-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix(Webserver) #6225 Added check in file creation path for _flows* #6228
base: develop
Are you sure you want to change the base?
Fix(Webserver) #6225 Added check in file creation path for _flows* #6228
Conversation
Hi, It needs a test inside the existing NamespaceFileController test. I also wonder if we should not do the same check in the UI to warn the user before he try to save the file. This is best practice, we usually duplicate this kind of checks in the UI and in the backend. |
Hi, I would be happy to write the test case but I am not able to run them on my local so hence wasnt able to do it: I am getting the following error when running NamespaceFileControllerTest on local inside Intellij:
Is there something I am doing wrong? |
No, I'm not sure why you have this issue, you can start a discussion on our Slack on the contributors channels so we can help troubleshoot this test run issue. |
I have tried posting the error on slack but to no avail, I have written the test cases but I am not able to run it due to the above error. It seems to be happening for all controller test classes. |
I have pushed my test case as requested |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM however I want to discuss if we should not switch to startWith and duplicate the check in the UI internally before merging it.
Hello ! Makes sense to use startsWith, just mind about the leading "/" of namespace files :) |
I have done some analysis, The difference in using startsWith from regex is that you will be able to create subfolders with the keyword _flows using startsWith. eg: /abc/_flows is a valid path. The same applies to files. eg /abc/_flows.txt is a valid file. The previous regex logic would stop it. I have made the changes on my local and tested them out. |
…tory and file creation check
The Junit tests have passed, something else has caused the build to fail |
Hi, Any update on this? |
…rs-to-be-created-with-_flows-name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do the following changes and we're good
webserver/src/main/java/io/kestra/webserver/controllers/api/NamespaceFileController.java
Outdated
Show resolved
Hide resolved
webserver/src/main/java/io/kestra/webserver/controllers/api/NamespaceFileController.java
Outdated
Show resolved
Hide resolved
webserver/src/main/java/io/kestra/webserver/controllers/api/NamespaceFileController.java
Outdated
Show resolved
Hide resolved
webserver/src/test/java/io/kestra/webserver/controllers/api/NamespaceFileControllerTest.java
Outdated
Show resolved
Hide resolved
webserver/src/test/java/io/kestra/webserver/controllers/api/NamespaceFileControllerTest.java
Outdated
Show resolved
Hide resolved
…ed-with-_flows-name' of https://github.com/coderkill/kestra into bugfix/6225-Kestra-allows-Files-and-Folders-to-be-created-with-_flows-name
…rs-to-be-created-with-_flows-name
@brian-mulier-p I have made the changes. Please review |
After further looks I'm not sure we want to do that. The previous implementation allowed to provide multiple forbidden patterns which may be a desirable thing, now you're hardcoding every forbidden paths logic. Looking at the original issue, I'm not sure it's a true issue, as said in comment we just want to reserve the Sorry btw I didn't spot that you removed the whole multi-pattern check this morning |
The main issue was that it allowed the creation of files with name _flows which is reserved. The previous logic (the regex logic) didn’t allow entry (can’t open) into _flows* directories but allowed the user to create the directories. So I assumed that logic was intentional and built it on that. |
Ideally, any _flows{somethingMore} directory is accessible, _flows is not. |
@brian-mulier-p I agree, the above logic is inline with what you have mentioned. It doesn’t allow the creation of file named _flows and it allows directories with name _flows*(including entering it). I will provide the screenshots as well after which we can confirm and merge. |
Do have a look at the above screenshots. I have outlined what the user sees when trying to create folders and files when using reserved keywords |
It looks correct except we should remove the error message part where there is "To import flow..." because it only makes sense for the import process. My bad again I didn't see it was wider than just the import so it can just be rolled back. Still as said it would be great to keep the regex pattern thing because it will allow to extend the forbidden paths later on |
@brian-mulier-p I had previously kept the regex change which makes _flows* as forbidden path. (That means no folder or file will be able created with that regex and any folder with that regex will not be inaccessible like _flows). Do you want me to revert my change? |
Regex should be adapted to work for all the cases I described above |
I suggest putting all the tests I said above and then put back the regex and adapt it so that it covers everything |
private final List forbiddenPathPatterns = List.of( This is the regex previously for forbidden path So I am a little confused as to what needs to be done. Can you please rehighlight what needs to be done so that I can work on it. |
The putNamespaceFiles should be left unchanged imo. This should prevent any access to the flow folder itself or any file in it. |
I am assuming when you say "putNamespaceFiles should be left unchanged", do you mean of my latest changes? When it comes to the forbiddenPathsGuard, My latest change will not allow opening of _flows directory, Which your regex is also doing, If you want me to use regex instead of startsWith then I can do that. but the behavior will be same as my latest code change. |
As said we should keep the regex implementation as it's a list of patterns instead of an hardcoded single if, I like the ability to extend in a simple way which paths we want to forbid in the future. |
You can just add something for that |
Noted, making changes |
…rs-to-be-created-with-_flows-name
@brian-mulier-p Any update? Do you have any other suggestions? |
Brian is going to be off for the next few weeks. @loicmathieu can do the review here, but first, you need to sort the conflict you're having in |
…gfix/6225-Kestra-allows-Files-and-Folders-to-be-created-with-_flows-name # Conflicts: # webserver/src/test/java/io/kestra/webserver/controllers/api/NamespaceFileControllerTest.java
Done |
What changes are being made and why?
Kestra allows the creation of files and directories with names starting with _flows*, despite the system's default restrictions intended to prevent such creations. Additionally, it fails to block the creation of folders starting with _flows*.
How the changes have been QAed?
I manually tested these examples:
Invalid Files and directories test cases:
Subfolder _flows* check:
Positive Test case
Note that this is not a replacement for unit tests but rather a way to demonstrate how the changes work in a real-life scenario, as the end-user would experience them.
closes #6225