mirror
/
bridgy-fed
kopia lustrzana https://github.com/snarfed/bridgy-fed
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

remove /memcache_command and /python_eval 

too scary to have in the codebase even with auth around them
pull/1696/head
Ryan Barrett 2025-01-14 10:34:48 -08:00
rodzic a1e5d4419d
commit 0c17d0a40e
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 6BE31FDF4776E9D4
3 zmienionych plików z 2 dodań i 46 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

2
atproto_hub.py
Wyświetl plik

@ -58,7 +58,7 @@ app.wsgi_app = flask_util.ndb_context_middleware(
app.wsgi_app, client=appengine_config.ndb_client, **common.NDB_CONTEXT_KWARGS) app.wsgi_app, client=appengine_config.ndb_client, **common.NDB_CONTEXT_KWARGS)
app.add_url_rule('/hub/eval', view_func=pages.python_eval, methods=['POST']) # app.add_url_rule('/hub/eval', view_func=pages.python_eval, methods=['POST'])
@app.get('/liveness_check') @app.get('/liveness_check')
@app.get('/readiness_check') @app.get('/readiness_check')

44
pages.py
Wyświetl plik

@ -461,47 +461,3 @@ def instance_info():
@flask_util.headers(CACHE_CONTROL) @flask_util.headers(CACHE_CONTROL)
def log(): def log():
return logs.log() return logs.log()
@app.post('/memcache')
def memcache_command():
"""Minimal memcache text protocol command handler.
Requires the Flask app's secret key in the Authorization HTTP header.
Example usage:
curl https://fed.brid.gy/memcache -H 'Authorization: ...' -d 'stats items'
https://docs.memcached.org/protocols/
https://github.com/memcached/memcached/blob/master/doc/protocol.txt
"""
if request.headers.get('Authorization') != app.config['SECRET_KEY']:
return '', 401
resp = memcache.memcache.raw_command(request.get_data(as_text=True),
end_tokens='END\r\n')
return resp.decode(), {'Content-Type': 'text/plain'}
@app.post('/app/eval')
def python_eval(which=None):
if request.headers.get('Authorization') != app.config['SECRET_KEY']:
return '', 401
import contextlib, io, traceback
input = request.get_data(as_text=True)
logger.info(f'python_eval got: {input}')
out = io.StringIO()
with contextlib.redirect_stdout(out), contextlib.redirect_stderr(out):
try:
exec(input)
except BaseException as e:
logger.info(f'python_eval error! {e}')
traceback.print_exception(e, file=out)
finally:
output = out.getvalue()
logger.info(f'python_eval out: {output}')
return output, {'Content-Type': 'text/plain'}

2
router.py
Wyświetl plik

@ -32,7 +32,7 @@ app.add_url_rule('/queue/send', view_func=protocol.send_task, methods=['POST'])
app.add_url_rule('/queue/webmention', view_func=web.webmention_task, methods=['POST']) app.add_url_rule('/queue/webmention', view_func=web.webmention_task, methods=['POST'])
app.add_url_rule('/cron/atproto-poll-chat', view_func=atproto.poll_chat_task, app.add_url_rule('/cron/atproto-poll-chat', view_func=atproto.poll_chat_task,
methods=['GET']) methods=['GET'])
app.add_url_rule('/router/eval', view_func=pages.python_eval, methods=['POST']) # app.add_url_rule('/router/eval', view_func=pages.python_eval, methods=['POST'])
@app.get('/liveness_check') @app.get('/liveness_check')