[Geoserver-devel] GSIP 218: Control remote HTTP requests sent by GeoTools \ GeoServer

HI all,
this is a revival of the old GSIP-189, a bit modernized, with a smaller initial scope (that should help us get an implementation going safeguarding some remote access functionality sooner rather than later).

Please review, discuss, vote:
https://github.com/geoserver/geoserver/wiki/GSIP-218

Best regards
Andrea

···

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

The URL checker has a yes/no response - but is written as a yes/don’t care - since to access only one URL checker needs to say yes.

To address feedback:

  • Adjust javadoc, or
  • Provide three states: ALLOW, BLOCK, NO_OPINION

My preference is to return an Enum even if just two states are permitted to prevent any confusion.

···


Jody Garnett

Hi Jody,
while the suggestion seems to clarify things, it seems to me it’s making the implementation harder.

With a regular expression based system, how do you distinguish BLOCK and NO_OPINION (imagine we’d have different implementations, one based on regexes for user configured sites, and another one for the well known schema sites, such as schemas.opengis.org and xml.org, or a dynamic one allowing a store to declare that the server it’s talking to is safe).

The idea here is that the URL is now allowed, unless explicitly approved. All that we’re looking for is a “yes”.
The problem with the other state, is that it’s really just “not yes”, without any extra useful semantic attached to it.

Having a state like “BLOCK” would imply the implementation is based on a black list instead (anything but not this one).
Do you have a use case for it?

Cheers
Andrea

···

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

Indeed if you are just intended to back from a regex; then rephrase the javadoc or make the method name more clear than “evaluate”:

/**

  • Provide implementation to evaluate location/URL/URI passed in string form
···


Jody Garnett

Yep, makes sense, proposal updated.

Cheers
Andrea

···

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

Idea (feel free to indicate if it is out of scope).

Environmental variables were introduced to control access for entity resolution:

  • It may be possible to replace these with the new URLChecker and simplify the application. Or;
  • show them as a URLChecker that cannot be disabled in the user interface (to make it clear they are in play)

Reference: https://docs.geoserver.org/2.19.x/en/user/production/config.html#production-config-external-entities

···


Jody Garnett

Hi,

This looks like something I’ve been thinking about. Would love to implement such a solution. Too bad I’m not in a position to do so.

Could that blocking, you wanted Jody, be handled by throwing an exception?

Should this involve an addition to the HTTPClient interface as well? How to react on a failure to evaluate the url. Should it log a message or throw an exception? I suppose that is the thinking behind that SecureHTTPClient.

Often it’s hard to know exactly where a URL is specified. Especially if we include the XML Schema locations. Since it will be the HTTPClient that will log a warning or throw an exception. How could that object get enough information to give the user good feedback on which store / layer / process the admin needs to change? I suppose that varies from case to case and would be for a later version.

Best regards,
Roar Brænden

···


Jody Garnett

Roar:

I was mostly interested in clarifying the api; I just had an experience with enabling/disabling resources for different layers that had a similar OR test where any true was sufficient - and it was very confusing.

I do think that when this is ready it can be applied to geotools codebase as a wrapper on the http client… but that is an implementation detail.

The important thing is that this is a good addition and we should have an opportunity for future work simplifying the application.

···


Jody Garnett

Hi,

Ok, got that.

Regards, Roar

···


Jody Garnett

Hi Jody,
the proposal indicates the scope of the initial implementation: WMS remote SLD, WMS feature portrayal, WPS remote inputs.

That said, yes, entity resolution as set up in AllowListEntityResolver could be rewritten to operate
against a URLChecker… I guess the GeoServer URL checker could bind together the list of patterns
configured in the UI, and add the ones that are built-in for the AllowListEntityResolver (the GUI would
have to clarify that I guess, or have a separate list for those?).

For now it’s out of scope, but it’s certainly up for consideration down the line

Cheers
Andrea

···

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

HI Roar,
for the first round of implementation, I have no place that’s actually using the GeoTools HTTPClient interface.
Given this would be a wrapper, it does not seem much of a HTTPBehavior, but more of a hint, where the hint
value would be the URLChecker to use.

Generally speaking, I’d expect it to be handled in a similar way to the LoggingHTTPClient.

Cheers
Andrea

···

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

Hi,

I understand that this suggestion is more involved in GeoServer codebase than GeoTools.
And I also understand you want to keep a narrow scope.

But it brings on some interesting thoughts. What about MonitoringHTTPClient?

Hilsen Roar

···

Regards,
Andrea Aime

GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

+0, I think it is pretty much needed for security.

···

Regards,

Simone Giannecchini

Online training classes for GeoNode, GeoServer and MapStore from the experts!
Visit https://www.geosolutionsgroup.com/professional-training/ for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director GeoSolutions Italy
President GeoSolutions USA

phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928
US: +1 (845) 547-7905

http://www.geosolutionsgroup.com
http://twitter.com/geosolutions_it


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.

+0

···

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 331 6233686

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.

+1, better indeed to start with a smaller scope.

On Thu, Mar 23, 2023 at 1:55 PM Roar Brænden <roar.brenden.no@anonymised.com> wrote:

Hi,

I understand that this suggestion is more involved in GeoServer codebase than GeoTools.
And I also understand you want to keep a narrow scope.

But it brings on some interesting thoughts. What about MonitoringHTTPClient?

Hilsen Roar

  1. mar. 2023 kl. 10:50 skrev Andrea Aime <andrea.aime@anonymised.com>:

HI Roar,
for the first round of implementation, I have no place that’s actually using the GeoTools HTTPClient interface.
Given this would be a wrapper, it does not seem much of a HTTPBehavior, but more of a hint, where the hint
value would be the URLChecker to use.

Generally speaking, I’d expect it to be handled in a similar way to the LoggingHTTPClient.

Cheers
Andrea

On Wed, Mar 22, 2023 at 8:49 PM Roar Brænden <roar.brenden.no@anonymised.com403…> wrote:

Hi,

This looks like something I’ve been thinking about. Would love to implement such a solution. Too bad I’m not in a position to do so.

Could that blocking, you wanted Jody, be handled by throwing an exception?

Should this involve an addition to the HTTPClient interface as well? How to react on a failure to evaluate the url. Should it log a message or throw an exception? I suppose that is the thinking behind that SecureHTTPClient.

Often it’s hard to know exactly where a URL is specified. Especially if we include the XML Schema locations. Since it will be the HTTPClient that will log a warning or throw an exception. How could that object get enough information to give the user good feedback on which store / layer / process the admin needs to change? I suppose that varies from case to case and would be for a later version.

Best regards,
Roar Brænden

  1. mar. 2023 kl. 19:00 skrev Jody Garnett <jody.garnett@anonymised.com>:

Idea (feel free to indicate if it is out of scope).

Environmental variables were introduced to control access for entity resolution:

  • It may be possible to replace these with the new URLChecker and simplify the application. Or;
  • show them as a URLChecker that cannot be disabled in the user interface (to make it clear they are in play)

Reference: https://docs.geoserver.org/2.19.x/en/user/production/config.html#production-config-external-entities


Jody Garnett

On Wed, Mar 22, 2023 at 10:44 AM Andrea Aime <andrea.aime@anonymised.com> wrote:

Yep, makes sense, proposal updated.

Cheers
Andrea

On Wed, Mar 22, 2023 at 6:31 PM Jody Garnett <jody.garnett@anonymised.com> wrote:

Indeed if you are just intended to back from a regex; then rephrase the javadoc or make the method name more clear than “evaluate”:

/**

  • Provide implementation to evaluate location/URL/URI passed in string form
  • @param location the subject of evaluation
  • @return true if the location is accepted, false otherwise
    */
    boolean evaluate(String location);

“otherwise” above indicates the location would not be accepted.

To clarify intent:

/**

  • Used to confirm location is allowed for use.
  • URLChecker is used to confirm if a location is allowed for use, returning {@true} when they recognize a location as permitted.
  • Several URLChecker instances are expected to be available, as long as one URLChecker can confirm a location it is permitted for use.
  • @param location Location expressed as URL, URI or path.
  • @return {@code true} indicates the URLChecker can confirm the location is allowed for use, {@code false} indicates the URLChecker is unable to confirm.
    */
    boolean confirm(String location);


Jody Garnett

On Wed, Mar 22, 2023 at 10:07 AM Andrea Aime <andrea.aime@anonymised.com> wrote:

Hi Jody,
while the suggestion seems to clarify things, it seems to me it’s making the implementation harder.

With a regular expression based system, how do you distinguish BLOCK and NO_OPINION (imagine we’d have different implementations, one based on regexes for user configured sites, and another one for the well known schema sites, such as schemas.opengis.org and xml.org, or a dynamic one allowing a store to declare that the server it’s talking to is safe).

The idea here is that the URL is now allowed, unless explicitly approved. All that we’re looking for is a “yes”.
The problem with the other state, is that it’s really just “not yes”, without any extra useful semantic attached to it.

Having a state like “BLOCK” would imply the implementation is based on a black list instead (anything but not this one).
Do you have a use case for it?

Cheers
Andrea

On Wed, Mar 22, 2023 at 5:45 PM Jody Garnett <jody.garnett@anonymised.com> wrote:

The URL checker has a yes/no response - but is written as a yes/don’t care - since to access only one URL checker needs to say yes.

To address feedback:

  • Adjust javadoc, or
  • Provide three states: ALLOW, BLOCK, NO_OPINION

My preference is to return an Enum even if just two states are permitted to prevent any confusion.

On Wed, Mar 22, 2023 at 9:15 AM Andrea Aime <andrea.aime@anonymised.com…> wrote:

HI all,
this is a revival of the old GSIP-189, a bit modernized, with a smaller initial scope (that should help us get an implementation going safeguarding some remote access functionality sooner rather than later).

