SecurityPolicy#
- class scikitplot.mlflow.SecurityPolicy(allowed_tracking_uri_schemes=frozenset({'file', 'http', 'https', 'sqlite'}), block_cloud_metadata_hosts=True, allow_spawn_server=True, allow_dev_mode=False, allow_disable_security_middleware=False, allow_cors_wildcard=False, blocked_env_key_prefixes=frozenset({'LD_'}), max_env_value_length=65536, max_env_pairs=256, block_path_traversal=True, block_shell_metacharacters_in_args=True, block_header_injection=True)[source]#
Declarative security policy for
scikitplot.mlflowoperations.- Parameters:
- allowed_tracking_uri_schemesfrozenset[str]
URI schemes accepted for tracking / registry URIs. Empty frozenset disables scheme enforcement. Default:
{"http", "https", "file", "sqlite"}.- block_cloud_metadata_hostsbool, default=True
Reject HTTP(S) URIs whose hostname resolves to a cloud metadata endpoint (e.g.,
169.254.169.254). Prevents SSRF attacks.- allow_spawn_serverbool, default=True
Allow spawning a managed MLflow server subprocess. Set False in environments where process spawning is prohibited.
- allow_dev_modebool, default=False
Allow
ServerConfig(dev=True). Dev mode disables production hardening and must not be used in shared environments.- allow_disable_security_middlewarebool, default=False
Allow
ServerConfig(disable_security_middleware=True).- allow_cors_wildcardbool, default=False
Allow
ServerConfig(cors_allowed_origins="*"). Wildcard CORS grants any origin access to the server.- blocked_env_key_prefixesfrozenset[str]
Env key prefixes unconditionally rejected in
extra_env. Default:{"LD_"}blocksLD_PRELOAD,LD_LIBRARY_PATH, etc.- max_env_value_lengthint, default=65536
Maximum byte-length of any single env value (64 KiB).
- max_env_pairsint, default=256
Maximum key-value pairs in
extra_env.- block_path_traversalbool, default=True
Reject paths containing
..traversal components.- block_shell_metacharacters_in_argsbool, default=True
Reject CLI option values containing shell metacharacters.
- block_header_injectionbool, default=True
Reject header-like values containing CR or LF.
- Raises:
- ValueError
If
max_env_value_lengthormax_env_pairsis not positive.- TypeError
If
blocked_env_key_prefixescontains non-string elements.
- Parameters:
See also
DEFAULT_SECURITY_POLICYConservative production-grade preset.
RELAXED_SECURITY_POLICYPermissive preset for trusted local development.
set_security_policyActivate a policy globally.
security_policyActivate a policy for a context block.
- validate_cli_arg_value(value, *, context='cli arg')[source]#
Validate a CLI argument value against shell metacharacter injection.
- Parameters:
- valuestr
CLI argument value to validate.
- contextstr, default=”cli arg”
Label for error messages.
- Returns:
- None
- Raises:
- SecurityPolicyViolationError
If
block_shell_metacharacters_in_args=Trueand value contains shell metacharacters, orblock_header_injection=Trueand value contains CR/LF.
- Parameters:
- Return type:
None
- validate_env_item(key, value, *, context='extra_env')[source]#
Validate a single environment variable key-value pair.
- Parameters:
- keystr
Environment variable name.
- valuestr
Environment variable value.
- contextstr, default=”extra_env”
Label for error messages.
- Returns:
- None
- Raises:
- SecurityPolicyViolationError
If the key matches a blocked prefix, the value exceeds
max_env_value_length, or the value contains CR/LF.
- Parameters:
- Return type:
None
- validate_env_mapping(env, *, context='extra_env')[source]#
Validate an entire environment variable mapping.
- Parameters:
- envMapping[str, str]
Environment variable mapping to validate.
- contextstr, default=”extra_env”
Label for error messages.
- Returns:
- None
- Raises:
- SecurityPolicyViolationError
If the mapping exceeds
max_env_pairsor any item failsvalidate_env_item.
- Parameters:
- Return type:
None
- validate_server_config(cfg, *, context='server config')[source]#
Validate a
ServerConfigunder this policy.- Parameters:
- cfgServerConfig
Server configuration to validate.
- contextstr, default=”server config”
Label for error messages.
- Returns:
- None
- Raises:
- SecurityPolicyViolationError
If any field violates the policy.
- Parameters:
- Return type:
None
Notes
Validated fields:
dev,disable_security_middleware,cors_allowed_origins,allowed_hosts,x_frame_options,gunicorn_opts,uvicorn_opts,waitress_opts,extra_args.
- validate_session_config(cfg, *, context='session config')[source]#
Validate a
SessionConfigunder this policy.- Parameters:
- cfgSessionConfig
Session configuration to validate.
- contextstr, default=”session config”
Label for error messages.
- Returns:
- None
- Raises:
- SecurityPolicyViolationError
If any field violates the policy.
- Parameters:
- Return type:
None
Notes
Validated fields:
tracking_uri,registry_uri,env_file,extra_env.
- validate_tracking_uri(uri, *, context='tracking_uri')[source]#
Validate a tracking or registry URI under this policy.
- Parameters:
- uristr
URI to validate.
- contextstr, default=”tracking_uri”
Label for error messages.
- Returns:
- None
- Raises:
- SecurityPolicyViolationError
If the URI scheme is not allowed, the host is a cloud metadata endpoint, or the URI path contains a traversal sequence.
- Parameters:
- Return type:
None