New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure path generation #2078

Closed

pascalgrimaud opened this issue Jun 14, 2022 · 8 comments · Fixed by #2501

Assignees

Labels

area: feature request 💡 $$ bug-bounty $$ generator: internal $400

Member

pascalgrimaud commented Jun 14, 2022 •

edited

Loading

By default, path folder should be something like /tmp/jhlite/xxxx, xxxx can be a random uuid
So the cloud version is usable
The value /tmp/jhlite should be in application.properties

Then, we can add a "local" profile, which will disable this feature and allow the user to choose the path folder he/she wants

The text was updated successfully, but these errors were encountered:

pascalgrimaud added area: feature request 💡 generator: internal $$ bug-bounty $$ $200 labels

Member Author

pascalgrimaud commented Jun 14, 2022

Adding a bounty as we need this, specially @jdubois :)

pascalgrimaud mentioned this issue

Project folder #809

Closed

Member

hdurix commented Jun 15, 2022

as discussed with @pascalgrimaud, we'll start with 2 things to make this work:

front-end part: instead of a placeholder for project path, init the input box with /tmp/jhlite/{uuid}
back-end part: add a spring boot property forcedFolderPath and check at generation the user project path starts with the value of forcedFolderPath

Member

jdubois commented Jun 15, 2022

Instead of "/tmp/jhlite" can we have "/jhlite"?
"/tmp" will be deleted if there’s a reboot, and also won’t work as a shared drive (I want to mount an Azure File storage so it’s persistent and can be shared if I scale out with multiple servers).

Member

hdurix commented Jun 15, 2022

ok so let me change the spec then:

back-end part: add a spring boot property folderPathPrefix and prefix the user project path with the value of folderPathPrefix

In the front-end part, the value will be initialized with /tmp/jhlite/{uuid} and the app will be generated in /jhlite/tmp/jhlite/{uuid}

hdurix self-assigned this

Collaborator

DamnClin commented Jun 15, 2022

I think a spring profile may be better than a property for that since it will be easier to replace adapters implementations if needed

pascalgrimaud mentioned this issue

Forced project folder #2449

Merged

hdurix mentioned this issue

Forced project folder for modules #2501

Merged

pascalgrimaud added $400 and removed $200 labels

Member Author

pascalgrimaud commented Jul 12, 2022

Updated the bounty as it was more work than expected

pascalgrimaud closed this as completed in #2501

Member

hdurix commented Jul 13, 2022

@jdubois you should now be able to use an env var named APPLICATION_FORCED_PROJECT_FOLDER with the prefix you want :)
This will be used for 2 things:

initialize the project folder input with forced-folder+UUID in the front-end
check that the chosen project folder is in the forced folder in the back-end

Eventually UX could be better, but for now at least this is secured

Member Author

pascalgrimaud commented Jul 13, 2022

@hdurix @jdubois : another solution is to use cloud profile, it will have default config /tmp/jhlite

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment