Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FileService: Querying /file.png/anything where /file.png is a file throws #4654

Merged
merged 1 commit into from Mar 29, 2021
Merged

FileService: Querying /file.png/anything where /file.png is a file throws #4654

merged 1 commit into from Mar 29, 2021

Conversation

ScalaWilliam
Copy link
Contributor

@ScalaWilliam ScalaWilliam commented Mar 27, 2021
edited

Exception is java.nio.file.FileSystemException: Not a directory.
Found bot queries in Scala Algorithms logs that are leading to an HTTP 5xx error.

To avoid this, we explicitly check if what we are querying is a file, before attempting to resolve the real path; the exception is currently raised in particular where .toRealPath is called.

Alternative approach would be to capture the FileSystemException as well, but it could hide other errors like AccessDeniedException. Because we already do a check, the check for NoSuchFileException becomes redundant.

Before changing main code:
image

@ScalaWilliam ScalaWilliam changed the title FileService: Querying /file.png/anything where /file.png is a file fails FileService: Querying /file.png/anything where /file.png is a file throws Mar 27, 2021
@rossabaker rossabaker added the bug Determined to be a bug in http4s label Mar 28, 2021
rossabaker
rossabaker requested changes Mar 28, 2021
View reviewed changes
Copy link
Member

@rossabaker rossabaker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eek. Nice find.

This could be a separate PR, but I wonder whether we have the same issue in WebJar and Resource service.

server/src/main/scala/org/http4s/server/staticcontent/FileService.scala Outdated
@@ -86,13 +85,14 @@ object FileService {
case _ => OptionT.none
}
resolvedPath
.semiflatMap(path => F.delay(path.toRealPath(LinkOption.NOFOLLOW_LINKS)))
.flatMapF(path =>
F.delay(if (Files.exists(path)) Some(path.toRealPath(LinkOption.NOFOLLOW_LINKS))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add the same LinkOption to the exists call to make it consistent with the toRealPath?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done - thank you for pointing it out.

@ScalaWilliam
FileService: Querying /file.png/anything where /file.png is a file fails
8e46331 
Exception is `java.nio.file.FileSystemException: Not a directory`.
Found bot queries in Scala Algorithms logs that are leading to an HTTP 5xx error.

To avoid this, we explicitly check if what we are querying is a file, before attempting to resolve the real path; the exception is currently raised in particular where `.toRealPath` is called.

Alternative approach would be to capture the `FileSystemException` as well, but it could hide other errors like `AccessDeniedException`. Because we already do a check, the check for `NoSuchFileException` becomes redundant.
@rossabaker
Copy link
Member

I still think this is potentially an issue in the two related services, but this is good on its own.

@rossabaker rossabaker merged commit 40f5e44 into http4s:series/0.21 Mar 29, 2021
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rossabaker rossabaker rossabaker requested changes

Assignees
No one assigned
Labels
bug Determined to be a bug in http4s
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ScalaWilliam @rossabaker