Skip to content

Commit

Permalink
Merge pull request #262 from backend-developers-ltd/exploit_patch
Browse files Browse the repository at this point in the history 
temporarily only allow backenddevelopersltd images to be run in jobs
  • Loading branch information
@mzukowski-reef
mzukowski-reef authored Oct 2, 2024
2 parents d315af2 + 4d97aa9 commit c97c660
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 13 deletions.
11 changes: 11 additions & 0 deletions executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -660,6 +660,12 @@ async def _executor_loop(self):
async with miner_client:
logger.debug(f"Connected to miner: {settings.MINER_ADDRESS}")
initial_message: V0InitialJobRequest = await miner_client.initial_msg
if (
initial_message.base_docker_image_name
and not initial_message.base_docker_image_name.startswith("backenddevelopersltd/")
):
await miner_client.send_failed_to_prepare()
return
logger.debug("Checking for CVE-2022-0492 vulnerability")
if not await self.is_system_safe_for_cve_2022_0492():
await miner_client.send_failed_to_prepare()
Expand All @@ -681,6 +687,11 @@ async def _executor_loop(self):
logger.debug(f"Informed miner that I'm ready for job {initial_message.job_uuid}")

job_request = await miner_client.full_payload
if job_request.docker_image_name and not job_request.docker_image_name.startswith(
"backenddevelopersltd/"
):
await miner_client.send_failed_to_prepare()
return
logger.debug(f"Running job {initial_message.job_uuid}")
result = await job_runner.run_job(job_request)
result.specs = specs
Expand Down
24 changes: 12 additions & 12 deletions executor/app/src/compute_horde_executor/executor/tests/integration/test_main_loop.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def test_main_loop():
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "inline",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -120,7 +120,7 @@ def test_zip_url_volume(httpx_mock: HTTPXMock):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "zip_url",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -174,7 +174,7 @@ def test_zip_url_too_big_volume_should_fail(httpx_mock: HTTPXMock, settings):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "zip_url",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -233,7 +233,7 @@ def response_callback(request: httpx.Request) -> httpx.Response:
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "zip_url",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -297,7 +297,7 @@ def response_callback(request: httpx.Request) -> httpx.Response:
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "zip_url",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -348,7 +348,7 @@ def test_zip_and_http_post_output_uploader(httpx_mock: HTTPXMock, tmp_path):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "inline",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -415,7 +415,7 @@ def test_zip_and_http_put_output_uploader(httpx_mock: HTTPXMock, tmp_path):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "inline",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -479,7 +479,7 @@ def test_output_upload_failed(httpx_mock: HTTPXMock, tmp_path):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "inline",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -538,7 +538,7 @@ def test_output_upload_retry(httpx_mock: HTTPXMock, tmp_path):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "inline",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -665,7 +665,7 @@ async def read_file_callback(request: httpx.Request, *args, **kwargs) -> httpx.R
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "inline",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -771,7 +771,7 @@ def test_single_file_volume(httpx_mock: HTTPXMock, tmp_path):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "single_file",
"job_uuid": job_uuid,
Expand Down Expand Up @@ -839,7 +839,7 @@ def test_multi_volume(httpx_mock: HTTPXMock, tmp_path):
json.dumps(
{
"message_type": "V0PrepareJobRequest",
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": None,
"volume_type": "multi_volume",
"job_uuid": job_uuid,
Expand Down
2 changes: 1 addition & 1 deletion tests/integration_tests/test_miner_on_dev_executor_manager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ async def test_echo_image(self):
"message_type": "V0InitialJobRequest",
"job_uuid": job_uuid,
"executor_class": DEFAULT_EXECUTOR_CLASS,
"base_docker_image_name": "alpine",
"base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest",
"timeout_seconds": 60,
"volume_type": "inline",
}
Expand Down

0 comments on commit c97c660

Please sign in to comment.