From 8f573b8aa811f71943aa1b89bdef8c658fef7b63 Mon Sep 17 00:00:00 2001
From: Saurav Tiwary <21277837+dr0pdb@users.noreply.github.com>
Date: Thu, 16 Mar 2023 18:10:57 +0530
Subject: [PATCH] [DB-3774] cqlsh: Provide option to disable DEBUG command in
 ycqlsh

Summary:
This diff provides an option to disable the `DEBUG` command which opens a Python debugging session.

To disable the debugging functionality, the `ycqlsh` command be started with option `--disallow_python_debug`. The default value of the flag is False.

Test Plan:
Tried on local machine

```
>> ./ycqlsh
Connected to local cluster at 127.0.0.1:9042.
[ycqlsh 5.0.1 | Cassandra 3.9-SNAPSHOT | CQL spec 3.4.2 | Native protocol v4]
Use HELP for help.
ycqlsh> debug
--Return--
> /Users/stiwary/code/cqlsh/bin/ycqlsh.py(2050)do_debug()->None
-> pdb.set_trace()
(Pdb) exit

ycqlsh> exit

>>./ycqlsh --disallow_python_debug

Connected to local cluster at 127.0.0.1:9042.
[ycqlsh 5.0.1 | Cassandra 3.9-SNAPSHOT | CQL spec 3.4.2 | Native protocol v4]
Use HELP for help.
ycqlsh> debug
*** Python debugger disabled because shell started with --disallow_python_debug
ycqlsh> exit
```

Reviewers: skumar, oleg

Reviewed By: oleg

Subscribers: yql

Differential Revision: https://phabricator.dev.yugabyte.com/D23650
---
 bin/ycqlsh.py | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/bin/ycqlsh.py b/bin/ycqlsh.py
index 6ad743e..e5b169f 100755
--- a/bin/ycqlsh.py
+++ b/bin/ycqlsh.py
@@ -193,6 +193,8 @@ def find_zip(libprefix):
 DEFAULT_DOUBLE_PRECISION = 5
 DEFAULT_MAX_TRACE_WAIT = 10
 
+DEFAULT_DISALLOW_PYTHON_DEBUG = False
+
 if readline is not None and readline.__doc__ is not None and 'libedit' in readline.__doc__:
     DEFAULT_COMPLETEKEY = '\t'
 else:
@@ -239,6 +241,8 @@ def find_zip(libprefix):
                   help='Force tty mode (command prompt).')
 parser.add_option("-r", "--refresh_on_describe", action='store_true',
                   help='Force refreshing of the schema metadata on DESCRIBE command.')
+parser.add_option("--disallow_python_debug", default=DEFAULT_DISALLOW_PYTHON_DEBUG, action='store_true', 
+                  help='Disallow the DEBUG command to start a Python debugger session')
 
 optvalues = optparse.Values()
 (options, arguments) = parser.parse_args(sys.argv[1:], values=optvalues)
@@ -464,7 +468,8 @@ def __init__(self, hostname, port, color=False,
                  request_timeout=DEFAULT_REQUEST_TIMEOUT_SECONDS,
                  protocol_version=DEFAULT_PROTOCOL_VERSION,
                  connect_timeout=DEFAULT_CONNECT_TIMEOUT_SECONDS,
-                 refresh_on_describe=False):
+                 refresh_on_describe=False,
+                 disallow_python_debug=DEFAULT_DISALLOW_PYTHON_DEBUG):
         cmd.Cmd.__init__(self, completekey=completekey)
         self.hostname = hostname
         self.port = port
@@ -551,6 +556,7 @@ def __init__(self, hostname, port, color=False,
         self.single_statement = single_statement
 
         self.refresh_on_describe = refresh_on_describe
+        self.disallow_python_debug = disallow_python_debug
 
     @property
     def is_using_utf8(self):
@@ -1807,7 +1813,8 @@ def do_source(self, parsed):
                          max_trace_wait=self.max_trace_wait, ssl=self.ssl,
                          request_timeout=self.session.default_timeout,
                          connect_timeout=self.conn.connect_timeout,
-                         refresh_on_describe=self.refresh_on_describe)
+                         refresh_on_describe=self.refresh_on_describe,
+                         disallow_python_debug=self.disallow_python_debug)
         subshell.cmdloop()
         f.close()
 
@@ -2035,6 +2042,10 @@ def do_clear(self, parsed):
     do_cls = do_clear
 
     def do_debug(self, parsed):
+        if self.disallow_python_debug:
+            self.printerr("*** Python debugger disabled because shell started with --disallow_python_debug")
+            return
+
         import pdb
         pdb.set_trace()
 
@@ -2259,6 +2270,7 @@ def read_options(cmdlineargs, environment):
     optvalues.username = option_with_default(configs.get, 'authentication', 'username')
     optvalues.password = option_with_default(rawconfigs.get, 'authentication', 'password')
     optvalues.keyspace = option_with_default(configs.get, 'authentication', 'keyspace')
+    optvalues.disallow_python_debug = option_with_default(configs.getboolean, 'authorization', 'disallow_python_debug', DEFAULT_DISALLOW_PYTHON_DEBUG)
     optvalues.browser = option_with_default(configs.get, 'ui', 'browser', None)
     optvalues.completekey = option_with_default(configs.get, 'ui', 'completekey',
                                                 DEFAULT_COMPLETEKEY)
@@ -2452,7 +2464,8 @@ def main(options, hostname, port):
                       request_timeout=options.request_timeout,
                       connect_timeout=options.connect_timeout,
                       encoding=options.encoding,
-                      refresh_on_describe=options.refresh_on_describe)
+                      refresh_on_describe=options.refresh_on_describe,
+                      disallow_python_debug=options.disallow_python_debug)
     except KeyboardInterrupt:
         sys.exit('Connection aborted.')
     except CQL_ERRORS as e: