mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-04-25 13:38:19 -05:00
Christian Richter
committed by
Michael Barz
Michael Barz
parent
c4101fa9e2
commit
915baa5b7b
@@ -15,7 +15,7 @@ require (
|
||||
github.com/cenkalti/backoff v2.2.1+incompatible
|
||||
github.com/coreos/go-oidc/v3 v3.10.0
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781
|
||||
github.com/cs3org/reva/v2 v2.20.1-0.20240626105341-178ea2306cde
|
||||
github.com/cs3org/reva/v2 v2.20.1-0.20240703055901-d599d8898158
|
||||
github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
|
||||
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
|
||||
github.com/egirna/icap-client v0.1.1
|
||||
|
||||
@@ -1024,8 +1024,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
|
||||
github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
|
||||
github.com/cs3org/reva/v2 v2.20.1-0.20240626105341-178ea2306cde h1:N9LYCUnWBAxzI8hPymSG2VHN6MBxqCTuwNbaODAuvCk=
|
||||
github.com/cs3org/reva/v2 v2.20.1-0.20240626105341-178ea2306cde/go.mod h1:Rb2XnhpGKnH7k6WBFZlMygbyBxW6ma09Z4Uk+ro0v+A=
|
||||
github.com/cs3org/reva/v2 v2.20.1-0.20240703055901-d599d8898158 h1:FaA/DIEtTvHLzShprZWmNkeLS2t85YlUxrJahMxweFo=
|
||||
github.com/cs3org/reva/v2 v2.20.1-0.20240703055901-d599d8898158/go.mod h1:Rb2XnhpGKnH7k6WBFZlMygbyBxW6ma09Z4Uk+ro0v+A=
|
||||
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
|
||||
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
|
||||
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
|
||||
|
||||
+2
-2
@@ -88,14 +88,14 @@ func (s *svc) handlePathCopy(w http.ResponseWriter, r *http.Request, ns string)
|
||||
return
|
||||
}
|
||||
|
||||
if err := ValidateName(path.Base(src), s.nameValidators); err != nil {
|
||||
if err := ValidateName(filename(src), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, "source failed naming rules", "")
|
||||
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
|
||||
return
|
||||
}
|
||||
|
||||
if err := ValidateName(path.Base(dst), s.nameValidators); err != nil {
|
||||
if err := ValidateDestination(filename(dst), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, "destination failed naming rules", "")
|
||||
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
|
||||
|
||||
+2
-2
@@ -39,10 +39,10 @@ func (s *svc) handlePathMkcol(w http.ResponseWriter, r *http.Request, ns string)
|
||||
ctx, span := appctx.GetTracerProvider(r.Context()).Tracer(tracerName).Start(r.Context(), "mkcol")
|
||||
defer span.End()
|
||||
|
||||
fn := path.Join(ns, r.URL.Path)
|
||||
if err := ValidateName(path.Base(fn), s.nameValidators); err != nil {
|
||||
if err := ValidateName(filename(r.URL.Path), s.nameValidators); err != nil {
|
||||
return http.StatusBadRequest, err
|
||||
}
|
||||
fn := path.Join(ns, r.URL.Path)
|
||||
sublog := appctx.GetLogger(ctx).With().Str("path", fn).Logger()
|
||||
|
||||
client, err := s.gatewaySelector.Next()
|
||||
|
||||
+2
-2
@@ -60,14 +60,14 @@ func (s *svc) handlePathMove(w http.ResponseWriter, r *http.Request, ns string)
|
||||
return
|
||||
}
|
||||
|
||||
if err := ValidateName(path.Base(srcPath), s.nameValidators); err != nil {
|
||||
if err := ValidateName(filename(srcPath), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, "source failed naming rules", "")
|
||||
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
|
||||
return
|
||||
}
|
||||
|
||||
if err := ValidateName(path.Base(dstPath), s.nameValidators); err != nil {
|
||||
if err := ValidateDestination(filename(dstPath), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, "destination naming rules", "")
|
||||
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
|
||||
|
||||
+5
@@ -394,3 +394,8 @@ func (s *svc) referenceIsChildOf(ctx context.Context, selector pool.Selectable[g
|
||||
pp := path.Join(parentPathRes.Path, parent.Path) + "/"
|
||||
return strings.HasPrefix(cp, pp), nil
|
||||
}
|
||||
|
||||
// filename returns the base filename from a path and replaces any slashes with an empty string
|
||||
func filename(p string) string {
|
||||
return strings.Trim(path.Base(p), "/")
|
||||
}
|
||||
|
||||
+17
-10
@@ -113,8 +113,15 @@ func (s *svc) handlePathPut(w http.ResponseWriter, r *http.Request, ns string) {
|
||||
defer span.End()
|
||||
|
||||
fn := path.Join(ns, r.URL.Path)
|
||||
|
||||
sublog := appctx.GetLogger(ctx).With().Str("path", fn).Logger()
|
||||
|
||||
if err := ValidateName(filename(r.URL.Path), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, err.Error(), "")
|
||||
errors.HandleWebdavError(&sublog, w, b, err)
|
||||
return
|
||||
}
|
||||
|
||||
space, status, err := spacelookup.LookUpStorageSpaceForPath(ctx, s.gatewaySelector, fn)
|
||||
if err != nil {
|
||||
sublog.Error().Err(err).Str("path", fn).Msg("failed to look up storage space")
|
||||
@@ -135,20 +142,13 @@ func (s *svc) handlePut(ctx context.Context, w http.ResponseWriter, r *http.Requ
|
||||
return
|
||||
}
|
||||
|
||||
length, err := getContentLength(w, r)
|
||||
length, err := getContentLength(r)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("error getting the content length")
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
if err := ValidateName(filepath.Base(ref.Path), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, err.Error(), "")
|
||||
errors.HandleWebdavError(&log, w, b, err)
|
||||
return
|
||||
}
|
||||
|
||||
client, err := s.gatewaySelector.Next()
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("error selecting next gateway client")
|
||||
@@ -411,6 +411,13 @@ func (s *svc) handleSpacesPut(w http.ResponseWriter, r *http.Request, spaceID st
|
||||
return
|
||||
}
|
||||
|
||||
if err := ValidateName(filename(ref.Path), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, err.Error(), "")
|
||||
errors.HandleWebdavError(&sublog, w, b, err)
|
||||
return
|
||||
}
|
||||
|
||||
s.handlePut(ctx, w, r, &ref, sublog)
|
||||
}
|
||||
|
||||
@@ -432,7 +439,7 @@ func checkPreconditions(w http.ResponseWriter, r *http.Request, log zerolog.Logg
|
||||
return true
|
||||
}
|
||||
|
||||
func getContentLength(w http.ResponseWriter, r *http.Request) (int64, error) {
|
||||
func getContentLength(r *http.Request) (int64, error) {
|
||||
length, err := strconv.ParseInt(r.Header.Get(net.HeaderContentLength), 10, 64)
|
||||
if err != nil {
|
||||
// Fallback to Upload-Length
|
||||
|
||||
+11
-17
@@ -58,21 +58,15 @@ func (s *svc) handlePathTusPost(w http.ResponseWriter, r *http.Request, ns strin
|
||||
|
||||
// read filename from metadata
|
||||
meta := tusd.ParseMetadataHeader(r.Header.Get(net.HeaderUploadMetadata))
|
||||
if err := ValidateName(path.Base(meta["filename"]), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusPreconditionFailed)
|
||||
return
|
||||
}
|
||||
|
||||
// append filename to current dir
|
||||
fn := path.Join(ns, r.URL.Path, meta["filename"])
|
||||
|
||||
sublog := appctx.GetLogger(ctx).With().Str("path", fn).Logger()
|
||||
// check tus headers?
|
||||
|
||||
ref := &provider.Reference{
|
||||
// FIXME ResourceId?
|
||||
Path: fn,
|
||||
// a path based request has no resource id, so we can only provide a path. The gateway has te figure out which provider is responsible
|
||||
Path: path.Join(ns, r.URL.Path, meta["filename"]),
|
||||
}
|
||||
|
||||
sublog := appctx.GetLogger(ctx).With().Str("path", r.URL.Path).Str("filename", meta["filename"]).Logger()
|
||||
|
||||
s.handleTusPost(ctx, w, r, meta, ref, sublog)
|
||||
}
|
||||
|
||||
@@ -82,12 +76,6 @@ func (s *svc) handleSpacesTusPost(w http.ResponseWriter, r *http.Request, spaceI
|
||||
|
||||
// read filename from metadata
|
||||
meta := tusd.ParseMetadataHeader(r.Header.Get(net.HeaderUploadMetadata))
|
||||
if err := ValidateName(path.Base(meta["filename"]), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusPreconditionFailed)
|
||||
return
|
||||
}
|
||||
|
||||
sublog := appctx.GetLogger(ctx).With().Str("spaceid", spaceID).Str("path", r.URL.Path).Logger()
|
||||
|
||||
ref, err := spacelookup.MakeStorageSpaceReference(spaceID, path.Join(r.URL.Path, meta["filename"]))
|
||||
if err != nil {
|
||||
@@ -95,6 +83,8 @@ func (s *svc) handleSpacesTusPost(w http.ResponseWriter, r *http.Request, spaceI
|
||||
return
|
||||
}
|
||||
|
||||
sublog := appctx.GetLogger(ctx).With().Str("spaceid", spaceID).Str("path", r.URL.Path).Str("filename", meta["filename"]).Logger()
|
||||
|
||||
s.handleTusPost(ctx, w, r, meta, &ref, sublog)
|
||||
}
|
||||
|
||||
@@ -116,6 +106,10 @@ func (s *svc) handleTusPost(ctx context.Context, w http.ResponseWriter, r *http.
|
||||
w.WriteHeader(http.StatusPreconditionFailed)
|
||||
return
|
||||
}
|
||||
if err := ValidateName(filename(meta["filename"]), s.nameValidators); err != nil {
|
||||
w.WriteHeader(http.StatusPreconditionFailed)
|
||||
return
|
||||
}
|
||||
|
||||
// Test if the target is a secret filedrop
|
||||
var isSecretFileDrop bool
|
||||
|
||||
Generated
Vendored
+14
@@ -27,6 +27,11 @@ func ValidatorsFromConfig(c *config.Config) []Validator {
|
||||
|
||||
// ValidateName will validate a file or folder name, returning an error when it is not accepted
|
||||
func ValidateName(name string, validators []Validator) error {
|
||||
return ValidateDestination(name, append(validators, notReserved()))
|
||||
}
|
||||
|
||||
// ValidateDestination will validate a file or folder destination name (which can be . or ..), returning an error when it is not accepted
|
||||
func ValidateDestination(name string, validators []Validator) error {
|
||||
for _, v := range validators {
|
||||
if err := v(name); err != nil {
|
||||
return fmt.Errorf("name validation failed: %w", err)
|
||||
@@ -35,6 +40,15 @@ func ValidateName(name string, validators []Validator) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func notReserved() Validator {
|
||||
return func(s string) error {
|
||||
if s == ".." || s == "." {
|
||||
return errors.New(". and .. are reserved names")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func notEmpty() Validator {
|
||||
return func(s string) error {
|
||||
if strings.TrimSpace(s) == "" {
|
||||
|
||||
Vendored
+1
-1
@@ -366,7 +366,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/types/v1beta1
|
||||
# github.com/cs3org/reva/v2 v2.20.1-0.20240626105341-178ea2306cde
|
||||
# github.com/cs3org/reva/v2 v2.20.1-0.20240703055901-d599d8898158
|
||||
## explicit; go 1.21
|
||||
github.com/cs3org/reva/v2/cmd/revad/internal/grace
|
||||
github.com/cs3org/reva/v2/cmd/revad/runtime
|
||||
|
||||
Reference in New Issue
Block a user