[pgrouting-dev] GSoC 2022 Week 7 Report : Add Google Or tools functionality to pgrouting

Regina Obe lr at pcorp.us
Sun Aug 7 11:56:03 PDT 2022 

I concur with Imre Samu.  Most systems do not have plpythonu installed, and adding that extra dependency to test pgRouting would not be acceptable.  So it has to be an optional dependency if it is one at all.

 

If it is required for your testing then just don’t run the tests that require it if plpython3u is not installed.

 

Reasons why plpython3u might not want to be installed:

 

1) Is a untrusted language so could allow damage to the operating system if used in the wrong hands.

e.g. one could overwrite the operating system completely with such a function.  Far beyond mere SQL injection.

 

2) Has an extra dependency on python3 (and a specific minor), which is sometimes difficult to get the right version or configuration especially on older systems.  On a system heavily using python3, it might not even be the right version that plpython3u was compiled with.

 

As a windows packager, I do not install plpython3u as it’s too messy, requires downloading extra stuff setting certain env variables etc. I still need to be able to test pgRouting proper before packaging for windows users.

 

From: pgrouting-dev [mailto:pgrouting-dev-bounces at lists.osgeo.org] On Behalf Of Manas Sivakumar
Sent: Sunday, August 7, 2022 1:46 PM
To: pgRouting developers mailing list <pgrouting-dev at lists.osgeo.org>
Subject: Re: [pgrouting-dev] GSoC 2022 Week 7 Report : Add Google Or tools functionality to pgrouting

 

I'm extremely sorry for the late reply. I don't use this mail id frequently. For now, I made install plpython3u as a dependency (I wasn't aware of your concern). I'll see if there is a way to make it optional because the functions that I have written right now need the plpython3u extension for testing. May I know how exactly the plpythonu extension is dangerous in your case? I mean the users can create their own function and run it, this might be a problem as it makes us susceptible to SQL injection attacks of sorts. Do you have any ideas/suggestions on how I could achieve this?

 

Regards

 

On Mon, Aug 1, 2022 at 2:00 AM Imre Samu <pella.samu at gmail.com <mailto:pella.samu at gmail.com> > wrote:

Hi Manas, 

 

Thank you for working on this topic.

 

> figure out how to add python ortools to pgrouting requirements

 

I don't know all the details, so apologies if my comment is too early or already known.

 

if it can be done, it would be ideal for me ( as a user )  if the plpython3u system requirement was optional and not mandatory.

Now the plpythonu is an “untrusted” language[1] 

  and is not allowed to be installed in many places;  ( ~ strict security policy ) 

 

[1] https://www.postgresql.org/docs/14/plpython.html 

"The writer of a function in untrusted PL/Python must take care that the function cannot be used to do anything unwanted, since it will be able to do anything that could be done by a user logged in as the database administrator.  Only superusers can create functions in untrusted languages such as plpythonu."   

 

Regards,

 Imre

 

 

Manas Sivakumar <callmehero350 at gmail.com <mailto:callmehero350 at gmail.com> > ezt írta (időpont: 2022. júl. 31., V, 21:09):

Hello Everyone,

This is my week 7 report of the official coding period July 25th - July 31th.

This also marks my first report for the second coding period.

 

What have I done this week?

*         Implemented multiple_knapsack in PL/Python

*         Implemented bin_packing in PL/Python

*         Converted knapsack from c++ to PL/Python

What do I plan to do next week?

*         figure out how to add python ortools to pgrouting requirements

Am I blocked on anything?

*         No

Any feedback, comments and suggestions are welcome.

Pull Request : https://github.com/pgRouting/GSoC-pgRouting/pull/241

 

_______________________________________________
pgrouting-dev mailing list
pgrouting-dev at lists.osgeo.org <mailto:pgrouting-dev at lists.osgeo.org> 
https://lists.osgeo.org/mailman/listinfo/pgrouting-dev

_______________________________________________
pgrouting-dev mailing list
pgrouting-dev at lists.osgeo.org <mailto:pgrouting-dev at lists.osgeo.org> 
https://lists.osgeo.org/mailman/listinfo/pgrouting-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/pgrouting-dev/attachments/20220807/55c2bbd2/attachment-0001.htm>

More information about the pgrouting-dev mailing list