From 282b86227c9e71ac3ac7e9045b5c96f02424b7cc Mon Sep 17 00:00:00 2001 From: Michelle Ark Date: Wed, 22 May 2024 10:00:54 -0400 Subject: [PATCH 1/4] change port bind and add a unittest (#10208) (cherry picked from commit 0c08d7a19ad1740be3cb0b2e6d9d64f6537176f7) --- .../unreleased/Security-20240522-094540.yaml | 6 +++++ core/dbt/task/serve.py | 2 +- tests/unit/task/docs/__init__.py | 0 tests/unit/task/docs/test_serve.py | 23 +++++++++++++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 .changes/unreleased/Security-20240522-094540.yaml create mode 100644 tests/unit/task/docs/__init__.py create mode 100644 tests/unit/task/docs/test_serve.py diff --git a/.changes/unreleased/Security-20240522-094540.yaml b/.changes/unreleased/Security-20240522-094540.yaml new file mode 100644 index 00000000000..b35f96dc084 --- /dev/null +++ b/.changes/unreleased/Security-20240522-094540.yaml @@ -0,0 +1,6 @@ +kind: Security +body: Explicitly bind to localhost in docs serve +time: 2024-05-22T09:45:40.748185-04:00 +custom: + Author: ChenyuLInx michelleark + Issue: "10209" diff --git a/core/dbt/task/serve.py b/core/dbt/task/serve.py index 060c4c93d17..ef378342f98 100644 --- a/core/dbt/task/serve.py +++ b/core/dbt/task/serve.py @@ -20,7 +20,7 @@ def run(self): if self.args.browser: webbrowser.open_new_tab(f"http://localhost:{port}") - with socketserver.TCPServer(("", port), SimpleHTTPRequestHandler) as httpd: + with socketserver.TCPServer(("127.0.0.1", port), SimpleHTTPRequestHandler) as httpd: click.echo(f"Serving docs at {port}") click.echo(f"To access from your browser, navigate to: http://localhost:{port}") click.echo("\n\n") diff --git a/tests/unit/task/docs/__init__.py b/tests/unit/task/docs/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/unit/task/docs/test_serve.py b/tests/unit/task/docs/test_serve.py new file mode 100644 index 00000000000..cedb234a205 --- /dev/null +++ b/tests/unit/task/docs/test_serve.py @@ -0,0 +1,23 @@ +from http.server import SimpleHTTPRequestHandler +from unittest.mock import MagicMock, patch + +import pytest + +from dbt.task.docs.serve import ServeTask + + +@pytest.fixture +def serve_task(): + # Set up + task = ServeTask(config=MagicMock(), args=MagicMock()) + task.config.project_target_path = "." + task.args.port = 8000 + return task + + +def test_serve_bind_to_127(serve_task): + serve_task.args.browser = False + with patch("dbt.task.docs.serve.socketserver.TCPServer") as patched_TCPServer: + patched_TCPServer.return_value = MagicMock() + serve_task.run() + patched_TCPServer.assert_called_once_with(("127.0.0.1", 8000), SimpleHTTPRequestHandler) From 59db5ca2cca0f21673b725f08d3fe6d180de32df Mon Sep 17 00:00:00 2001 From: Michelle Ark Date: Wed, 22 May 2024 12:02:25 -0400 Subject: [PATCH 2/4] fix unit tests --- tests/unit/task/docs/test_serve.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/unit/task/docs/test_serve.py b/tests/unit/task/docs/test_serve.py index cedb234a205..c7937c01a16 100644 --- a/tests/unit/task/docs/test_serve.py +++ b/tests/unit/task/docs/test_serve.py @@ -3,7 +3,7 @@ import pytest -from dbt.task.docs.serve import ServeTask +from dbt.task.serve import ServeTask @pytest.fixture @@ -17,7 +17,7 @@ def serve_task(): def test_serve_bind_to_127(serve_task): serve_task.args.browser = False - with patch("dbt.task.docs.serve.socketserver.TCPServer") as patched_TCPServer: + with patch("dbt.task.serve.socketserver.TCPServer") as patched_TCPServer: patched_TCPServer.return_value = MagicMock() serve_task.run() patched_TCPServer.assert_called_once_with(("127.0.0.1", 8000), SimpleHTTPRequestHandler) From b8d3a8a367f219fff01fedd05f635c4a0f3eb6ae Mon Sep 17 00:00:00 2001 From: Michelle Ark Date: Wed, 22 May 2024 12:42:13 -0400 Subject: [PATCH 3/4] remove ssh-key since schemas repo is public --- .github/workflows/schema-check.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/schema-check.yml b/.github/workflows/schema-check.yml index 7756b8ca765..64c0d4b132f 100644 --- a/.github/workflows/schema-check.yml +++ b/.github/workflows/schema-check.yml @@ -51,7 +51,6 @@ jobs: with: repository: dbt-labs/schemas.getdbt.com ref: 'main' - ssh-key: ${{ secrets.SCHEMA_SSH_PRIVATE_KEY }} path: ${{ env.SCHEMA_REPO_DIRECTORY }} - name: Generate current schema From d29421e4d04a62c70bf202e2f907ec69dc578517 Mon Sep 17 00:00:00 2001 From: Michelle Ark Date: Wed, 22 May 2024 16:02:01 -0400 Subject: [PATCH 4/4] fix compare schemas diff --- .github/workflows/schema-check.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/workflows/schema-check.yml b/.github/workflows/schema-check.yml index 64c0d4b132f..4f1d7195264 100644 --- a/.github/workflows/schema-check.yml +++ b/.github/workflows/schema-check.yml @@ -62,24 +62,11 @@ jobs: pip install -r dev-requirements.txt -r editable-requirements.txt python scripts/collect-artifact-schema.py --path ${{ env.LATEST_SCHEMA_PATH }} - # Copy generated schema files into the schemas.getdbt.com repo - # Do a git diff to find any changes - # Ignore any date or version changes though - name: Compare schemas run: | cp -r ${{ env.LATEST_SCHEMA_PATH }}/dbt ${{ env.SCHEMA_REPO_DIRECTORY }} cd ${{ env.SCHEMA_REPO_DIRECTORY }} - diff_results=$(git diff -I='*[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])T' \ - -I='*[0-9]{1}.[0-9]{2}.[0-9]{1}(rc[0-9]|b[0-9]| )' --compact-summary) - if [[ $(echo diff_results) ]]; then - echo $diff_results - echo "Schema changes detected!" - git diff -I='*[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])T' \ - -I='*[0-9]{1}.[0-9]{2}.[0-9]{1}(rc[0-9]|b[0-9]| )' > ${{ env.SCHEMA_DIFF_ARTIFACT }} - exit 1 - else - echo "No schema changes detected" - fi + git diff -I='*[0-9]{4}-[0-9]{2}-[0-9]{2}' -I='*[0-9]+\.[0-9]+\.[0-9]+' --exit-code > ${{ env.SCHEMA_DIFF_ARTIFACT }} - name: Upload schema diff uses: actions/upload-artifact@v4