@PondiB

URGENT ISSUE !!!

In the current implementation, the Process "run_udf" takes an arbitrary string with a user-defined-function. This String isn't checked but rather is directly parsed into an expression by base::parse() and is then directly evaluated with base::eval().

This is a significant safety hazard for the operating system currently running an istance of "openeocubes". With this process ones could not only provide functions as intended by openEO but can also run any R-Code. In the following example i have created an UDF that uses base::system() to execute a shell command by the operating system. With this i was able to create a C-Program and also compile and execute this. This could be an potential entrypoint for Malware and other people with questionable intend (clone a git repo with malware code and execute it).

I recommend implementing some kind of safety, as to restrict the kind of R-functions that could be passed (e.g. forbid the use of system() and other similar functions) or rather remove this functionately entirely, until this issue is resolved.

Example Code:

con = openeo::connect("http://localhost:8000")
openeo::login(user = "user",
              password = "password")
p = openeo::processes()

# just some sample data to retrieve a datacube
xmin = 854523.1986700408
ymin = 6797063.516360302
xmax = 857831.1917130196
ymax = 6799315.301182906

bands = c("B02")

datacube_init1 = p$load_collection(id = "sentinel-s2-l2a-cogs",
                                   spatial_extent = list(west= xmin ,
                                                         south= ymin,
                                                         east= xmax,
                                                         north= ymax),
                                   crs = 3857,
                                   temporal_extent = c("2022-06-01", "2022-06-30"),
                                   bands = bands,
                                   resolution = 30)

  udf = 'function(x){system("cmd /C echo #include ^<stdio.h^> > test.c & echo int main(void){return 10;} >> test.c & gcc -o test.exe test.c & test.exe")
  return(x["B02"])}'


  udf_cube = p$run_udf(data = datacube_init1, udf = udf)

  formats = openeo::list_file_formats()

  result1 = p$save_result(data = udf_cube , format = formats$output$GTiff)

  # save file to local storage
  openeo::compute_result(graph = result1, output_file = "test.tif")

I recommend trying this with a local instance of openeocubes (with startLocal.R) and see the issue for yourself

Hi,

I've run into the following issue partly because of #3. Once the service is set-up locally via docker run -p 8000:8000 brianpondi/openeocubes and one of the scripts from examples is run without a valid call to login the following error comes up:

HTTP 500 Internal Server Error.
• SERVER-ERROR: object 'errors' not found

As indicated by the message I suspect that object errors from https://github.com/PondiB/openeogdalcubes/blob/main/R/error.R#L45 is not resolved properly. However, I couldn't figure out where it is supposed to be initialized? Looking forward to your thoughts on this.

Cheers,
Andrzej

Hi,
when running the sample scripts from examples I've experienced the following error:

Error in login(user = "user", password = "password", login_type = "basic") : 
  unused argument (login_type = "basic")

Removing the argument login_type from the call to login seems to resolve the issue.

Cheers,
Andrzej

If I run

docker run -p 8000:8000  brianpondi/openeocubes

after the image is downloaded a large number of R packages are being installed. Why does the image not come with the R packages pre-installed?

Hello,

I hope you're doing well.

I encountered an error while using openeocubes. Here are the details:

• Environment: Use your instructions for Docker easy installation and client as Python 3.11.5. I am using Jupyter Lab 4.1.1
• Steps to reproduce:

1. import openeo

2. con = openeo.connect("http://0.0.0.0:8000")

3. cube = con.load_stac('https://earth-search.aws.element84.com/v1/collections/sentinel-2-l2a',
   spatial_extent={"west":4.504395,"south":52.170563,"east":5.399780,"north":52.529590},
   temporal_extent=['2022-01-01','2022-12-31'],)

4. cube = cube.filter_bands(['red','nir'])
   print(cube.to_json())

5. from openeo.internal.graph_building import PGNode
   import json

   red = PGNode("array_element", arguments={"data": {"from_parameter": "data"}, "label": "red"})
   nir = PGNode("array_element", arguments={"data": {"from_parameter": "data"}, "label": "nir"})
   ndvi = PGNode("normalized_difference", arguments={"x": {"from_node": nir}, "y": {"from_node": red}})

   cube = cube.reduce_dimension(dimension="bands", reducer=ndvi)
   cube = cube.min_time()
   lin_scale = PGNode("linear_scale_range", arguments={"x": {"from_parameter": "x"}, "inputMin": -1, "inputMax": 1, "outputMax": 255})
   cube = cube.apply(lin_scale)
   cube = cube.save_result(format="GTiff")

6. job = cube.create_job()

• Expected Behaviour: No output, including warnings and errors
• Actual Behaviour: OpenEoApiError: [500] unknown: object 'errors' not found

I've searched for similar issues but couldn't find a resolution.

Thank you for your attention to this matter, and I appreciate your efforts in maintaining this project.

Best regards,

Jay

Hi,

When I try running R-Client-truecolors-newyork.R against a local instance of openeocubes server after ca. 40s of processing time I get the following error messages in the client and on the server, respectively. The other two scripts from examples/ work fine. Any idea what could be the issue? Cheers!

Client:

HTTP 500 Internal Server Error.
• SERVER-ERROR: one or more worker processes failed to compute data cube chunks

Server:

Killed
[ERROR] worker process #1 returned 137