From d5b9a708eb51f3229307840e15a4005de447a4e3 Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Mon, 18 Sep 2023 10:12:05 -0700 Subject: [PATCH 1/9] Add readme note for running TabPy unauthenticated. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 9075f07b..5b2034ca 100755 --- a/README.md +++ b/README.md @@ -27,6 +27,10 @@ Consider reading TabPy documentation in the following order: * [Authoring Python calculations in Tableau](docs/TableauConfiguration.md). * [TabPy Tools](docs/tabpy-tools.md) +Important Security Note: + +- By default, TabPy is not configured with username/password authentication. This means that if the TABPY_EVALUATE_ENABLE feature is enabled (which is the default setting), there is the potential that unauthenticated individuals may be able to remotely execute code on the machine that TabPy is running on. We strongly advise against using TabPy without authentication as it poses a significant security risk. To use TabPy with authentication, please see [docs/server-config.md](https://github.com/tableau/TabPy/blob/master/docs/server-config.md#authentication). + Troubleshooting: * [TabPy Wiki](https://github.com/tableau/TabPy/wiki) From 3f8b2547c8e2ff7bb8004e0b0fb2e5298789e92b Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Mon, 18 Sep 2023 10:14:54 -0700 Subject: [PATCH 2/9] Fix markdownlint error. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5b2034ca..b08eb5e6 100755 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Consider reading TabPy documentation in the following order: Important Security Note: -- By default, TabPy is not configured with username/password authentication. This means that if the TABPY_EVALUATE_ENABLE feature is enabled (which is the default setting), there is the potential that unauthenticated individuals may be able to remotely execute code on the machine that TabPy is running on. We strongly advise against using TabPy without authentication as it poses a significant security risk. To use TabPy with authentication, please see [docs/server-config.md](https://github.com/tableau/TabPy/blob/master/docs/server-config.md#authentication). +* By default, TabPy is not configured with username/password authentication. This means that if the TABPY_EVALUATE_ENABLE feature is enabled (which is the default setting), there is the potential that unauthenticated individuals may be able to remotely execute code on the machine that TabPy is running on. We strongly advise against using TabPy without authentication as it poses a significant security risk. To use TabPy with authentication, please see [docs/server-config.md](https://github.com/tableau/TabPy/blob/master/docs/server-config.md#authentication). Troubleshooting: From 3c23b9d0a425ac3a06513f31aafe4eb9e444228a Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Mon, 18 Sep 2023 10:21:25 -0700 Subject: [PATCH 3/9] Fix markdownlint error. --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b08eb5e6..f808dee3 100755 --- a/README.md +++ b/README.md @@ -29,7 +29,14 @@ Consider reading TabPy documentation in the following order: Important Security Note: -* By default, TabPy is not configured with username/password authentication. This means that if the TABPY_EVALUATE_ENABLE feature is enabled (which is the default setting), there is the potential that unauthenticated individuals may be able to remotely execute code on the machine that TabPy is running on. We strongly advise against using TabPy without authentication as it poses a significant security risk. To use TabPy with authentication, please see [docs/server-config.md](https://github.com/tableau/TabPy/blob/master/docs/server-config.md#authentication). +* By default, TabPy is not configured with username/password authentication. +This means that if the TABPY_EVALUATE_ENABLE feature is enabled +(which is the default setting), there is the potential that unauthenticated +individuals may be able to remotely execute code on the machine that TabPy +is running on. We strongly advise against using TabPy without authentication +as it poses a significant security risk. To use TabPy with authentication, +please see +[docs/server-config.md](https://github.com/tableau/TabPy/blob/master/docs/server-config.md#authentication). Troubleshooting: From 03bf902c22a8bbf2f51da96ce869120115dfdf82 Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Mon, 18 Sep 2023 12:55:45 -0700 Subject: [PATCH 4/9] Update Important Security Note on README. --- README.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f808dee3..0ea4d1bf 100755 --- a/README.md +++ b/README.md @@ -29,14 +29,13 @@ Consider reading TabPy documentation in the following order: Important Security Note: -* By default, TabPy is not configured with username/password authentication. -This means that if the TABPY_EVALUATE_ENABLE feature is enabled -(which is the default setting), there is the potential that unauthenticated -individuals may be able to remotely execute code on the machine that TabPy -is running on. We strongly advise against using TabPy without authentication -as it poses a significant security risk. To use TabPy with authentication, -please see -[docs/server-config.md](https://github.com/tableau/TabPy/blob/master/docs/server-config.md#authentication). +* By default, TabPy is configured without username/password authentication. +We strongly advise using TabPy only with authentication enabled. For more information, see +[TabPy Server Configuration Instructions](docs/server-config.md#authentication). +Without authentication in place, if the TABPY_EVALUATE_ENABLE feature is enabled +(as it is by default), there is the possibility that unauthenticated individuals could +remotely execute code on the machine running TabPy. Leaving these two settings in their +default states together is highly discouraged. Troubleshooting: From ecae9967b971b3ca0e289fb9cfe5417e70588443 Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Mon, 18 Sep 2023 12:59:45 -0700 Subject: [PATCH 5/9] Fix markdownlint error. --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0ea4d1bf..2ba81a74 100755 --- a/README.md +++ b/README.md @@ -27,15 +27,17 @@ Consider reading TabPy documentation in the following order: * [Authoring Python calculations in Tableau](docs/TableauConfiguration.md). * [TabPy Tools](docs/tabpy-tools.md) -Important Security Note: +Important security note: * By default, TabPy is configured without username/password authentication. -We strongly advise using TabPy only with authentication enabled. For more information, see +We strongly advise using TabPy only with authentication enabled. For more +information, see [TabPy Server Configuration Instructions](docs/server-config.md#authentication). -Without authentication in place, if the TABPY_EVALUATE_ENABLE feature is enabled -(as it is by default), there is the possibility that unauthenticated individuals could -remotely execute code on the machine running TabPy. Leaving these two settings in their -default states together is highly discouraged. +Without authentication in place, if the TABPY_EVALUATE_ENABLE feature is +enabled (as it is by default), there is the possibility that unauthenticated +individuals could remotely execute code on the machine running TabPy. +Leaving these two settings in their default states together is highly +discouraged. Troubleshooting: From b78ed43a53abd862723a3c79c8d6644720e25288 Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Mon, 18 Sep 2023 13:04:36 -0700 Subject: [PATCH 6/9] Fix markdownlint error. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2ba81a74..3d70d19f 100755 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Important security note: * By default, TabPy is configured without username/password authentication. We strongly advise using TabPy only with authentication enabled. For more -information, see +information, see [TabPy Server Configuration Instructions](docs/server-config.md#authentication). Without authentication in place, if the TABPY_EVALUATE_ENABLE feature is enabled (as it is by default), there is the possibility that unauthenticated From ec938dd6a5aba9f15e78df8ad73dbd12b16f529d Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Mon, 18 Sep 2023 13:08:01 -0700 Subject: [PATCH 7/9] Fix markdownlint error. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3d70d19f..96d301f5 100755 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ Important security note: * By default, TabPy is configured without username/password authentication. We strongly advise using TabPy only with authentication enabled. For more information, see -[TabPy Server Configuration Instructions](docs/server-config.md#authentication). +[TabPy Server Configuration Instructions](docs/server-config.md#authentication). Without authentication in place, if the TABPY_EVALUATE_ENABLE feature is enabled (as it is by default), there is the possibility that unauthenticated individuals could remotely execute code on the machine running TabPy. From 39814cd572ea08cc6b54f97c4f783858c8ba0c79 Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Tue, 19 Sep 2023 05:35:48 -0700 Subject: [PATCH 8/9] Upgrade scrutinizer python. --- .scrutinizer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.scrutinizer.yml b/.scrutinizer.yml index 436b15ea..63e9ab5a 100755 --- a/.scrutinizer.yml +++ b/.scrutinizer.yml @@ -1,6 +1,6 @@ build: environment: - python: 3.7.6 + python: 3.7.16 nodes: coverage: project_setup: From fcbdf678fd88e5763dddf4f16c3744554e381dc7 Mon Sep 17 00:00:00 2001 From: Jake Ichikawa Date: Tue, 19 Sep 2023 05:39:58 -0700 Subject: [PATCH 9/9] Fix scrutinizer. --- .scrutinizer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.scrutinizer.yml b/.scrutinizer.yml index 63e9ab5a..41a3849b 100755 --- a/.scrutinizer.yml +++ b/.scrutinizer.yml @@ -1,6 +1,6 @@ build: environment: - python: 3.7.16 + python: 3.8.10 nodes: coverage: project_setup: