diff --git a/continuous_integration/recipe/meta.yaml b/continuous_integration/recipe/meta.yaml index 518c167bb..8ff12cdf4 100644 --- a/continuous_integration/recipe/meta.yaml +++ b/continuous_integration/recipe/meta.yaml @@ -15,8 +15,7 @@ build: number: {{ GIT_DESCRIBE_NUMBER }} noarch: python entry_points: - # TODO: re-enable server once CVEs are resolved - # - dask-sql-server = dask_sql.server.app:main + - dask-sql-server = dask_sql.server.app:main - dask-sql = dask_sql.cmd:main string: py_{{ GIT_DESCRIBE_HASH }}_{{ GIT_DESCRIBE_NUMBER }} script: {{ PYTHON }} -m pip install . --no-deps -vv @@ -46,8 +45,7 @@ test: - dask_sql commands: - pip check - # TODO: re-enable server once CVEs are resolved - # - dask-sql-server --help + - dask-sql-server --help - dask-sql --help requires: - pip diff --git a/dask_sql/__init__.py b/dask_sql/__init__.py index 96a70d873..d343a4c5c 100644 --- a/dask_sql/__init__.py +++ b/dask_sql/__init__.py @@ -3,12 +3,9 @@ from .cmd import cmd_loop from .context import Context from .datacontainer import Statistics - -# from .server.app import run_server +from .server.app import run_server __version__ = get_versions()["version"] del get_versions -# TODO: re-enable server once CVEs are resolved -# __all__ = [__version__, cmd_loop, Context, run_server, Statistics] -__all__ = [__version__, cmd_loop, Context, Statistics] +__all__ = [__version__, cmd_loop, Context, run_server, Statistics] diff --git a/dask_sql/context.py b/dask_sql/context.py index 0449f4835..98cc46e21 100644 --- a/dask_sql/context.py +++ b/dask_sql/context.py @@ -659,7 +659,7 @@ def run_server( from dask_sql.server.app import run_server self.stop_server() - self.sql_server = run_server( + self.server = run_server( context=self, client=client, host=host, diff --git a/dask_sql/server/app.py b/dask_sql/server/app.py index 261f75831..634de3856 100644 --- a/dask_sql/server/app.py +++ b/dask_sql/server/app.py @@ -276,9 +276,6 @@ def _init_app( context: Context = None, client: dask.distributed.Client = None, ): - # TODO: re-enable server once CVEs are resolved - raise NotImplementedError - app.c = context or Context() app.future_list = {} diff --git a/docs/source/server.rst b/docs/source/server.rst index 8993d55fb..70ad902e9 100644 --- a/docs/source/server.rst +++ b/docs/source/server.rst @@ -3,10 +3,6 @@ SQL Server ========== -.. warning:: - - ``dask-sql``'s SQL server functionality is currently exploitable and has been disabled until the exposed vulnerabilities can be resolved. - ``dask-sql`` comes with a small test implementation for a SQL server. Instead of rebuilding a full ODBC driver, we re-use the `presto wire protocol `_. diff --git a/planner/pom.xml b/planner/pom.xml index 2cdb09240..2d6825c3a 100755 --- a/planner/pom.xml +++ b/planner/pom.xml @@ -61,6 +61,11 @@ avatica-core 1.20.0 + + org.apache.httpcomponents + httpclient + 4.5.13 + org.apiguardian apiguardian-api diff --git a/setup.py b/setup.py index d8bbabfb4..844f52880 100755 --- a/setup.py +++ b/setup.py @@ -116,8 +116,7 @@ def build(self): }, entry_points={ "console_scripts": [ - # TODO: re-enable server once CVEs are resolved - # "dask-sql-server = dask_sql.server.app:main", + "dask-sql-server = dask_sql.server.app:main", "dask-sql = dask_sql.cmd:main", ] }, diff --git a/tests/integration/test_cve_fix.py b/tests/integration/test_cve_fix.py deleted file mode 100644 index 87ec03bf1..000000000 --- a/tests/integration/test_cve_fix.py +++ /dev/null @@ -1,16 +0,0 @@ -import pytest - -from dask_sql import Context -from dask_sql.server.app import _init_app, app - - -def test_run_server_disabled(c): - with pytest.raises(NotImplementedError): - c.run_server() - - -def test_init_app_disabled(): - c = Context() - c.sql("SELECT 1 + 1").compute() - with pytest.raises(NotImplementedError): - _init_app(app, c) diff --git a/tests/integration/test_jdbc.py b/tests/integration/test_jdbc.py index 2f6eb464b..f8426ae46 100644 --- a/tests/integration/test_jdbc.py +++ b/tests/integration/test_jdbc.py @@ -7,11 +7,6 @@ from dask_sql.server.app import _init_app, app from dask_sql.server.presto_jdbc import create_meta_data -# TODO: re-enable server once CVEs are resolved -pytest.skip( - "SQL server is disabled until related CVEs are resolved", allow_module_level=True -) - # needed for the testclient pytest.importorskip("requests") diff --git a/tests/integration/test_server.py b/tests/integration/test_server.py index c5c460903..88d08a4f7 100644 --- a/tests/integration/test_server.py +++ b/tests/integration/test_server.py @@ -5,11 +5,6 @@ from dask_sql import Context from dask_sql.server.app import _init_app, app -# TODO: re-enable server once CVEs are resolved -pytest.skip( - "SQL server is disabled until related CVEs are resolved", allow_module_level=True -) - # needed for the testclient pytest.importorskip("requests") @@ -28,35 +23,6 @@ def app_client(): app.client.close() -def get_result_or_error(app_client, response): - result = response.json() - - assert "nextUri" in result - assert "error" not in result - - status_url = result["nextUri"] - next_url = status_url - - counter = 0 - while True: - response = app_client.get(next_url) - assert response.status_code == 200 - - result = response.json() - - if "nextUri" not in result: - break - - next_url = result["nextUri"] - - counter += 1 - assert counter <= 100 - - sleep(0.1) - - return result - - def test_routes(app_client): assert app_client.post("/v1/statement", data="SELECT 1 + 1").status_code == 200 assert app_client.get("/v1/statement", data="SELECT 1 + 1").status_code == 405 @@ -208,3 +174,32 @@ def test_inf_table(app_client, user_table_inf): assert len(result["data"]) == 3 assert result["data"][1] == ["+Infinity"] assert "error" not in result + + +def get_result_or_error(app_client, response): + result = response.json() + + assert "nextUri" in result + assert "error" not in result + + status_url = result["nextUri"] + next_url = status_url + + counter = 0 + while True: + response = app_client.get(next_url) + assert response.status_code == 200 + + result = response.json() + + if "nextUri" not in result: + break + + next_url = result["nextUri"] + + counter += 1 + assert counter <= 100 + + sleep(0.1) + + return result