github-advanced-security[bot] commented on code in PR #63778:
URL: https://github.com/apache/airflow/pull/63778#discussion_r2944452461
##########
dev/breeze/src/airflow_breeze/utils/docker_compose_utils.py:
##########
@@ -73,6 +74,54 @@
return tmp_dir, dot_env_file
+def _get_exposed_ports(tmp_dir: Path) -> list[int]:
+ """Parse docker-compose.yaml to find all host ports that will be bound."""
+ compose_file = tmp_dir / "docker-compose.yaml"
+ if not compose_file.exists():
+ return []
+ try:
+ with open(compose_file) as f:
+ compose_config = yaml.safe_load(f)
+ except yaml.YAMLError:
+ console_print("[warning]Could not parse docker-compose.yaml for port
check; skipping.[/]")
+ return []
+ ports: list[int] = []
+ for service_config in (compose_config.get("services") or {}).values():
+ for port_mapping in service_config.get("ports") or []:
+ # Handle "host_port:container_port" format
+ parts = str(port_mapping).split(":")
+ if len(parts) >= 2:
+ try:
+ ports.append(int(parts[0]))
+ except ValueError:
+ pass
+ return ports
+
+
+def _check_ports_available(tmp_dir: Path) -> bool:
+ """Check if all ports required by docker-compose are available."""
+ ports = sorted(set(_get_exposed_ports(tmp_dir)))
+ if not ports:
+ return True
+ conflicts: list[int] = []
+ for port in ports:
+ try:
+ with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+ sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 0)
+ sock.bind(("0.0.0.0", port))
Review Comment:
## Binding a socket to all network interfaces
'0.0.0.0' binds a socket to all interfaces.
[Show more
details](https://github.com/apache/airflow/security/code-scanning/593)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
