Maintenance will be performed on,,, and tomorrow, 2020/08/04, starting at approximately 9am PDT. It is expected to take around 15 minutes and there will be a short period of downtime towards the end of the maintenance window. Please direct any comments, questions or concerns to

Commit 1396570f authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB

More restrictive filename/version requirements in API file retrieval

Prevents server errors from being generated when the filename is
"bad" and when the user specifies a non-integer version. This is
for superevent files; event files are handled separately, although
this should be unified at some point.
parent 55675362
......@@ -16,7 +16,7 @@ from rest_framework.views import APIView
from core.file_utils import get_file_list
from core.http import check_and_serve_file
from core.vfile import VersionedFile
from core.vfile import VersionedFile, FileVersionError, FileVersionNameError
from events.models import Event, Label
from events.view_utils import reverse as gracedb_reverse
from superevents.buildVOEvent import VOEventBuilderException
......@@ -275,7 +275,17 @@ class SupereventFileViewSet(InheritDefaultPermissionsMixin,
full_filename = self.kwargs.get(self.lookup_url_kwarg)
# Try to split into name,version (for log lookup)
filename, version = Log.split_versioned_filename(full_filename)
filename, version = Log.split_versioned_filename(full_filename)
except FileVersionError as e:
# Bad version specifier
return Response('File not found, version string should be an int',
except FileVersionNameError as e:
# File name doesn't match versioning scheme (likely has a comma
# in it that isn't part of the versioning scheme)
return Response(('Invalid filename: filename should not contain '
'commas'), status=status.HTTP_400_BAD_REQUEST)
# Get logs which are viewable by the current user and
# have files attached
......@@ -13,6 +13,17 @@ import logging
logger = logging.getLogger(__name__)
class FileVersionError(Exception):
# Problem with file version (likely not an int)
class FileVersionNameError(Exception):
# Problem with filename (likely has an extra comma somewhere in the
# filename)
class VersionedFile(file):
Open a versioned file.
......@@ -149,13 +160,19 @@ class VersionedFile(file):
if len(result) == 2:
filename = result[0]
version = result[1]
# Version is a string here, try to convert it to an int
version = int(version)
except ValueError as e:
raise FileVersionError('Bad version specifier')
elif len(result) == 1:
filename = result[0]
version = None
err = 'Filename {0} does not match versioning scheme'.format(
raise ValueError(err)
raise FileVersionNameError(err)
return filename, version
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment