Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow "save as" to save notebooks using absolute path #254

Open
divyansshhh opened this issue Jul 12, 2023 · 6 comments
Open

Allow "save as" to save notebooks using absolute path #254

divyansshhh opened this issue Jul 12, 2023 · 6 comments

Comments

@divyansshhh
Copy link

Currently the "save as" widget accepts path relative to the notebook dir. Can we allow saving of notebooks using the absolute path?

@andrewfulton9
Copy link

@divyansshhh, could you give more detail to the issue you are running into? This issue may also be helpful to understand absolute vs relative paths in jupyter_server.

@Carreau
Copy link
Member

Carreau commented Aug 15, 2023

I would need to check the code again but historically this is not possible for two reasons:

  1. Abstractions: The notebook store are swappable – some people store things in say postgres in which absolute path make no sens.

  2. For security reason the notebook server is not aware of anythings outside of notebook_dir, or it may both: leak information, or allow to escape its root. I think a number of users would be really concern if this was changed.

Technically this also poses a number of challenges, many of the API requests contain the path in the URL, and thus going "above" the root would either require

  • /../ in the URL. This is not possible as many clients (browser), normalize URL. Thus path/to/api/../../tmp/foo.ipynb becomes path/tmp/foo.ipynb and the server would not know what to do.
  • Massive changes to the API

So I doubt in the long term it will be done.

@Carreau
Copy link
Member

Carreau commented Aug 16, 2023

From from discussion, in @divyansshhh case the server are started from the root of the FS, so we are refering both to the root of the server and the root of the FS (which in case is the same). So fixing UI to accept things starting with /, does make sens.

@andrewfulton9
Copy link

I am not able to reproduce this when the root of the host FileSystem is the same as the root of the server. I am only able to reproduce an error when they are different. This is with jupyter server version 1.19.1 and the main branch (f9e5b2b) of nbclassic.

@divyansshhh
Copy link
Author

divyansshhh commented Sep 25, 2023

I am only able to reproduce an error when they are different.

We have certain use cases where the two values will be different. So it would be useful to fix this for those cases.

FTR - we are using jupyter-server 2.7.0 and nbclassic 0.5.6

@Carreau Carreau self-assigned this Sep 25, 2023
@Carreau
Copy link
Member

Carreau commented Sep 29, 2023

We have certain use cases where the two values will be different. So it would be useful to fix this for those cases.

FTR - we are using jupyter-server 2.7.0 and nbclassic 0.5.6

Just as a clarification, if the root of the filesystem and the --notebook-dir are different, then we cannot provide a fix upstream for multiple reasons.

First, a patch will be refused by the Jupyter Core team and any such behavior would be considered a security vulnerability and an emergency released issued to removed this vulnerability. (Disclaimer I'm on the Jupyter Security Committee)

Second, accessing anything above /user/matthias would be considered a CVE/CWE For example one of CWE-22 or CWE-35. If the server root is say /user/matthias, then saving into /my/aboslute/path.ipynb from the UI should save into /user/matthias/my/aboslute/path.ipynb.

Beyond this there are technical challenges. Moving above the server root will also hit browser limitations (ie a browser will collapse /xxx/something/../yyy into /xxx/yyy/). Typical penetration testing tools do not use this collapsing exactly to try to find vulnerable software. While the server could try to support it, it is likely this will break in weird ways and expose sensitive informations.

The recommended pattern if you wish to have access to the whole filesystem, then you should set the server root to / and use --preferred_dir=/User/matthias/notebook_folder or c.ServerApp.preferred_dir= (the short version might not be possible everywhere) for the UI to start in this folder.

@Carreau Carreau removed their assignment Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants