Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read permissions of entities within flex-model or flex-context #904

Open
victorgarcia98 opened this issue Nov 20, 2023 · 2 comments
Open

Read permissions of entities within flex-model or flex-context #904

victorgarcia98 opened this issue Nov 20, 2023 · 2 comments
Assignees
@nhoening
Labels
Auth security
Projects
Multi-storage scheduling
Milestone
0.21.0

Comments

@victorgarcia98
Copy link
Contributor

Currently, the API forbid users to use a storage power sensor that doesn't belong to them. Nonetheless, we are not checking that the entities within the flex-context and flex-model are readable by the user.

This fact could be used in a malicious way:

I think someone could exploit this fact to leak data, specially, inflexible device power. I would follow these steps:

  1. Create a battery that is own by the "attacker" with an very large capacity with initial SOC = 100%
  2. Set a site capacity constraint of 0 which forces the battery to supply the same energy to the inflexible device.
  3. Set an efficiency to 1, constant price and prefer_charge_sooner = False
  4. Add the target device as an inflexible device
  5. Run a storage scheduler

This would make the battery track the power of the inflexible device and would get the data from any sensor.

Adapted from #897 (comment)

I suggest to create a utility function that checks if a user has the right access the data that is being used.
@victorgarcia98 victorgarcia98 mentioned this issue Nov 20, 2023
Merged
5 tasks
@nhoening
Copy link
Contributor

I recommend to use flexmeasures.auth.policy.check_access(), which is also the central call in @permission_required_for_context.

As to the best place to use this, maybe an extra decorator:

@permission_required_for_context("create-children", ctx_arg_name="sensor")
@check_read_permission_in_flex_model_and_context()
def trigger_schedule(

which checks if the args have a "flex-model" or "flex-context", and then checks_access for each sensor we know can be in there, for the current_user and the "read" permission.

@nhoening
Copy link
Contributor

tagging @GustaafL

@Flix6x Flix6x added this to the 0.19.0 milestone Dec 18, 2023
@Flix6x Flix6x added this to To do in Multi-storage scheduling via automation Dec 18, 2023
@Flix6x Flix6x added the Auth label Feb 15, 2024
@nhoening nhoening modified the milestones: 0.19.0, 0.20 Feb 18, 2024
@Flix6x Flix6x modified the milestones: 0.20.0, 0.21.0 Apr 8, 2024
@Flix6x Flix6x assigned nhoening and unassigned GustaafL Apr 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nhoening nhoening

Labels
Auth security
Projects
Multi-storage scheduling
To do
Milestone
0.21.0
Development

No branches or pull requests
4 participants
@nhoening @Flix6x @GustaafL @victorgarcia98