25216648285

Committed 01 May 2026 01:46PM UTC coverage: 56.697%. First build

Build # 25216648285

Build Type

Pull #2106

github

Committed by

web-flow

Commit Message

Merge 9b9ea9daa into 4dd010dde

Pull Request Pull Request #2106: Vs security fix

Coverage Stats

51 of 102 new or added lines in 4 files covered. (50.0%)

12902 of 22756 relevant lines covered (56.7%)

301003.87 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

78.29

/trick_source/sim_services/VariableServer/VariableServer.cpp


#include <netdb.h>
#include <iostream>
#include "trick/VariableServer.hh"
#include "trick/tc_proto.h"
#include "trick/Message_proto.hh"
#include "trick/message_proto.h"

Trick::VariableServer * the_vs ;

Trick::VariableServer::VariableServer() :
 enabled(false) ,
 info_msg(false),
 log(false),
 allow_connections(false),
 bypass_ip_check(false)
{
    the_vs = this ;
    pthread_mutex_init(&map_mutex, NULL);

    add_ip("127.0.0.1");
}

Trick::VariableServer::~VariableServer() {
    the_vs = NULL;
}

void Trick::VariableServer::shutdownConnections() {
    listen_thread.shutdownConnections();
}

std::ostream& Trick::operator<< (std::ostream& s, Trick::VariableServer& vs) {
    std::map < pthread_t , VariableServerSessionThread * >::iterator it ;

    s << "{\"variable_server_connections\":[\n";
    int count = 0;
    int n_connections = (int)vs.var_server_threads.size();
    for ( it = vs.var_server_threads.begin() ; it != vs.var_server_threads.end() ; ++it ) {
        s << "{\n";
        s << *(*it).second;
        s << "}";
        if ((n_connections-count)>1) {
            s << "," ;
        }
        s << "\n";
        count ++;
    }
    s << "]}" << std::endl;
    return s;
}

bool Trick::VariableServer::get_enabled() {
    return enabled ;
}

void Trick::VariableServer::set_enabled(bool on_off) {
    enabled = on_off ;

    if(enabled) {
        message_publish(MSG_WARNING, "Trick VariableServer: Enabling the Variable Server. See Trick documentation for associated security concerns\n");
    }
}

bool Trick::VariableServer::get_info_msg() {
    return info_msg ;
}

void Trick::VariableServer::set_var_server_info_msg_on() {
    info_msg = true;
    for ( auto& session_it : var_server_sessions ) {
        session_it.second->set_info_message(info_msg);
    }
}

void Trick::VariableServer::set_var_server_info_msg_off() {
    info_msg = false;
    for ( auto& session_it : var_server_sessions ) {
        session_it.second->set_info_message(info_msg);
    }
}

bool Trick::VariableServer::get_log() {
    return log ;
}

bool Trick::VariableServer::get_session_log() {
    return session_log ;
}

void Trick::VariableServer::set_var_server_log_on() {
    log = true;
    // turn log on for all current vs clients
    for ( auto& session_it : var_server_sessions ) {
        session_it.second->set_log(true);
    }
}

void Trick::VariableServer::set_var_server_log_off() {
    log = false;
    // turn log off for all current vs clients
    for ( auto& session_it : var_server_sessions ) {
        session_it.second->set_log(false);
    }
}

void Trick::VariableServer::set_var_server_session_log_on() {
    session_log = true;
    // turn log on for all current vs clients
    for ( auto& session_it : var_server_sessions ) {
        session_it.second->set_session_log(true);
    }
}

void Trick::VariableServer::set_var_server_session_log_off() {
    session_log = false;
    // turn log off for all current vs clients
    for ( auto& session_it : var_server_sessions ) {
        session_it.second->set_session_log(false);
    }
}

const char * Trick::VariableServer::get_hostname() {
    return listen_thread.get_hostname();
}

Trick::VariableServerListenThread & Trick::VariableServer::get_listen_thread() {
    return listen_thread ;
}

void Trick::VariableServer::add_vst(pthread_t in_thread_id, VariableServerSessionThread * in_vst) {
    pthread_mutex_lock(&map_mutex) ;
    var_server_threads[in_thread_id] = in_vst ;
    pthread_mutex_unlock(&map_mutex) ;
}

void Trick::VariableServer::add_session(pthread_t in_thread_id, VariableServerSession * in_session) {
    pthread_mutex_lock(&map_mutex) ;
    var_server_sessions[in_thread_id] = in_session ;
    pthread_mutex_unlock(&map_mutex) ;
}

Trick::VariableServerSessionThread * Trick::VariableServer::get_vst(pthread_t thread_id) {
    std::map < pthread_t , Trick::VariableServerSessionThread * >::iterator it ;
    Trick::VariableServerSessionThread * ret = NULL ;
    pthread_mutex_lock(&map_mutex) ;
    it = var_server_threads.find(thread_id) ;
    if ( it != var_server_threads.end() ) {
        ret = (*it).second ;
    }
    pthread_mutex_unlock(&map_mutex) ;
    return ret ;
}

Trick::VariableServerSession * Trick::VariableServer::get_session(pthread_t thread_id) {
    Trick::VariableServerSession * ret = NULL ;
    pthread_mutex_lock(&map_mutex) ;
    auto it = var_server_sessions.find(thread_id) ;
    if ( it != var_server_sessions.end() ) {
        ret = (*it).second ;
    }
    pthread_mutex_unlock(&map_mutex) ;
    return ret ;
}

void Trick::VariableServer::delete_vst(pthread_t thread_id) {
    pthread_mutex_lock(&map_mutex) ;
    var_server_threads.erase(thread_id) ;
    pthread_mutex_unlock(&map_mutex) ;
}

void Trick::VariableServer::delete_session(pthread_t thread_id) {
    pthread_mutex_lock(&map_mutex) ;
    var_server_sessions.erase(thread_id) ;
    pthread_mutex_unlock(&map_mutex) ;
}

void Trick::VariableServer::set_copy_data_job( Trick::JobData * in_job ) {
    copy_data_job = in_job ;
}

void Trick::VariableServer::set_copy_and_write_freeze_job( Trick::JobData * in_job ) {
    copy_and_write_freeze_job = in_job ;
}

bool Trick::VariableServer::set_allow_connections(const bool& b) {
    if(b) {
        message_publish(MSG_WARNING, "Trick VariableServer: Enabling Variable Server Connectivity\n");
    }

    return allow_connections = b ;
}

bool Trick::VariableServer::get_allow_connections() {
    return allow_connections ;
}

bool Trick::VariableServer::set_bypass_ip_check(const bool& b) {
    if(b) {
        message_publish(MSG_WARNING, "Trick VariableServer: BYPASSING IP SECURITY CHECK. ANYONE ON THE NETWORK CAN CONNECT TO YOUR PYTHON INTERPRETER!\n\tYOU BETTER KNOW WHAT YOU'RE DOING!\n");
    }

    return bypass_ip_check = b ;
}

bool Trick::VariableServer::get_bypass_ip_check() {
    return bypass_ip_check ;
}

const std::set<std::string>& Trick::VariableServer::get_ip_allowlist() {
    return ip_allowlist ;
}

void Trick::VariableServer::add_ip(const std::string& ip) {
    std::string msg = "Trick VariableServer: Adding " + ip + " to the allowlist.\n" ;
    message_publish(MSG_INFO, msg.c_str()) ;

    ip_allowlist.insert(ip) ;
}

void Trick::VariableServer::remove_ip(const std::string& ip) {
    std::string msg = "Trick VariableServer: Removing " + ip + " from the allowlist.\n" ;
    message_publish(MSG_INFO, msg.c_str()) ;

    ip_allowlist.erase(ip) ;
}

bool Trick::VariableServer::check_ip(const std::string& ip) {
    bool valid = false;
    for (std::set<std::string>::iterator it = ip_allowlist.begin(); it != ip_allowlist.end(); ++it) {
        std::string entry = *it;
        size_t slash;

        struct in_addr addr;
        if (inet_pton(AF_INET, ip.c_str(), &addr) != 1) {
           return false;
        }
        uint32_t ipVal = ntohl(addr.s_addr);

        if( (slash = entry.find('/')) != std::string::npos ) {
            std::string network = entry.substr(0, slash);
            int prefix = std::stoi(entry.substr(slash + 1));

            if (inet_pton(AF_INET, network.c_str(), &addr) != 1) {
                continue;
            }
            uint32_t netVal = ntohl(addr.s_addr);

            uint32_t mask = (prefix == 0) ? 0 : (~0u << (32 - prefix));

            valid = (ipVal & mask) == (netVal & mask);
        }
        else {
            valid = (ip == entry);
        }

        if (valid) break ;
    }

    return valid;
}

void Trick::VariableServer::resolve_hostname() {
    if(enabled) {
        // Add your network IPs to the allowlist
        char hostname[256];
        if (gethostname(hostname, sizeof(hostname)) != 0) {
            return;
        }

        struct addrinfo hints{}, *res, *p;
        hints.ai_family = AF_INET;
        hints.ai_socktype = SOCK_STREAM;

        int status = getaddrinfo(hostname, nullptr, &hints, &res);
        if (status != 0) {
            return;
        }

        char ipstr[INET6_ADDRSTRLEN];
        for (p = res; p != nullptr; p = p->ai_next) {
            if (p->ai_family == AF_INET) {
                struct sockaddr_in *ipv4 = (struct sockaddr_in *)p->ai_addr;
                inet_ntop(p->ai_family, &(ipv4->sin_addr), ipstr, sizeof(ipstr));
                add_ip(ipstr);
            }
        }

        freeaddrinfo(res);
    }
}

1
2	#include <netdb.h>
3	#include <iostream>
4	#include "trick/VariableServer.hh"
5	#include "trick/tc_proto.h"
6	#include "trick/Message_proto.hh"
7	#include "trick/message_proto.h"
8
9	Trick::VariableServer * the_vs ;
10
11	Trick::VariableServer::VariableServer() :	210✔
12	enabled(false) ,
13	info_msg(false),
14	log(false),
15	allow_connections(false),
16	bypass_ip_check(false)	210✔
17	{
18	the_vs = this ;	210✔
19	pthread_mutex_init(&map_mutex, NULL);	210✔
20
21	add_ip("127.0.0.1");	210✔
22	}	210✔
23
24	Trick::VariableServer::~VariableServer() {	210✔
25	the_vs = NULL;	210✔
26	}	210✔
27
28	void Trick::VariableServer::shutdownConnections() {	187✔
29	listen_thread.shutdownConnections();	187✔
30	}	187✔
31
32	std::ostream& Trick::operator<< (std::ostream& s, Trick::VariableServer& vs) {	1✔
33	std::map < pthread_t , VariableServerSessionThread * >::iterator it ;	1✔
34
35	s << "{\"variable_server_connections\":[\n";	1✔
36	int count = 0;	1✔
37	int n_connections = (int)vs.var_server_threads.size();	1✔
38	for ( it = vs.var_server_threads.begin() ; it != vs.var_server_threads.end() ; ++it ) {	1✔
39	s << "{\n";	×
40	s << (it).second;	×
41	s << "}";	×
42	if ((n_connections-count)>1) {	×
43	s << "," ;	×
44	}
45	s << "\n";	×
46	count ++;	×
47	}
48	s << "]}" << std::endl;	1✔
49	return s;	1✔
50	}
51
52	bool Trick::VariableServer::get_enabled() {	2✔
53	return enabled ;	2✔
54	}
55
56	void Trick::VariableServer::set_enabled(bool on_off) {	21✔
57	enabled = on_off ;	21✔
58
59	if(enabled) {	21✔
60	message_publish(MSG_WARNING, "Trick VariableServer: Enabling the Variable Server. See Trick documentation for associated security concerns\n");	21✔
61	}
62	}	21✔
63
64	bool Trick::VariableServer::get_info_msg() {	10✔
65	return info_msg ;	10✔
66	}
67
68	void Trick::VariableServer::set_var_server_info_msg_on() {	1✔
69	info_msg = true;	1✔
70	for ( auto& session_it : var_server_sessions ) {	1✔
71	session_it.second->set_info_message(info_msg);	×
72	}
73	}	1✔
74
75	void Trick::VariableServer::set_var_server_info_msg_off() {	1✔
76	info_msg = false;	1✔
77	for ( auto& session_it : var_server_sessions ) {	1✔
78	session_it.second->set_info_message(info_msg);	×
79	}
80	}	1✔
81
82	bool Trick::VariableServer::get_log() {	9✔
83	return log ;	9✔
84	}
85
86	bool Trick::VariableServer::get_session_log() {	9✔
87	return session_log ;	9✔
88	}
89
90	void Trick::VariableServer::set_var_server_log_on() {	1✔
91	log = true;	1✔
92	// turn log on for all current vs clients
93	for ( auto& session_it : var_server_sessions ) {	2✔
94	session_it.second->set_log(true);	1✔
95	}
96	}	1✔
97
98	void Trick::VariableServer::set_var_server_log_off() {	1✔
99	log = false;	1✔
100	// turn log off for all current vs clients
101	for ( auto& session_it : var_server_sessions ) {	2✔
102	session_it.second->set_log(false);	1✔
103	}
104	}	1✔
105
106	void Trick::VariableServer::set_var_server_session_log_on() {	1✔
107	session_log = true;	1✔
108	// turn log on for all current vs clients
109	for ( auto& session_it : var_server_sessions ) {	2✔
110	session_it.second->set_session_log(true);	1✔
111	}
112	}	1✔
113
114	void Trick::VariableServer::set_var_server_session_log_off() {	1✔
115	session_log = false;	1✔
116	// turn log off for all current vs clients
117	for ( auto& session_it : var_server_sessions ) {	2✔
118	session_it.second->set_session_log(false);	1✔
119	}
120	}	1✔
121
122	const char * Trick::VariableServer::get_hostname() {	×
123	return listen_thread.get_hostname();	×
124	}
125
126	Trick::VariableServerListenThread & Trick::VariableServer::get_listen_thread() {	190✔
127	return listen_thread ;	190✔
128	}
129
130	void Trick::VariableServer::add_vst(pthread_t in_thread_id, VariableServerSessionThread * in_vst) {	8✔
131	pthread_mutex_lock(&map_mutex) ;	8✔
132	var_server_threads[in_thread_id] = in_vst ;	8✔
133	pthread_mutex_unlock(&map_mutex) ;	8✔
134	}	8✔
135
136	void Trick::VariableServer::add_session(pthread_t in_thread_id, VariableServerSession * in_session) {	12✔
137	pthread_mutex_lock(&map_mutex) ;	12✔
138	var_server_sessions[in_thread_id] = in_session ;	12✔
139	pthread_mutex_unlock(&map_mutex) ;	12✔
140	}	12✔
141
142	Trick::VariableServerSessionThread * Trick::VariableServer::get_vst(pthread_t thread_id) {	5✔
143	std::map < pthread_t , Trick::VariableServerSessionThread * >::iterator it ;	5✔
144	Trick::VariableServerSessionThread * ret = NULL ;	5✔
145	pthread_mutex_lock(&map_mutex) ;	5✔
146	it = var_server_threads.find(thread_id) ;	5✔
147	if ( it != var_server_threads.end() ) {	5✔
148	ret = (*it).second ;	5✔
149	}
150	pthread_mutex_unlock(&map_mutex) ;	5✔
151	return ret ;	5✔
152	}
153
154	Trick::VariableServerSession * Trick::VariableServer::get_session(pthread_t thread_id) {	1,069✔
155	Trick::VariableServerSession * ret = NULL ;	1,069✔
156	pthread_mutex_lock(&map_mutex) ;	1,069✔
157	auto it = var_server_sessions.find(thread_id) ;	1,069✔
158	if ( it != var_server_sessions.end() ) {	1,069✔
159	ret = (*it).second ;	37✔
160	}
161	pthread_mutex_unlock(&map_mutex) ;	1,069✔
162	return ret ;	1,069✔
163	}
164
165	void Trick::VariableServer::delete_vst(pthread_t thread_id) {	8✔
166	pthread_mutex_lock(&map_mutex) ;	8✔
167	var_server_threads.erase(thread_id) ;	8✔
168	pthread_mutex_unlock(&map_mutex) ;	8✔
169	}	8✔
170
171	void Trick::VariableServer::delete_session(pthread_t thread_id) {	7✔
172	pthread_mutex_lock(&map_mutex) ;	7✔
173	var_server_sessions.erase(thread_id) ;	7✔
174	pthread_mutex_unlock(&map_mutex) ;	7✔
175	}	7✔
176
177	void Trick::VariableServer::set_copy_data_job( Trick::JobData * in_job ) {	187✔
178	copy_data_job = in_job ;	187✔
179	}	187✔
180
181	void Trick::VariableServer::set_copy_and_write_freeze_job( Trick::JobData * in_job ) {	187✔
182	copy_and_write_freeze_job = in_job ;	187✔
183	}	187✔
184
185	bool Trick::VariableServer::set_allow_connections(const bool& b) {	217✔
186	if(b) {	217✔
187	message_publish(MSG_WARNING, "Trick VariableServer: Enabling Variable Server Connectivity\n");	30✔
188	}
189
190	return allow_connections = b ;	217✔
191	}
192
193	bool Trick::VariableServer::get_allow_connections() {	8✔
194	return allow_connections ;	8✔
195	}
196
197	bool Trick::VariableServer::set_bypass_ip_check(const bool& b) {	24✔
198	if(b) {	24✔
199	message_publish(MSG_WARNING, "Trick VariableServer: BYPASSING IP SECURITY CHECK. ANYONE ON THE NETWORK CAN CONNECT TO YOUR PYTHON INTERPRETER!\n\tYOU BETTER KNOW WHAT YOU'RE DOING!\n");	24✔
200	}
201
202	return bypass_ip_check = b ;	24✔
203	}
204
205	bool Trick::VariableServer::get_bypass_ip_check() {	8✔
206	return bypass_ip_check ;	8✔
207	}
208
NEW 209	const std::set<std::string>& Trick::VariableServer::get_ip_allowlist() {	×
NEW 210	return ip_allowlist ;	×
211	}
212
213	void Trick::VariableServer::add_ip(const std::string& ip) {	216✔
214	std::string msg = "Trick VariableServer: Adding " + ip + " to the allowlist.\n" ;	432✔
215	message_publish(MSG_INFO, msg.c_str()) ;	216✔
216
217	ip_allowlist.insert(ip) ;	216✔
218	}	216✔
219
NEW 220	void Trick::VariableServer::remove_ip(const std::string& ip) {	×
NEW 221	std::string msg = "Trick VariableServer: Removing " + ip + " from the allowlist.\n" ;	×
NEW 222	message_publish(MSG_INFO, msg.c_str()) ;	×
223
NEW 224	ip_allowlist.erase(ip) ;	×
NEW 225	}	×
226
NEW 227	bool Trick::VariableServer::check_ip(const std::string& ip) {	×
NEW 228	bool valid = false;	×
NEW 229	for (std::set<std::string>::iterator it = ip_allowlist.begin(); it != ip_allowlist.end(); ++it) {	×
NEW 230	std::string entry = *it;	×
231	size_t slash;
232
233	struct in_addr addr;
NEW 234	if (inet_pton(AF_INET, ip.c_str(), &addr) != 1) {	×
NEW 235	return false;	×
236	}
NEW 237	uint32_t ipVal = ntohl(addr.s_addr);	×
238
NEW 239	if( (slash = entry.find('/')) != std::string::npos ) {	×
NEW 240	std::string network = entry.substr(0, slash);	×
NEW 241	int prefix = std::stoi(entry.substr(slash + 1));	×
242
NEW 243	if (inet_pton(AF_INET, network.c_str(), &addr) != 1) {	×
NEW 244	continue;	×
245	}
NEW 246	uint32_t netVal = ntohl(addr.s_addr);	×
247
NEW 248	uint32_t mask = (prefix == 0) ? 0 : (~0u << (32 - prefix));	×
249
NEW 250	valid = (ipVal & mask) == (netVal & mask);	×
251	}
252	else {
NEW 253	valid = (ip == entry);	×
254	}
255
NEW 256	if (valid) break ;	×
257	}
258
NEW 259	return valid;	×
260	}
261
262	void Trick::VariableServer::resolve_hostname() {	6✔
263	if(enabled) {	6✔
264	// Add your network IPs to the allowlist
265	char hostname[256];
266	if (gethostname(hostname, sizeof(hostname)) != 0) {	6✔
NEW 267	return;	×
268	}
269
270	struct addrinfo hints{}, res, p;	6✔
271	hints.ai_family = AF_INET;	6✔
272	hints.ai_socktype = SOCK_STREAM;	6✔
273
274	int status = getaddrinfo(hostname, nullptr, &hints, &res);	6✔
275	if (status != 0) {	6✔
NEW 276	return;	×
277	}
278
279	char ipstr[INET6_ADDRSTRLEN];
280	for (p = res; p != nullptr; p = p->ai_next) {	12✔
281	if (p->ai_family == AF_INET) {	6✔
282	struct sockaddr_in ipv4 = (struct sockaddr_in )p->ai_addr;	6✔
283	inet_ntop(p->ai_family, &(ipv4->sin_addr), ipstr, sizeof(ipstr));	6✔
284	add_ip(ipstr);	6✔
285	}
286	}
287
288	freeaddrinfo(res);	6✔
289	}
290	}

nasa / trick / 25216648285

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous