Skip to content

Commit

Permalink
Rename; add more context to dangers
Browse files Browse the repository at this point in the history
  • Loading branch information
@charliermarsh
charliermarsh committed Aug 25, 2024
1 parent 4bc25c5 commit d734fd7
Show file tree
Hide file tree
Showing 20 changed files with 396 additions and 323 deletions.
92 changes: 56 additions & 36 deletions crates/uv-cli/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -679,7 +679,7 @@ fn parse_index_url(input: &str) -> Result<Maybe<IndexUrl>, String> {
}

/// Parse a string into an [`Url`], mapping the empty string to `None`.
fn parse_trusted_host(input: &str) -> Result<Maybe<TrustedHost>, String> {
fn parse_insecure_host(input: &str) -> Result<Maybe<TrustedHost>, String> {
if input.is_empty() {
Ok(Maybe::None)
} else {
Expand Down Expand Up @@ -1571,20 +1571,24 @@ pub struct PipUninstallArgs {
#[arg(long, value_enum, env = "UV_KEYRING_PROVIDER")]
pub keyring_provider: Option<KeyringProviderType>,

/// A list of trusted hosts for SSL connections.
/// Allow insecure connections to a host.
///
/// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair
/// (e.g., `localhost:8080`).
/// Can be provided multiple times.
///
/// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
/// `localhost:8080`), or a URL (e.g., `https://localhost`).
///
/// WARNING: Hosts included in this list will not be verified against the system's certificate
/// store.
/// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
/// bypasses SSL verification and could expose you to MITM attacks.
#[arg(
long,
env = "UV_TRUSTED_HOST",
alias = "trusted-host",
env = "UV_INSECURE_HOST",
value_delimiter = ' ',
value_parser = parse_trusted_host,
value_parser = parse_insecure_host,
)]
pub trusted_host: Option<Vec<Maybe<TrustedHost>>>,
pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,

/// Use the system Python to uninstall packages.
///
Expand Down Expand Up @@ -2012,20 +2016,24 @@ pub struct VenvArgs {
#[arg(long, value_enum, env = "UV_KEYRING_PROVIDER")]
pub keyring_provider: Option<KeyringProviderType>,

/// A list of trusted hosts for SSL connections.
/// Allow insecure connections to a host.
///
/// Can be provided multiple times.
///
/// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair
/// (e.g., `localhost:8080`).
/// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
/// `localhost:8080`), or a URL (e.g., `https://localhost`).
///
/// WARNING: Hosts included in this list will not be verified against the system's certificate
/// store.
/// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
/// bypasses SSL verification and could expose you to MITM attacks.
#[arg(
long,
env = "UV_TRUSTED_HOST",
alias = "trusted-host",
env = "UV_INSECURE_HOST",
value_delimiter = ' ',
value_parser = parse_trusted_host,
value_parser = parse_insecure_host,
)]
pub trusted_host: Option<Vec<Maybe<TrustedHost>>>,
pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,

/// Limit candidate packages to those that were uploaded prior to the given date.
///
Expand Down Expand Up @@ -3366,21 +3374,25 @@ pub struct InstallerArgs {
)]
pub keyring_provider: Option<KeyringProviderType>,

/// A list of trusted hosts for SSL connections.
/// Allow insecure connections to a host.
///
/// Can be provided multiple times.
///
/// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair
/// (e.g., `localhost:8080`).
/// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
/// `localhost:8080`), or a URL (e.g., `https://localhost`).
///
/// WARNING: Hosts included in this list will not be verified against the system's certificate
/// store.
/// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
/// bypasses SSL verification and could expose you to MITM attacks.
#[arg(
long,
env = "UV_TRUSTED_HOST",
alias = "trusted-host",
env = "UV_INSECURE_HOST",
value_delimiter = ' ',
value_parser = parse_trusted_host,
value_parser = parse_insecure_host,
help_heading = "Index options"
)]
pub trusted_host: Option<Vec<Maybe<TrustedHost>>>,
pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,

/// Settings to pass to the PEP 517 build backend, specified as `KEY=VALUE` pairs.
#[arg(
Expand Down Expand Up @@ -3524,21 +3536,25 @@ pub struct ResolverArgs {
)]
pub keyring_provider: Option<KeyringProviderType>,

/// A list of trusted hosts for SSL connections.
/// Allow insecure connections to a host.
///
/// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair
/// (e.g., `localhost:8080`).
/// Can be provided multiple times.
///
/// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
/// `localhost:8080`), or a URL (e.g., `https://localhost`).
///
/// WARNING: Hosts included in this list will not be verified against the system's certificate
/// store.
/// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
/// bypasses SSL verification and could expose you to MITM attacks.
#[arg(
long,
env = "UV_TRUSTED_HOST",
alias = "trusted-host",
env = "UV_INSECURE_HOST",
value_delimiter = ' ',
value_parser = parse_trusted_host,
value_parser = parse_insecure_host,
help_heading = "Index options"
)]
pub trusted_host: Option<Vec<Maybe<TrustedHost>>>,
pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,

/// The strategy to use when selecting between the different compatible versions for a given
/// package requirement.
Expand Down Expand Up @@ -3712,21 +3728,25 @@ pub struct ResolverInstallerArgs {
)]
pub keyring_provider: Option<KeyringProviderType>,

/// A list of trusted hosts for SSL connections.
/// Allow insecure connections to a host.
///
/// Can be provided multiple times.
///
/// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair
/// (e.g., `localhost:8080`).
/// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
/// `localhost:8080`), or a URL (e.g., `https://localhost`).
///
/// WARNING: Hosts included in this list will not be verified against the system's certificate
/// store.
/// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
/// bypasses SSL verification and could expose you to MITM attacks.
#[arg(
long,
env = "UV_TRUSTED_HOST",
alias = "trusted-host",
env = "UV_INSECURE_HOST",
value_delimiter = ' ',
value_parser = parse_trusted_host,
value_parser = parse_insecure_host,
help_heading = "Index options"
)]
pub trusted_host: Option<Vec<Maybe<TrustedHost>>>,
pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,

/// The strategy to use when selecting between the different compatible versions for a given
/// package requirement.
Expand Down
30 changes: 15 additions & 15 deletions crates/uv-cli/src/options.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ impl From<ResolverArgs> for PipOptions {
upgrade_package,
index_strategy,
keyring_provider,
trusted_host,
allow_insecure_host,
resolution,
prerelease,
pre,
Expand All @@ -56,8 +56,8 @@ impl From<ResolverArgs> for PipOptions {
upgrade_package: Some(upgrade_package),
index_strategy,
keyring_provider,
trusted_host: trusted_host.map(|trusted_host| {
trusted_host
allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
allow_insecure_host
.into_iter()
.filter_map(Maybe::into_option)
.collect()
Expand Down Expand Up @@ -89,7 +89,7 @@ impl From<InstallerArgs> for PipOptions {
reinstall_package,
index_strategy,
keyring_provider,
trusted_host,
allow_insecure_host,
config_setting,
no_build_isolation,
build_isolation,
Expand All @@ -105,8 +105,8 @@ impl From<InstallerArgs> for PipOptions {
reinstall_package: Some(reinstall_package),
index_strategy,
keyring_provider,
trusted_host: trusted_host.map(|trusted_host| {
trusted_host
allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
allow_insecure_host
.into_iter()
.filter_map(Maybe::into_option)
.collect()
Expand Down Expand Up @@ -135,7 +135,7 @@ impl From<ResolverInstallerArgs> for PipOptions {
reinstall_package,
index_strategy,
keyring_provider,
trusted_host,
allow_insecure_host,
resolution,
prerelease,
pre,
Expand All @@ -157,8 +157,8 @@ impl From<ResolverInstallerArgs> for PipOptions {
reinstall_package: Some(reinstall_package),
index_strategy,
keyring_provider,
trusted_host: trusted_host.map(|trusted_host| {
trusted_host
allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
allow_insecure_host
.into_iter()
.filter_map(Maybe::into_option)
.collect()
Expand Down Expand Up @@ -215,7 +215,7 @@ pub fn resolver_options(resolver_args: ResolverArgs, build_args: BuildArgs) -> R
upgrade_package,
index_strategy,
keyring_provider,
trusted_host,
allow_insecure_host,
resolution,
prerelease,
pre,
Expand Down Expand Up @@ -255,8 +255,8 @@ pub fn resolver_options(resolver_args: ResolverArgs, build_args: BuildArgs) -> R
upgrade_package: Some(upgrade_package),
index_strategy,
keyring_provider,
trusted_host: trusted_host.map(|trusted_host| {
trusted_host
allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
allow_insecure_host
.into_iter()
.filter_map(Maybe::into_option)
.collect()
Expand Down Expand Up @@ -296,7 +296,7 @@ pub fn resolver_installer_options(
reinstall_package,
index_strategy,
keyring_provider,
trusted_host,
allow_insecure_host,
resolution,
prerelease,
pre,
Expand Down Expand Up @@ -348,8 +348,8 @@ pub fn resolver_installer_options(
},
index_strategy,
keyring_provider,
trusted_host: trusted_host.map(|trusted_host| {
trusted_host
allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
allow_insecure_host
.into_iter()
.filter_map(Maybe::into_option)
.collect()
Expand Down
18 changes: 9 additions & 9 deletions crates/uv-client/src/base_client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ use crate::Connectivity;
#[derive(Debug, Clone)]
pub struct BaseClientBuilder<'a> {
keyring: KeyringProviderType,
trusted_host: Vec<TrustedHost>,
allow_insecure_host: Vec<TrustedHost>,
native_tls: bool,
retries: u32,
pub connectivity: Connectivity,
Expand All @@ -48,7 +48,7 @@ impl BaseClientBuilder<'_> {
pub fn new() -> Self {
Self {
keyring: KeyringProviderType::default(),
trusted_host: vec![],
allow_insecure_host: vec![],
native_tls: false,
connectivity: Connectivity::Online,
retries: 3,
Expand All @@ -67,8 +67,8 @@ impl<'a> BaseClientBuilder<'a> {
}

#[must_use]
pub fn trusted_host(mut self, trusted_host: Vec<TrustedHost>) -> Self {
self.trusted_host = trusted_host;
pub fn allow_insecure_host(mut self, allow_insecure_host: Vec<TrustedHost>) -> Self {
self.allow_insecure_host = allow_insecure_host;
self
}

Expand Down Expand Up @@ -175,7 +175,7 @@ impl<'a> BaseClientBuilder<'a> {

BaseClient {
connectivity: self.connectivity,
trusted_host: self.trusted_host.clone(),
allow_insecure_host: self.allow_insecure_host.clone(),
client,
dangerous_client,
timeout,
Expand Down Expand Up @@ -264,8 +264,8 @@ pub struct BaseClient {
connectivity: Connectivity,
/// Configured client timeout, in seconds.
timeout: u64,
/// The host that is trusted to use the insecure client.
trusted_host: Vec<TrustedHost>,
/// Hosts that are trusted to use the insecure client.
allow_insecure_host: Vec<TrustedHost>,
}

#[derive(Debug, Clone, Copy)]
Expand All @@ -285,9 +285,9 @@ impl BaseClient {
/// Selects the appropriate client based on the host's trustworthiness.
pub fn for_host(&self, url: &Url) -> &ClientWithMiddleware {
if self
.trusted_host
.allow_insecure_host
.iter()
.any(|trusted_host| trusted_host.matches(url))
.any(|allow_insecure_host| allow_insecure_host.matches(url))
{
&self.dangerous_client
} else {
Expand Down
6 changes: 4 additions & 2 deletions crates/uv-client/src/registry_client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,10 @@ impl<'a> RegistryClientBuilder<'a> {
}

#[must_use]
pub fn trusted_host(mut self, trusted_host: Vec<TrustedHost>) -> Self {
self.base_client_builder = self.base_client_builder.trusted_host(trusted_host);
pub fn allow_insecure_host(mut self, allow_insecure_host: Vec<TrustedHost>) -> Self {
self.base_client_builder = self
.base_client_builder
.allow_insecure_host(allow_insecure_host);
self
}

Expand Down
8 changes: 8 additions & 0 deletions crates/uv-configuration/src/trusted_host.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ impl std::str::FromStr for TrustedHost {
let mut parts = s.splitn(2, ':');
let host = parts
.next()
.and_then(|host| host.split('/').next())
.ok_or_else(|| TrustedHostError::MissingHost(s.to_string()))?;
let port = parts
.next()
Expand Down Expand Up @@ -91,5 +92,12 @@ mod tests {
"https://example.com".parse::<super::TrustedHost>().unwrap(),
super::TrustedHost::Host("example.com".to_string())
);

assert_eq!(
"https://example.com/hello/world"
.parse::<super::TrustedHost>()
.unwrap(),
super::TrustedHost::Host("example.com".to_string())
);
}
}
Loading

0 comments on commit d734fd7

Please sign in to comment.