Please review, discuss, vote:
https://github.com/geoserver/geoserver/wiki/GSIP-218

Best regards
Andrea

==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail


GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel


Jody Garnett

Regards,
Andrea Aime

GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

Regards,
Andrea Aime

GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Regards,
Andrea Aime

GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Regards,

Nuno Oliveira

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Nuno Miguel Carvalho Oliveira
@nmcoliveira
Technical Lead / Project Manager

GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272

https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.

There was a good discussion in today’s meeting and I have an action item to take my feedback to the email list.

But first of all +1 this is an excellent addition to the codebase, and a good way to gradually introduce more safety measures to the project with small attainable goals.

And now for the feedback … regex is not an appropriate default for this addition as it is an expert only concept for something that needs to be easy for the default case.
The default case being limiting access to a URL prefix.

Ideas proposed:

  • Writing an example of how to perform the common case in the documentation? I do not think this will be “good enough” as the functionality is too important to trust that documentation will be in reach.
  • Adding an example to a “?” hint may be a bit better; but once again this is too important to trust to docs
  • Making the disk format have a “type” with a default of regex allows the topic to be pushed off until later (sigh)
  • Adding a regex tester to the application alongside the input control is … probably effective but still places this feature at “expert only” level

Some ideas I would find okay:

  1. Adding the default for regex type:
    The field default prompt:[1](http://localhost:8080/geoserver/ows\?(.*)$)
    This would be easy to understand and adapt for users.

  2. Making a “prefix” type that assumes ^ and .*$
    The field default prompt: http://localhost:8080/geoserver/ows?

This would cover the common case with an easy to understand interaction, and regex could be available for expert users.

···


Jody Garnett


  1. http://localhost:8080/geoserver/ows\?(.*)$ ↩︎

And now for the feedback … regex is not an appropriate default for this addition as it is an expert only concept for something that needs to be easy for the default case.

Euh… I disagree with this concept of “expert only”, based on experience. And mind, I’m not in love with regexes, always tells people “ha, you wanted to
solve a problem with regular expressions, now you have two problems!”. But as said, day to day experience setting up GS systems tells me otherwise:

  • SQL View params validation are based on regular expressions (and they are security related, too!).
    We made an effort to have a generic validation interface so that we could implement simpler validators later. It just never happened.
  • GWC parameter filters allow for a variety of filter types, including list of numbers and strings. In practice, what do we use the most? Guess what, regexes, the others are just too rigid to work against viewparams, env, time and elevation. We could have a range based validator, or one that picks from the available times and elevations in the data source, it would be at the same time more robust and easier to configure… but it’s not there, nobody bothered to implement one.
    Are regular expressions actually that hard? It depends… a simple yet robust prefix match regular expression looks like “^prefix.*$”.

Leaning to build basic regexes can be done in less than a hour going through the tutorials at https://regexone.com/
Making sure that a regex does what you meant is not hard either, go to https://regex101.com/ and it will explain to you, e.g.: https://regex101.com/r/5PJIKS/1

Doing advanced regular expressions, e.g. negative or positive lookaheads, is indeed hard, but if one really needs to get there, it means there is no simple substitute for it, or that it’s possible to write code to build a simpler substitute that will work for that specific case only (e…g, range of dates).
If the description of what you need to match is clear, the ChatGPT can build the regex for you, too, e.g.:

image.png

A complex regex for sure, but apparently, a legit one, you can play with it here:
https://regex101.com/r/dp4k0l/1

Some ideas I would find okay:

  1. Adding the default for regex type:
    The field default prompt:[1](http://localhost:8080/geoserver/ows\?(.*)$)
    This would be easy to understand and adapt for users.

Works for me, will do it this way, and point to the tools above from the documentation, for those that want to learn.
I’ll also make sure the XML configuration file does not limit implementations to regexes by having a tag
as the matcher container, so that a one can be added later.

Cheers
Andrea

···

GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail


  1. http://localhost:8080/geoserver/ows\?(.*)$ ↩︎

That sounds like a good solution to me, though I like regexs :slight_smile:

Ian

(attachments)

image.png

···

Ian Turton

I think both SQL View parameters and GWC parameter filters are “expert” features for GeoServer. And indeed because of their fill-in-the-blank nature RegEx is an appropriate tool.

As discussed in the meeting having a “[1](http://localhost:8080/geoserver/ows\?$)” prompt should cover a good portion of the usability challenge.

I am looking forward to how many things ChatGP changes the usability of :slight_smile:

(attachments)

image.png

···


Jody Garnett


  1. http://localhost:8080/geoserver/ows\?$ ↩︎

Here you go, default value for the regex, taking into account the current proxy base to build a usable self-request regex:

image.png

Cheers
Andrea

(attachments)

image.png

···

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail