* fix(system console): allow read-only queries in system console
* fix(security): make transactions strictly read only for console and scripts
* test: remove test to reflect ban on cte's for security
* fix: Only enable read only mode for SQL query
---------
Co-authored-by: Ankush Menat <ankush@frappe.io>
- Add null check for session.data in safe_exec.py
- Add null check for session.data in base_template_page.py
- Prevents AttributeError when session.data is None during maintenance mode
This is middle ground between caching it completely and requiring a
restart/signal to reload vs always reloading it.
I don't know any use cases that can break from this, nowhere in code
configs should be expected to reload instantly.
This change is only applied to requests for now
Frappe Builder uses safe_exec to fetch dynamic data, and there are a few functions in website utilities which would be nice to have on that end, get_html_content_based_on_type especially. I added a few others which seemed useful and safe as well.
* fix: Show server script name in traceback
* chore: typo
Co-authored-by: Sagar Vora <sagar@resilient.tech>
---------
Co-authored-by: Sagar Vora <sagar@resilient.tech>
* feat(safe_exec): allow usage of `print()`
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
* refactor(system_console): update description to mention `print()` instead of `log()`
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
* feat: unconditionally add debug logs to response if present
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
* chore(safe_exec): add in a test for running `print()` within safe_exec
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
* fix(safe_exec): ignore warning
RestrictedPython warns us if we call `print()` don't use their `printed` variable
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
* feat: store debug logs from scheduled jobs
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
* fix: avoid ignoring warnings, disabled in prod anyway
* chore: remove unnecessary logging
This can be moved to level 2 when required
---------
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
Co-authored-by: Ankush Menat <ankush@frappe.io>
These can overvalidate e.g. "Frappe information technology" contains "format".
Restricted python anyways validates these attr access at runtime, so no
need to validate this on code.
- Move the config to bench level and not site level because, server
script "threat model" requires consent from a bench owner and not
individual site.
- While this is a breaking change which people may not like, we believe
it's essential to improve security model of Frappe.
