jupyterhub / nbgitpuller

Jupyter server extension to sync a git repository one-way to a local path
https://nbgitpuller.readthedocs.io
BSD 3-Clause "New" or "Revised" License
212 stars 86 forks source link

Configuration to hide the terminal from displaying when pulling a repo #352

Open danetrata opened 5 months ago

danetrata commented 5 months ago

Hi,

We are currently utilizing your extension to facilitate the sharing of notebooks across different user instances. Occasionally, when a pull operation encounters an error, it triggers the display of a terminal window showing the failure details. Given that the output consists of raw Python logs, we have a security concern regarding the potential exposure of sensitive system information.

Proposed Change

To address this issue, we propose the implementation of a feature that disables the terminal from appearing upon encountering an error. This enhancement would significantly mitigate the risk of inadvertently leaking system information through the log output.

Alternative Options

As an alternative to displaying the terminal, we suggest returning a user-friendly error message that succinctly conveys the nature of the error without exposing raw log data. This approach would maintain user awareness of issues while preserving system security.

Who Would Use This Feature?

This feature would be beneficial to any user or organization that prioritizes the security of their system information. By hiding raw log output, users can avoid the risk of exposing sensitive data, making this feature particularly valuable for environments with strict security requirements.

(Optional): Suggest a Solution

We recommend making this feature configurable, allowing users to enable or disable the display of the terminal based on their preferences. Specifically, the terminal is invoked in two locations within the codebase. Implementing a logic check to determine whether the terminal should be displayed would provide the desired flexibility and control. This configurable option would ensure that users can tailor the behavior of the extension to suit their security needs.

manics commented 5 months ago

Can you provide some examples of the sensitive information you're worried about? nbgitpuller runs as the same user as the rest of JupyterLab/notebook, and all nbgitpuller parameters are passed in the URL, so the user already has access to all information that's displayed in the terminal.