Maintenance will be performed on git.ligo.org, chat.ligo.org, containers.ligo.org, and docs.ligo.org on Tuesday 26 May 2020 starting at approximately 10am CDT. It is expected to take around 30 minutes and will involve a short period of downtime, around 5 minutes, towards the end of the maintenance period. Please address any questions, comments, or concerns to uwm-help@cgca.uwm.edu.

Commit 1396570f authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB

More restrictive filename/version requirements in API file retrieval

Prevents server errors from being generated when the filename is
"bad" and when the user specifies a non-integer version. This is
for superevent files; event files are handled separately, although
this should be unified at some point.
parent 55675362
......@@ -16,7 +16,7 @@ from rest_framework.views import APIView
from core.file_utils import get_file_list
from core.http import check_and_serve_file
from core.vfile import VersionedFile
from core.vfile import VersionedFile, FileVersionError, FileVersionNameError
from events.models import Event, Label
from events.view_utils import reverse as gracedb_reverse
from superevents.buildVOEvent import VOEventBuilderException
......@@ -275,7 +275,17 @@ class SupereventFileViewSet(InheritDefaultPermissionsMixin,
full_filename = self.kwargs.get(self.lookup_url_kwarg)
# Try to split into name,version (for log lookup)
filename, version = Log.split_versioned_filename(full_filename)
try:
filename, version = Log.split_versioned_filename(full_filename)
except FileVersionError as e:
# Bad version specifier
return Response('File not found, version string should be an int',
status=status.HTTP_404_NOT_FOUND)
except FileVersionNameError as e:
# File name doesn't match versioning scheme (likely has a comma
# in it that isn't part of the versioning scheme)
return Response(('Invalid filename: filename should not contain '
'commas'), status=status.HTTP_400_BAD_REQUEST)
# Get logs which are viewable by the current user and
# have files attached
......
......@@ -13,6 +13,17 @@ import logging
logger = logging.getLogger(__name__)
class FileVersionError(Exception):
# Problem with file version (likely not an int)
pass
class FileVersionNameError(Exception):
# Problem with filename (likely has an extra comma somewhere in the
# filename)
pass
class VersionedFile(file):
"""
Open a versioned file.
......@@ -149,13 +160,19 @@ class VersionedFile(file):
if len(result) == 2:
filename = result[0]
version = result[1]
# Version is a string here, try to convert it to an int
try:
version = int(version)
except ValueError as e:
raise FileVersionError('Bad version specifier')
elif len(result) == 1:
filename = result[0]
version = None
else:
err = 'Filename {0} does not match versioning scheme'.format(
versioned_name)
raise ValueError(err)
raise FileVersionNameError(err)
return filename, version
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment