&`iA &dZddlZddlZddlZddlmZmZddlZddlZddl m Z m Z ddl m Z ddlmZddlmZddlZdeefd Zd ed eedeeeeeffd Zd edeeeeeffd Zd edeeeeeeeefffdZejejdddddejddedde edZdS)zA CLI utility for check open ports in the Ray cluster. See https://www.anyscale.com/blog/update-on-ray-cve-2023-48022-new-verification-tooling-available # noqa: E501 for more details. N)ListTuple)add_click_logging_options cli_logger) RAY_PROCESSES) PublicAPI)NodeAffinitySchedulingStrategyreturnclt}g}tjddgD]T} ||||f@#tj$rYQwxYwtD]\}}|D]}|\}}}|r|ntj |}||vrw | D]6} | j tj kr| | jj7q#tj$rt#jd|YwxYwt'|S)NnamecmdlinezSAccess denied to process connections for process, worker process probably restarted)setpsutil process_iterappendr r Errorr subprocess list2cmdline connectionsstatus CONN_LISTENaddladdrport AccessDeniedrinfosorted) unique_ports process_infosprockeyword filter_by_cmd candidateproc_cmd proc_argscorpus connections m/home/jaya/work/projects/VOICE-AGENT/VIET/agent-env/lib/python3.11/site-packages/ray/util/check_open_ports.py_get_ray_portsr)s55LM#VY$788   $ T\\^^!D E E E E|    D #0&  I(1 %D(I!.VXXJ4KI4V4VF&   &*&6&6&8&8DD %,0BBB(,,Z-=-BCCCD*O= !  ,  s$.checkXs5kBBBBrDc.g|]}|d |dS)AliveNodeID).0nodes r( z&_check_ray_cluster..\s%LLLtd7mLDNLLLrDz Cluster has z= node(s). Scheduling tasks on each to check for exposed portsc i|]<}|t|d|=S)F)rLsoft)scheduling_strategy)optionsr remote)rRrLrMr*s r( z&_check_ray_cluster..bsi      MM$B#%%%%   fWk**   rDzFailed to check on node z: ) rayinitrYnodesrrlenitemsrr? Exception)r* ray_node_idsper_node_tasksresultsrL per_node_taskerMs` @r(_check_ray_clusterrfSshH&&&&ZCCCMLsy{{LLLLO ?s<(( ? ? ?     $   NG"0"6"6"8"8GG G NN37=11 2 2 2 2 G G G OEwEE!EE F F F F F F F F G Ns#'C  C9C44C9z--yesz-yTFzDon't ask for confirmation.)is_flagdefaulthelpz --service-urlz>https://ray-open-port-checker.uc.r.appspot.com/open-port-checkz@The url of service that checks whether submitted ports are open.)requiredtyperhrictj|ddstjddSt|}g}|D]W\}\}}|r3tjd|d|||||f=tjd|d|Xtjd |r(tjd dStjd dS) z*Check open ports in the local Ray cluster.z_Do you want to check the local Ray cluster for any nodes with ports accessible to the internet?T)yesmsg_defaultz&Exiting without checking as instructedNu&[🛑] open ports detected open_ports=z node=u,[🟢] No open ports detected checked_ports=zCheck complete, results:u [🛑] An server on the internet was able to open a connection to one of this Ray cluster's public IP on one of Ray's internal ports. If this is not a false positive, this is an extremely unsafe configuration for Ray to be running in. Ray is not meant to be exposed to untrusted clients and will allow them to run arbitrary code on your machine. You should take immediate action to validate this result and if confirmed shut down your Ray cluster immediately and take appropriate action to remediate its exposure. Anything either running on this Ray cluster or that this cluster has had access to could be at risk. For guidance on how to operate Ray safely, please review [Ray's security documentation](https://docs.ray.io/en/latest/ray-security/index.html). u0[🟢] No open ports detected from any Ray nodes)rconfirmrrfrstrip)rmr*cluster_open_ports public_nodesrLr4r5s r(check_open_portsrtws_    D      @AAA+K88L0B  ,,*m   OXXXWXX      *m D E E E E OD!.DD8?DD     O.///L  EGG     $ JKKKKKrD)__doc__r9rr6typingrrclickr["ray.autoscaler._private.cli_loggerrr!ray.autoscaler._private.constantsrray.util.annotationsrray.util.scheduling_strategiesr rintr)strrCrGrfcommandoptionrtrQrDr(rs9    TTTTTTTT;;;;;;******IIIIII  S     :..!#Y. 49d3i  ....4NN 49d3i  NNNN !! %U49d3i/00 12!!!!H  T45R  L K  1L1L 1L1L1LrD