Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CT-2937] [Feature] Optional config / flag to disallow paths outside current working directory #8318

Closed
3 tasks done
Tracked by #8600
jtcohen6 opened this issue Aug 4, 2023 · 2 comments · Fixed by #8469
Closed
3 tasks done
Tracked by #8600

[CT-2937] [Feature] Optional config / flag to disallow paths outside current working directory #8318

jtcohen6 opened this issue Aug 4, 2023 · 2 comments · Fixed by #8469
Assignees
@aranke
Labels
cli enhancement New feature or request Impact: CLI security

Comments

@jtcohen6
Copy link
Contributor

jtcohen6 commented Aug 4, 2023
edited
Loading

Is this your first time submitting a feature request?

  • I have read the expectations for open source contributors
  • I have searched the existing issues, and I could not find an existing issue for this feature
  • I am requesting a straightforward extension of existing dbt functionality, rather than a Big Idea better suited to a discussion

Describe the feature

Prevent dbt-core from deleting/overwriting files outside the relative project directory. For example:

clean-targets: ["../.."]

This is most relevant for clean-targets (where dbt deletes files), but I think we would also want to prevent it for target-paths (where dbt overwrites files).

We could either:

  • raise an error during project config resolution (user-friendlier, my preference)
  • silently ignore any paths outside the relative directory

Describe alternatives you've considered

Not making this configurable behavior, but simply disallowing it for everyone always. I can't think of a legitimate use case for doing this, but you never know

Who will this benefit?

  • Safely deploying dbt-core in dbt Cloud / runtime environments
  • Anyone who accidentally fat-fingers an extra / into their clean-targets, and doesn't like the idea of rimraffing their file system

Are you interested in contributing this feature?

No response

Anything else?

Jira ticket for context: https://dbtlabs.atlassian.net/browse/CLI-118
@jtcohen6 jtcohen6 added the enhancement New feature or request label Aug 4, 2023
@github-actions github-actions bot changed the title [Feature] Optional config / flag to disallow paths outside current working directory [CT-2937] [Feature] Optional config / flag to disallow paths outside current working directory Aug 4, 2023
@graciegoheen
Copy link
Contributor

From estimation meeting: mostly a concern for writing and deleting

@jtcohen6 jtcohen6 added the cli label Aug 14, 2023
@graciegoheen
Copy link
Contributor

From estimation meeting: probably best to throw an error instead of failing silently

@jtcohen6 jtcohen6 mentioned this issue Sep 8, 2023
Closed
@aranke aranke mentioned this issue Sep 12, 2023
Merged
4 tasks
@edgarrmondragon edgarrmondragon mentioned this issue Nov 7, 2023
Open
@dbeatty10 dbeatty10 mentioned this issue Nov 15, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aranke aranke

Labels
cli enhancement New feature or request Impact: CLI security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disallow cleaning paths outside current working directory dbt-labs/dbt-core
4 participants
@jtcohen6 @aranke @graciegoheen @martynydbt