mirror of
https://github.com/beshu-tech/deltaglider.git
synced 2026-07-09 14:42:46 +02:00
security: Remove all legacy shared cache code and env vars
BREAKING CHANGE: Removed DG_UNSAFE_SHARED_CACHE and DG_CACHE_DIR environment variables. DeltaGlider now ONLY uses ephemeral process-isolated cache for security. Changes: - Removed cache_dir parameter from create_client() - Removed all conditional legacy cache mode logic - Updated documentation (CLAUDE.md, docs/sdk/api.md) - Updated tests to not pass removed cache_dir parameter - Marked Phase 1 of SECURITY_FIX_ROADMAP.md as completed All 99 tests passing. Ephemeral cache is now the only mode.
This commit is contained in:
@@ -44,22 +44,10 @@ def create_service(
|
||||
max_ratio = float(os.environ.get("DG_MAX_RATIO", "0.5"))
|
||||
metrics_type = os.environ.get("DG_METRICS", "logging") # Options: noop, logging, cloudwatch
|
||||
|
||||
# SECURITY: Use ephemeral cache by default to prevent multi-user attacks
|
||||
if os.environ.get("DG_UNSAFE_SHARED_CACHE") != "true":
|
||||
# Create process-specific temporary cache directory
|
||||
cache_dir = Path(tempfile.mkdtemp(prefix="deltaglider-", dir="/tmp"))
|
||||
# Register cleanup handler to remove cache on exit
|
||||
atexit.register(lambda: shutil.rmtree(cache_dir, ignore_errors=True))
|
||||
else:
|
||||
# Legacy shared cache mode - UNSAFE in multi-user environments
|
||||
cache_dir = Path(os.environ.get("DG_CACHE_DIR", "/tmp/.deltaglider/reference_cache"))
|
||||
# Create logger early to issue warning
|
||||
temp_logger = StdLoggerAdapter(level=log_level)
|
||||
temp_logger.warning(
|
||||
"SECURITY WARNING: Shared cache mode enabled (DG_UNSAFE_SHARED_CACHE=true). "
|
||||
"This mode has known security vulnerabilities in multi-user environments. "
|
||||
"Use at your own risk!"
|
||||
)
|
||||
# SECURITY: Always use ephemeral process-isolated cache
|
||||
cache_dir = Path(tempfile.mkdtemp(prefix="deltaglider-", dir="/tmp"))
|
||||
# Register cleanup handler to remove cache on exit
|
||||
atexit.register(lambda: shutil.rmtree(cache_dir, ignore_errors=True))
|
||||
|
||||
# Set AWS environment variables if provided
|
||||
if endpoint_url:
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
# ruff: noqa: I001
|
||||
import atexit
|
||||
import os
|
||||
import shutil
|
||||
import tempfile
|
||||
from collections.abc import Callable
|
||||
@@ -1065,7 +1064,6 @@ class DeltaGliderClient:
|
||||
def create_client(
|
||||
endpoint_url: str | None = None,
|
||||
log_level: str = "INFO",
|
||||
cache_dir: str = "/tmp/.deltaglider/cache",
|
||||
aws_access_key_id: str | None = None,
|
||||
aws_secret_access_key: str | None = None,
|
||||
aws_session_token: str | None = None,
|
||||
@@ -1080,11 +1078,11 @@ def create_client(
|
||||
- Compression estimation
|
||||
- Progress callbacks for large uploads
|
||||
- Detailed object and bucket statistics
|
||||
- Secure ephemeral cache (process-isolated, auto-cleanup)
|
||||
|
||||
Args:
|
||||
endpoint_url: Optional S3 endpoint URL (for MinIO, R2, etc.)
|
||||
log_level: Logging level
|
||||
cache_dir: Directory for reference cache
|
||||
aws_access_key_id: AWS access key ID (None to use environment/IAM)
|
||||
aws_secret_access_key: AWS secret access key (None to use environment/IAM)
|
||||
aws_session_token: AWS session token for temporary credentials (None if not using)
|
||||
@@ -1125,22 +1123,10 @@ def create_client(
|
||||
XdeltaAdapter,
|
||||
)
|
||||
|
||||
# SECURITY: Use ephemeral cache by default to prevent multi-user attacks
|
||||
if os.environ.get("DG_UNSAFE_SHARED_CACHE") != "true":
|
||||
# Create process-specific temporary cache directory
|
||||
actual_cache_dir = Path(tempfile.mkdtemp(prefix="deltaglider-", dir="/tmp"))
|
||||
# Register cleanup handler to remove cache on exit
|
||||
atexit.register(lambda: shutil.rmtree(actual_cache_dir, ignore_errors=True))
|
||||
else:
|
||||
# Legacy shared cache mode - UNSAFE in multi-user environments
|
||||
actual_cache_dir = Path(cache_dir)
|
||||
# Create logger early to issue warning
|
||||
temp_logger = StdLoggerAdapter(level=log_level)
|
||||
temp_logger.warning(
|
||||
"SECURITY WARNING: Shared cache mode enabled (DG_UNSAFE_SHARED_CACHE=true). "
|
||||
"This mode has known security vulnerabilities in multi-user environments. "
|
||||
"Use at your own risk!"
|
||||
)
|
||||
# SECURITY: Always use ephemeral process-isolated cache
|
||||
cache_dir = Path(tempfile.mkdtemp(prefix="deltaglider-", dir="/tmp"))
|
||||
# Register cleanup handler to remove cache on exit
|
||||
atexit.register(lambda: shutil.rmtree(cache_dir, ignore_errors=True))
|
||||
|
||||
# Build boto3 client kwargs
|
||||
boto3_kwargs = {}
|
||||
@@ -1157,7 +1143,7 @@ def create_client(
|
||||
hasher = Sha256Adapter()
|
||||
storage = S3StorageAdapter(endpoint_url=endpoint_url, boto3_kwargs=boto3_kwargs)
|
||||
diff = XdeltaAdapter()
|
||||
cache = FsCacheAdapter(actual_cache_dir, hasher)
|
||||
cache = FsCacheAdapter(cache_dir, hasher)
|
||||
clock = UtcClockAdapter()
|
||||
logger = StdLoggerAdapter(level=log_level)
|
||||
metrics = NoopMetricsAdapter()
|
||||
|
||||
Reference in New Issue
Block a user