Merge pull request from GHSA-3f48-9j7q-q2gv

bkeryan · web-flow · commit 58979c731c23 · 2023-10-05T10:03:51.000-05:00
* service: Listen on loopback interface and log listener URL

* pyproject.toml: Add dev-dependency on psutil

* Update poetry.lock

* tests: Verify the service listens on the loopback interface
diff --git a/ni_measurementlink_service/_internal/service_manager.py b/ni_measurementlink_service/_internal/service_manager.py
@@ -112,9 +112,11 @@ def start(
                 raise ValueError(
                     f"Unknown interface was provided in the .serviceconfig file: {interface}"
                 )
-        port = str(self.server.add_insecure_port("[::]:0"))
+        host = "[::1]"
+        port = str(self.server.add_insecure_port(f"{host}:0"))
+        address = f"http://{host}:{port}"
         self.server.start()
-        _logger.info("Measurement service hosted on port: %s", port)
+        _logger.info("Measurement service listening on: %s", address)
         self.discovery_client.register_measurement_service(port, service_info, measurement_info)
 
         self.port = port
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -51,6 +51,8 @@ types-protobuf = "^4.21"
 types-pkg-resources = "*"
 types-pywin32 = {version = ">=304", platform = "win32"}
 grpc-stubs = "^1.53"
+psutil = ">=5.9"
+types-psutil = ">=5.9"
 
 [tool.poetry.group.docs]
 optional = true
diff --git a/tests/acceptance/test_security.py b/tests/acceptance/test_security.py
@@ -0,0 +1,31 @@
+from ipaddress import ip_address
+from typing import Generator
+
+import psutil
+import pytest
+
+from ni_measurementlink_service.measurement.service import MeasurementService
+from tests.utilities import loopback_measurement
+from tests.utilities.discovery_service_process import DiscoveryServiceProcess
+
+
+def test___loopback_measurement___listening_on_loopback_interface(
+    measurement_service: MeasurementService,
+):
+    port = int(measurement_service.grpc_service.port)
+
+    listener_ips = [
+        ip_address(conn.laddr.ip)
+        for conn in psutil.Process().connections()
+        if conn.laddr.port == port and conn.status == psutil.CONN_LISTEN
+    ]
+    assert len(listener_ips) >= 1 and all([ip.is_loopback for ip in listener_ips])
+
+
+@pytest.fixture(scope="module")
+def measurement_service(
+    discovery_service_process: DiscoveryServiceProcess,
+) -> Generator[MeasurementService, None, None]:
+    """Test fixture that creates and hosts a measurement service."""
+    with loopback_measurement.measurement_service.host_service() as service:
+        yield service
