Feedback: validate sock-mode.

Author: kwlzn

notebook/notebookapp.py

@@ -26,6 +26,7 @@
 import select
 import signal
 import socket
+import stat
 import sys
 import tempfile
 import threading
@@ -759,7 +760,7 @@ def _default_ip(self):
             return 'localhost'
 
     @validate('ip')
-    def _valdate_ip(self, proposal):
+    def _validate_ip(self, proposal):
         value = proposal['value']
         if value == u'*':
             value = u''
@@ -786,10 +787,28 @@ def _valdate_ip(self, proposal):
         help=_("The UNIX socket the notebook server will listen on.")
     )
 
-    sock_mode = Unicode(u'0600', config=True,
-        help=_("The permissions mode/umask for UNIX socket creation (default: 0600).")
+    sock_mode = Integer(int('0600', 8), config=True,
+        help=_("The permissions mode for UNIX socket creation (default: 0600).")
     )
 
+    @validate('sock_mode')
+    def _validate_sock_mode(self, proposal):
+        value = proposal['value']
+        try:
+            converted_value = int(value.encode(), 8)
+            # Ensure the mode is at least user readable/writable.
+            assert all((
+                bool(converted_value & stat.S_IRUSR),
+                bool(converted_value & stat.S_IWUSR),
+            ))
+        except ValueError:
+            raise TraitError('invalid --sock-mode value: %s' % value)
+        except AssertionError:
+            raise TraitError(
+                'invalid --sock-mode value: %s, must have u+rw (0600) at a minimum' % value
+            )
+        return converted_value
+
     port_retries = Integer(50, config=True,
         help=_("The number of additional ports to try if the specified port is not available.")
     )
@@ -1616,7 +1635,7 @@ def _bind_http_server(self):
 
     def _bind_http_server_unix(self):
         try:
-            sock = bind_unix_socket(self.sock, mode=int(self.sock_mode.encode(), 8))
+            sock = bind_unix_socket(self.sock, mode=self.sock_mode)
             self.http_server.add_socket(sock)
         except socket.error as e:
             if e.errno == errno.EADDRINUSE:

notebook/tests/test_notebookapp_integration.py

@@ -17,11 +17,13 @@ def test_shutdown_sock_server_integration():
     encoded_sock_path = urlencode_unix_socket_path(sock)
 
     p = subprocess.Popen(
-        ['jupyter-notebook', '--sock=%s' % sock],
+        ['jupyter-notebook', '--sock=%s' % sock, '--sock-mode=0700'],
         stdout=subprocess.PIPE, stderr=subprocess.PIPE
     )
 
+    complete = False
     for line in iter(p.stderr.readline, b''):
+        print(line)
         if url in line:
             complete = True
             break
@@ -30,8 +32,8 @@ def test_shutdown_sock_server_integration():
 
     assert encoded_sock_path.encode() in subprocess.check_output(['jupyter-notebook', 'list'])
 
-    # Ensure default umask is properly applied.
-    assert stat.S_IMODE(os.lstat(sock).st_mode) == 0o600
+    # Ensure umask is properly applied.
+    assert stat.S_IMODE(os.lstat(sock).st_mode) == 0o700
 
     try:
         subprocess.check_output(['jupyter-notebook', 'stop'], stderr=subprocess.STDOUT)
@@ -49,6 +51,29 @@ def test_shutdown_sock_server_integration():
     p.wait()
 
 
+def test_sock_server_validate_sockmode_type():
+    try:
+        subprocess.check_output(
+            ['jupyter-notebook', '--sock=/tmp/nonexistent', '--sock-mode=badbadbad'],
+            stderr=subprocess.STDOUT
+        )
+    except subprocess.CalledProcessError as e:
+        assert 'badbadbad' in e.output.decode()
+    else:
+        raise AssertionError('expected execution to fail due to validation of --sock-mode param')
+
+
+def test_sock_server_validate_sockmode_accessible():
+    try:
+        subprocess.check_output(
+            ['jupyter-notebook', '--sock=/tmp/nonexistent', '--sock-mode=0444'],
+            stderr=subprocess.STDOUT
+        )
+    except subprocess.CalledProcessError as e:
+        assert '0444' in e.output.decode()
+    else:
+        raise AssertionError('expected execution to fail due to validation of --sock-mode param')
+
 
 def _ensure_stopped(check_msg='There are no running servers'):
     try: