduling = false
defaultEnableSchedulePlugin = false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we need to add a release note about the default value changed

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added.

@ti-chi-bot ti-chi-bot bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Sep 15, 2023
nolouch
nolouch reviewed Sep 18, 2023
View reviewed changes
server/api/plugin.go Outdated
@@ -48,6 +48,10 @@ func newPluginHandler(handler *server.Handler, rd *render.Render) *pluginHandler
// @Failure 500 {string} string "PD server failed to proceed the request."
// @Router /plugin [post]
func (h *pluginHandler) LoadPlugin(w http.ResponseWriter, r *http.Request) {
if !h.GetScheduleConfig().EnableSchedulePlugin {
Copy link
Contributor

@nolouch nolouch Sep 18, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better to be a compile option, and disable by default. otherwise, hackers may enable it.

Copy link
Member Author

@HuSharp HuSharp Sep 20, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PTAL! after make pd-server-plugin:

curl -X POST 'http://127.0.0.1:2379/pd/api/v1/plugin'                                                                                                                                                                
load plugin is disabled, please `make pd-server-plugin` first%

curl -X DELETE 'http://127.0.0.1:2379/pd/api/v1/plugin'                                                                                                                                                              
unload plugin is disabled, please `make pd-server-plugin` first%

cc @lhy1024

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about PLUGIN=1 make pd-server, similiar to SWAGGER and DASHBOARD

@HuSharp
config in compile
4df65ba 
Signed-off-by: husharp <[email protected]>
@ti-chi-bot ti-chi-bot bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Sep 22, 2023
@nolouch
Copy link
Contributor

nolouch commented Sep 22, 2023

/merge

@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 22, 2023

@nolouch: It seems you want to merge this PR, I will help you trigger all the tests:

/run-all-tests

You only need to trigger /merge once, and if the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

If you have any questions about the PR merge process, please refer to pr process.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 22, 2023

This pull request has been accepted and is ready to merge.

Commit hash: 0859671

@ti-chi-bot ti-chi-bot bot added the status/can-merge Indicates a PR has been approved by a committer. label Sep 22, 2023
@CabinfeverB
Copy link
Member

/hold

@ti-chi-bot ti-chi-bot bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 22, 2023
@CabinfeverB
Copy link
Member

/hold cancel

@ti-chi-bot ti-chi-bot bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 22, 2023
@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 22, 2023

@HuSharp: Your PR was out of date, I have automatically updated it for you.

If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@HuSharp
Copy link
Member Author

HuSharp commented Sep 22, 2023

/hold

@ti-chi-bot ti-chi-bot bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 22, 2023
@HuSharp
Copy link
Member Author

HuSharp commented Sep 22, 2023

/hold cancel

@ti-chi-bot ti-chi-bot bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 22, 2023
@ti-chi-bot ti-chi-bot bot merged commit a21fd58 into tikv:master Sep 22, 2023
19 checks passed
@HuSharp HuSharp deleted the check_dir branch September 22, 2023 10:28
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.5: #7141.

ti-chi-bot pushed a commit to ti-chi-bot/pd that referenced this pull request Sep 22, 2023
@HuSharp @ti-chi-bot
This is an automated cherry-pick of tikv#7087
a1410ed 
close tikv#7094

Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot ti-chi-bot mentioned this pull request Sep 22, 2023
Merged
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-7.1: #7142.

ti-chi-bot pushed a commit to ti-chi-bot/pd that referenced this pull request Sep 22, 2023
@HuSharp @ti-chi-bot
This is an automated cherry-pick of tikv#7087
b130fdf 
close tikv#7094

Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot ti-chi-bot mentioned this pull request Sep 22, 2023
Merged
ti-chi-bot bot pushed a commit that referenced this pull request Sep 25, 2023
@ti-chi-bot @HuSharp
security: disable plugin in default and persist file in specified dir (
5b491e2 
…#7087) (#7141)

close #7094

Signed-off-by: husharp <[email protected]>

Co-authored-by: husharp <[email protected]>
Co-authored-by: Hu# <[email protected]>
ti-chi-bot bot added a commit that referenced this pull request Sep 28, 2023
@ti-chi-bot @HuSharp @ti-chi-bot
security: disable plugin in default and persist file in specified dir (
905d8ff 
…#7087) (#7142)

close #7094

Signed-off-by: husharp <[email protected]>

Co-authored-by: husharp <[email protected]>
Co-authored-by: Hu# <[email protected]>
Co-authored-by: ti-chi-bot[bot] <108142056+ti-chi-bot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lhy1024 lhy1024 lhy1024 approved these changes

@nolouch nolouch nolouch approved these changes

@rleungx rleungx Awaiting requested review from rleungx

Assignees
No one assigned
Labels
needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. needs-cherry-pick-release-7.1 Should cherry pick this PR to release-7.1 branch. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

security: disable plugin in default and persist file in specified dir
5 participants
@HuSharp @nolouch @CabinfeverB @ti-chi-bot @lhy1024