Page MenuHomePhabricator
Create Task
Maniphest T371484

using built-in http.client in python implementations does not work
Open, MediumPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

  • the requests module is not available in python implementations
  • using built-in http.client gives the error below

see https://www.wikifunctions.org/view/en/Z18320 for a failing test
implementation in python here: https://www.wikifunctions.org/view/en/Z18327

Relevant code:

# Fetch data from Wikidata
    # Build the URL
    url_path = f"/wiki/Special:EntityData/{entity}.json"
    try:
        # Establish a connection
        conn = http.client.HTTPSConnection("www.wikidata.org")
        conn.request("GET", url_path)
        response = conn.getresponse()

        # Check the status
        if response.status >= 400:
            return f"error: Got >= 400"

        # Read the response data
        data = response.read()
        conn.close()
    except Exception as e:
        return f"error: during request: {e}"

What happens?:

WF outputs this error:

Error type: Error in evaluation
Expected result: { "Z1K1": "Z40", "Z40K1": "Z41" }
Actual result: { "Z1K1": "Z5", "Z5K1": "Z507", "Z5K2": { "Z1K1": { "Z1K1": "Z7", "Z7K1": "Z885", "Z885K1": "Z507" }, "Z507K1": "No module named '_socket'" } }

What should have happened instead?:
Given that _socket is NOT listed here https://rustpython.github.io/pages/whats-left the test should have passed instead of returning an error.

Software version (on Special:Version page; skip for WMF-hosted wikis like Wikipedia):

Other information (browser name/version, screenshots, etc.):

Related Objects

Event Timeline

So9q created this task.Jul 31 2024, 11:51 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 31 2024, 11:51 AM
So9q renamed this task from built-in http.client in python implementations does not work to using built-in http.client in python implementations does not work.Jul 31 2024, 11:53 AM
So9q updated the task description. (Show Details)
So9q updated the task description. (Show Details)Jul 31 2024, 11:55 AM
So9q added a comment.Jul 31 2024, 12:58 PM

Here is a chat with chatgpt where we try to diagnose and work around the issue:
https://chatgpt.com/share/89369c64-2531-485f-bc39-5cae75160cd8
Chatgpt suggested the following:

The error you're encountering, No module named '_socket', indicates that the http.client module, which relies on the _socket module for networking operations, isn't available in the restricted environment of RustPython used by WikiFunctions. RustPython has limitations in terms of available standard library modules, especially those requiring native extensions or low-level system access, like networking libraries.

Given these constraints, we can approach the problem differently. Since we can't use external libraries or networking modules, we can focus on the core logic that would normally handle the JSON response if it were available. This function can't make an HTTP request directly, so it will need to accept the data in a different way, possibly through function parameters or preloaded data.

If it is accurate that WF python implementations cannot make http requests at all currently I have the following suggestions:

So9q added a comment.Jul 31 2024, 1:06 PM

This might be worked around by T282926 being done for this particular test case and implementation.

So9q added subscribers: DVrandecic, Mahir256.Jul 31 2024, 1:27 PM

Thanks to @Mahir256 for linking to https://t.me/Wikifunctions/9592 "Right now your shouldn't be able to make any outside requests. If you are, please let us know immediately." from @DVrandecic

I suggest closing this as wont-fix and reopening once the dev team is ready to handle all implications of outside requests.

So9q mentioned this in T371497: Inform editors when creating/editing Python implementation that libraries like http requests are disabled.Jul 31 2024, 1:33 PM
cmassaro subscribed.EditedJul 31 2024, 3:20 PM

I'd like to add a little more context here.

The unavailability of _sockets is not due to RustPython, but due to WebAssembly. The system interface between Python's sockets and the required syscalls is intentionally not wired up, which manifests in Python as an error when trying to import sockets or call library methods that use it under the hood. Due to our security model, I think we are very unlikely to revisit this decision.

For a possible path forward, I'll copy and expand on what I said on IRC: there is a not-quite-implemented feature (https://phabricator.wikimedia.org/T359566) that will let us make callbacks to the function orchestrator. The orchestrator has far fewer security restrictions, and, at some point, we will probably allow at least some HTTP requests from the orchestrator. Indeed, we already make some requests--but only to MediaWiki, so it's heavily controlled.

But with these two features, Python implementations could (in a roundabout way) make HTTP requests. It's extremely unlikely that we'd ever allow totally unrestricted access, though: one of the fears about this system is that arbitrary HTTP requests could invite abuse.

DVrandecic moved this task from Incoming to Bugs to investigate on the Abstract Wikipedia team (25Q1 (Jul–Sep)) board.Jul 31 2024, 4:54 PM
DVrandecic moved this task from Bugs to investigate to Incoming on the Abstract Wikipedia team (25Q1 (Jul–Sep)) board.
Sharvaniharan edited projects, added Abstract Wikipedia team; removed Abstract Wikipedia team (25Q1 (Jul–Sep)).Jul 31 2024, 4:56 PM
DVrandecic triaged this task as Medium priority.Jul 31 2024, 4:56 PM
DVrandecic edited projects, added Abstract Wikipedia team (25Q1 (Jul–Sep)); removed Abstract Wikipedia team.
DVrandecic moved this task from 25Q1 (Jul–Sep) to No current plans / External on the Abstract Wikipedia team board.
DVrandecic edited projects, added Abstract Wikipedia team; removed Abstract Wikipedia team (25Q1 (Jul–Sep)).
cmassaro added a comment.Jul 31 2024, 11:01 PM

I would be happy to continue this discussion in some venue in order to determine what the need is; if that venue is here, I'm fine with this task remaining open. To be clear, though, this isn't a bug: the system is working as intended.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits