Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Git issue #5009 Asset cache can lead to denial of service if asset database is deleted -Fix #5050

Open
wants to merge 9 commits into
base: develop/6
Choose a base branch
from
Open

Git issue #5009 Asset cache can lead to denial of service if asset database is deleted -Fix #5050

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
928fc14
final
SudhanshuBawane Feb 1, 2024
1518782
final_fix
SudhanshuBawane Feb 27, 2024
18f450c
final
SudhanshuBawane Mar 7, 2024
001844f
final
SudhanshuBawane Mar 12, 2024
357ac9f
resolved
SudhanshuBawane Mar 19, 2024
d2a0d01
resolved
SudhanshuBawane Mar 19, 2024
ee21635
WIP
SudhanshuBawane Mar 21, 2024
5441dbb
comments resolved
SudhanshuBawane Apr 9, 2024
fb8b8a8
comments resolved
SudhanshuBawane Apr 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions asset/boltdb_manager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"fmt"
"github.com/spf13/viper"
"os"
"path/filepath"

Expand All @@ -23,6 +24,7 @@ const (
// ExpandDuration is the name of the prometheus summary vec used to track
// average latencies of asset expansion.
ExpandDuration = "sensu_go_asset_expand_duration"
FlagCacheDir = "cache-dir"
)

var (
Expand Down Expand Up @@ -241,6 +243,14 @@ func (b *boltDBAssetManager) expandWithDuration(tmpFile *os.File, asset *corev2.
}))
defer timer.ObserveDuration()

assetSHA := asset.Sha512
CacheDir := viper.GetString(FlagCacheDir)
fullPath := filepath.Join(CacheDir, assetSHA)

if err := CleanUp(fullPath); err != nil { //fix for git issue 5009
logger.Printf("error cleaning up the SHA dir: %s", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice if more context information such as the SHA and full path could be provided with the log message. You can use WithFields and WithError .

Additionally please use an explicit log level such as Errorf or Warnf instead of using the generic Printf. In this case I believe warning would be an appropriate log level.

You can see an example at

sensu-go/backend/pipeline/filter/legacy.go

Line 126 in 76c7a16

logger.WithFields(fields).WithError(err).

}

assetPath = filepath.Join(b.localStorage, asset.Sha512)
return assetPath, b.expander.Expand(tmpFile, assetPath)
}
12 changes: 12 additions & 0 deletions asset/expander.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"errors"
"fmt"
"io"
"os"

archiver "github.com/mholt/archiver/v3"

Expand Down Expand Up @@ -90,3 +91,14 @@ func sniffType(f io.ReadSeeker) (filetype_types.Type, error) {

return ft, nil
}

// Sudhanshu - CleanUp the SHA for the git issue 5009 fix. Making sure that in case of DOS when asset.db gets deleted it gets cleanUp so that asset can be re-downloded
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: no need to add your name and issue number :)


func CleanUp(fullPath string) error {
errorSHA := os.RemoveAll(fullPath)
if errorSHA != nil {
return errorSHA
}
return nil

}
30 changes: 30 additions & 0 deletions asset/expander_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,33 @@ func TestExpandInvalidArchive(t *testing.T) {
t.Fail()
}
}

// ---Test to check CleanUp
func TestCleanUp(t *testing.T) {
t.Parallel()

// Create a temporary directory for testing
tmpDir := t.TempDir()

// Define the SHA and file name
SHAName := "shaAsset.tar"
SHAFilePath := filepath.Join(tmpDir, SHAName)

// Create a dummy file inside the temporary directory
SHAFile, err := os.Create(SHAFilePath)
if err != nil {
t.Fatalf("Failed to create dummy file: %v", err)
}
SHAFile.Close()

// Call CleanUp with the SHA of the dummy file and the temporary directory
err = CleanUp(SHAFilePath)
if err != nil {
t.Errorf("CleanUp returned an error: %v", err)
}

_, err = os.Stat(SHAFilePath)
if !os.IsNotExist(err) {
t.Errorf("CleanUp did not remove the dummy file as expected")
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This only tests os.RemoveAll and is therefore unnecessary

Loading