search

AI-Planning / planning-as-a-service

The newly improved planner (and more) in the cloud.
Apache License 2.0
30 stars 7 forks source link

Don't show docs for packages not installed/runnable #37

Open jan-dolejsi opened 2 years ago

jan-dolejsi commented 2 years ago

The kstar solver is not included in the package list? One can access it this way: http://45.113.232.43:5001/docs/kstar ... but it does not look like it is in the http://45.113.232.43:5001/package. Because it does not have the package_name field populated?

haz commented 2 years ago

Aha! This is a bug on the docs side, and not the package listing. kstar is not officially deployed. What's "official" is defined by...

https://github.com/AI-Planning/planning-as-a-service/blob/main/server/Dockerfile

You can access any of the manifests in the planutils library through the docs. E.g., even tarski library (which definitely does not have an endpoint).

Changing the title of the issues to reflect its true nature.

jan-dolejsi commented 2 years ago

Oh, I see. If the /docs interface is capable of showing files on the disk (rather than just registered and white-listed locations as per the Dockerfile), it may be exploited by a hack.

haz commented 2 years ago

Ya, it's not wide open on the file system, but rather a bug with which packages it pulls from. It should be checked if it's installed before returning.