Skip to content

Add pykernel support; add testing suite; overhaul documentation #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hdpriest-ui merged 9 commits into from
Jul 28, 2025
Merged

Add pykernel support; add testing suite; overhaul documentation #5

hdpriest-ui merged 9 commits into from
Jul 28, 2025

Conversation

@hdpriest-ui
Copy link
Collaborator

@hdpriest-ui hdpriest-ui commented Jul 28, 2025

  • enabled R and Python separation in catalogs
  • much more robust protection against poor user inputs
  • changeover from 'library' terminology to 'kernel' terminology
  • confirmed functionality for jupyter notebooks (with much manual clicking still)
  • first draft walkthrough for jupyer use
  • testing suite has 3 misconfigured tests
  • first attempt at integration into docker image (this isn't the place this will actually be integrated)

==========================================
Test Summary

Total Tests: 45
Passed: 42
Failed: 3
Skipped: 0

✗ FAIL: 3 test(s) failed

Failed Tests:

  • kernels_use_python_none
  • kernels_remove_symlink_attack
  • kernels_remove_careless_spaces

@hdpriest-ui
Refactor ICRN Manager to support kernel management
091ea77 
- Updated script and documentation to transition from library to kernel management.
- Renamed variables and functions to reflect kernel terminology.
- Adjusted user commands and error messages to align with new kernel structure.
- Enhanced documentation to guide users on managing R and Python kernels.
- Introduced a new hierarchical catalog structure for kernels in the central repository.
- Updated Docker setup and workflows to accommodate kernel management features.
@hdpriest-ui
interim commit to avoid work-loss
7548c18
@hdpriest-ui
Enhance ICRN Manager kernel usage and error handling
c555dd5 
- Improved error messages for kernel management commands, providing clearer guidance on usage and parameter requirements.
- Updated the `kernels use` command to support a "none" option for both R and Python, with appropriate messaging for each language.
- Enhanced the `update_r_libs.sh` script to validate file paths and permissions, ensuring robust error handling.
- Expanded test coverage for kernel commands, including new tests for handling "none" parameters and improved validation checks.
- Updated documentation to reflect changes in error handling and testing procedures.
@hdpriest-ui
Implement Python kernel management in ICRN Manager
15aa47b 
- Added functionality for removing and using Python kernels, including checks for installed kernels and user catalog entries.
- Enhanced the `kernels use` command to support Python, allowing for installation and activation of Python kernels in Jupyter.
- Implemented error handling for invalid characters in kernel names and versions to prevent security vulnerabilities.
- Updated documentation to include examples for Python kernel usage and management.
- Expanded test coverage for Python kernel operations, ensuring robust validation and error handling.
@hdpriest-ui
do not chown /sw to the nb user. nope.
bd0d0f9
@hdpriest-ui
- enforced casing (ucfirst) for use languages
07a16cb 
- corrected exdisting kernel discovery by using complete matches
@hdpriest-ui
tested on ICRN with py, added walkthrough after testing. added images…
08f3610 
… for walkthrough
cursor[bot]
cursor bot reviewed Jul 28, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bugbot free trial expires on August 11, 2025
Learn more in the Cursor dashboard.

icrn_manager
echo "Error: Invalid characters in kernel name or version. Cannot contain wildcards (*?[]) or path separators (/)"
exit 1
fi

Copy link

@cursor cursor bot Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Regex Validation Flaws Expose Security Risks

The input validation regex patterns in kernels__get() and kernels__remove() are malformed and inconsistent, creating security vulnerabilities.

  1. Malformed Syntax: The character class [\]\/\[\*\?\] is syntactically problematic, potentially leading to unpredictable validation behavior.
  2. Inconsistent Backslash Validation: The kernels__remove() function's regex [\]\/\[\*\?\] is missing the literal backslash (\\) validation present in kernels__get(). This allows backslashes, which could be used for path traversal attacks, to bypass validation in remove.
  3. Missing Space Validation: The regex patterns in both functions do not reject spaces, which is inconsistent with expected security behavior and could lead to shell parsing issues.
Locations (1)
Fix in Cursor Fix in Web

cursor[bot]
cursor bot reviewed Jul 28, 2025
View reviewed changes
icrn_manager
ICRN_LIBRARY_REPOSITORY=$(jq -r ".\"icrn_central_catalog_path\"" "${ICRN_MANAGER_CONFIG}")
ICRN_LIBRARIES=${ICRN_LIBRARY_REPOSITORY}"/"$(jq -r ".\"icrn_r_kernels\"" "${ICRN_MANAGER_CONFIG}")
ICRN_LIBRARY_CATALOG=${ICRN_LIBRARIES}"/"$(jq -r ".\"icrn_kernel_catalog\"" "${ICRN_MANAGER_CONFIG}")
ICRN_KERNEL_REPOSITORY=$(jq -r ".\"icrn_central_catalog_path\"" "${ICRN_MANAGER_CONFIG}")
Copy link

@cursor cursor bot Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Bash Condition Fails to Check Variable Value

The bash conditional if [ -n overwrite ]; then is missing the variable dereference operator ($) and quotes. It should be if [ -n "$overwrite" ]; then. This causes the condition to always evaluate to true, as it checks the literal string "overwrite" instead of the variable's value. Consequently, the central catalog path is always updated in the manager configuration, regardless of whether an overwrite was intended.

Locations (1)
Fix in Cursor Fix in Web

cursor[bot]
cursor bot reviewed Jul 28, 2025
View reviewed changes
icrn_manager
if [[ "$targetname" =~ [\]\/\[\*\?\\] ]] || [[ "$version" =~ [\]\/\[\*\?\\] ]]; then
echo "Error: Invalid characters in kernel name or version. Cannot contain wildcards (*?[]) or path separators (/)"
exit 1
fi
Copy link

@cursor cursor bot Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Malformed Regex Causes Security Vulnerability

The kernels__remove function's input validation regex ([\]\/\[\*\?\]) is malformed, as the final backslash escapes the closing bracket, preventing the character class from properly closing. This regex also inconsistently omits backslash validation (\\) compared to the kernels__get function's regex ([\]\/\[\*\?\\]). This creates a security vulnerability where backslash-based path traversal or escape sequence attacks could bypass validation in kernels__remove.

Locations (2)
Fix in Cursor Fix in Web

@hdpriest-ui hdpriest-ui merged commit 30a9464 into main Jul 28, 2025
2 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cursor cursor[bot] cursor[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hdpriest-ui