8000 Add file editor limit by ahmed-mgd · Pull Request #4256 · OSC/ondemand · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add file editor limit #4256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 2, 2025
Merged

Add file editor limit #4256

merged 5 commits into from
Apr 2, 2025

Conversation

ahmed-mgd
Copy link
Contributor

Fixes #495

CSC-swesters
CSC-swesters reviewed Mar 27, 2025
View reviewed changes
apps/dashboard/config/configuration_singleton.rb Outdated
# Default for OOD_FILE_EDITOR_MAX is 12*1024*1024 bytes.
# @return [Integer]
def file_editor_max
ENV['OOD_FILE_EDITOR_MAX']&.to_i || 12582912
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could the environment variable mention "SIZE" as well? I feel like "MAX" is a bit unclear. Even if it mirrors the naming scheme of OOD_DOWNLOAD_DIR_MAX, I don't see that as a good reason to repeat previous mistakes.

I.e., I'd suggest OOD_FILE_EDITOR_MAX_SIZE as the name.

12 MiB sounds like a good default!

@johrstrom
Copy link
Contributor

The system test is failing to edit a remote file. I guess because you can't determine a remote file's size through File.size() (because it doesn't exist?)? Maybe you need @path.size? I don't know if RemoteFile responds to this or has that data available.

In any case - here are the logs from the failing test. You go to edit it, then it's redirected back with a 302.

Started GET "/files/edit/alias_remote/foo.txt" for 127.0.0.1 at 2025-03-27 19:48:24 +0000
Processing by FilesController#edit as HTML
  Parameters: {"fs"=>"alias_remote", "path"=>"/", "filepath"=>"foo.txt"}
Redirected to http://127.0.0.1:42795/files/alias_remote//
Completed 302 Found in 64ms (Allocations: 2982)

@robinkar
Copy link
Contributor
robinkar commented Apr 1, 2025

I could probably comment here on the RemoteFile parts as I've contributed those.
A size function is provided by RcloneUtil, so in app/models/remote_file.rb you could do something like

def size
  RcloneUtil.size(remote, path)["bytes"]
end

And for app/models/posix_file.rb you could probably do

delegate :size, to :stat

Then, you should be able to use @path.size in the FilesController as Jeff mentioned.

@ahmed-mgd ahmed-mgd marked this pull request as draft April 1, 2025 18:46
@ahmed-mgd ahmed-mgd marked this pull request as ready for review April 1, 2025 20:40
johrstrom
johrstrom reviewed Apr 1, 2025
View reviewed changes
apps/dashboard/app/controllers/files_controller.rb Outdated
@@ -175,16 +175,13 @@ def edit
parse_path(filepath, fs)
validate_path!

if @path.stat.size > ::Configuration.file_editor_max_size
if !@path.editable?
redirect_back(fallback_location: root_path, alert: "<strong>#{@path}</strong> is not an editable file".html_safe)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try to avoid html_safe. What if the @path is in the allowlist (most centers don't even use it) but it is in fact <script>window.alert('gotcha');</script>.txt with 000 permissions?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went ahead and removed the bolding completely. Probably not a good idea to handle that in the controller in hindsight.

@johrstrom johrstrom merged commit c056b67 into master Apr 2, 2025
22 checks passed
@johrstrom johrstrom deleted the file-edit-limit branch April 2, 2025 13:59
@osc-bot osc-bot mentioned this pull request Apr 2, 2025
Open
johrstrom pushed a commit that referenced this pull request Apr 24, 2025
@ahmed-mgd @johrstrom
Add file editor limit (#4256)
6e59b1c 
Add file size limit for editing both remote and local files.
johrstrom added a commit that referenced this pull request Apr 24, 2025
@johrstrom
Merge pull request #4312 from OSC/bp-file-max
9affb07 
backport Add file editor limit (#4256) to 4.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johrstrom johrstrom johrstrom left review comments

@CSC-swesters CSC-swesters CSC-swesters left review comments

Assignees
No one assigned
Labels
component/dashboard needs doc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add option to limit size of file that can be opened for edit
5 participants
@ahmed-mgd @johrstrom @robinkar @CSC-swesters @osc-bot
0