security: protect /openJupyter endpoint with API key and process control (fixes #361)#409
Merged
pradeeban merged 3 commits intoFeb 19, 2026
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses a critical security vulnerability (Issue #361) in the /openJupyter endpoint, which previously allowed unauthenticated remote code execution. The PR introduces API key authentication, process tracking, and additional security improvements across the codebase.
Changes:
- Added API key authentication to
/openJupyterand new/stopJupyterendpoints - Replaced
print()statements with properloggingacross tools/* files - Removed obsolete
concore2module references throughout the codebase - Added new CLI infrastructure and comprehensive test suite
- Improved input validation and error handling in server endpoints
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| fri/server/main.py | Added API key authentication, process tracking for Jupyter, input validation functions, and improved error handling |
| tests/test_openjupyter_security.py | Comprehensive test suite (9 tests) covering authentication, process control, and error scenarios |
| tools/*.py | Replaced print() with logging.info/debug/error for better production logging |
| tools/pwrap.py, cwrap.py | Changed http:// to https:// for controlcore.org API calls and improved file handling with context managers |
| Various 0mq/*.py files | Removed concore2 module dependencies, consolidated to single concore module |
| New CLI files | Added concore_cli package with commands for init, run, validate, status, stop |
| New test files | Added test infrastructure with conftest.py, test_concore.py, test_graph.py, etc. |
| Dockerfiles | Updated base images and improved security (added checksum validation, cleaned apt cache) |
| contribute.py | Removed hardcoded token, now uses environment variable |
Comments suppressed due to low confidence (2)
fri/server/main.py:10
- Missing import for
secretsmodule which would be needed if implementing constant-time comparison for API key validation. Addimport secretsat the top of the file.
import re
fri/server/main.py:422
- The Windows branch uses
subprocess.runwithcheck=True(line 415), but the non-Windows branch usescheck_outputwhich also raises on non-zero exit but then tries to decode at line 422. This creates inconsistent error handling between platforms. Consider usingsubprocess.runwith consistent error handling for both platforms.
if(platform.uname()[0]=='Windows'):
# Use cmd.exe /c to invoke contribute.bat on Windows
proc = subprocess.run(["cmd.exe", "/c", "contribute.bat", STUDY_NAME, STUDY_NAME_PATH, AUTHOR_NAME, BRANCH_NAME, PR_TITLE, PR_BODY], cwd=concore_path, check=True, capture_output=True, text=True)
output_string = proc.stdout
else:
if len(BRANCH_NAME)==0:
proc = check_output([r"./contribute",STUDY_NAME,STUDY_NAME_PATH,AUTHOR_NAME],cwd=concore_path)
else:
proc = check_output([r"./contribute",STUDY_NAME,STUDY_NAME_PATH,AUTHOR_NAME,BRANCH_NAME,PR_TITLE,PR_BODY],cwd=concore_path)
output_string = proc.decode()
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ecific exceptions, graceful termination
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello @pradeeban Sir
This PR resolves Issue #361, a critical security vulnerability where the /openJupyter endpoint allowed unauthenticated spawning of Jupyter Lab processes.
Previously:
No authentication
No rate limiting
Unlimited process spawning
No process tracking
Full remote code execution exposure
Changes Made
Added API key authentication (X-API-KEY header)
Introduced environment variable CONCORE_API_KEY
Prevented multiple concurrent Jupyter launches
Added process tracking
Suppressed stdout/stderr exposure
Added optional /stopJupyter endpoint for cleanup
Security Impact
Eliminates unauthenticated RCE vector
Prevents resource exhaustion
Restricts access to authorized clients only
Improves process lifecycle control
Scope
Single file modification (fri/server/main.py)
New test file: tests/test_openjupyter_security.py (9 tests)
No changes to concore-lite
No Verilog changes
Minimal architectural impact
Configuration Required
Server must define:
CONCORE_API_KEY=<secure_random_string>Clients must provide:
X-API-KEY headerTesting