Skip to content

Commit

Permalink
backport: Add layer of security and download p7zip-full lib on docker
Browse files Browse the repository at this point in the history
  • Loading branch information
AyakorK committed Dec 2, 2024
1 parent 3271771 commit 2ad38fd
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 6 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ ENV RAILS_ENV=production \
WORKDIR /app

RUN apt-get update && \
apt-get -y install libpq-dev curl git libicu-dev build-essential && \
apt-get -y install libpq-dev curl git libicu-dev build-essential p7zip-full && \
curl https://deb.nodesource.com/setup_16.x | bash && \
apt-get install -y nodejs && \
npm install --global yarn && \
Expand Down Expand Up @@ -41,7 +41,7 @@ ENV RAILS_ENV=production \
RAILS_LOG_TO_STDOUT=true

RUN apt update && \
apt install -y postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \
apt install -y postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 p7zip-full && \
gem install bundler:2.4.9

WORKDIR /app
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.local
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ENV RAILS_ENV=production \
# Install common dependencies
RUN apt-get update -q && \
apt-get install -yq --no-install-recommends \
libpq-dev curl git libicu-dev build-essential openssl && \
libpq-dev curl git libicu-dev build-essential openssl p7zip-full && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

Expand Down Expand Up @@ -66,7 +66,7 @@ WORKDIR /app
# Install runtime dependencies
RUN apt-get update -q && \
apt-get install -yq --no-install-recommends \
postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \
postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 p7zip-full && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

Expand Down
8 changes: 6 additions & 2 deletions app/services/decidim/download_your_data_exporter.rb
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ def export
save_user_data(tmpdir, user_data)
save_user_attachments(tmpdir, user_attachments)

SevenZipWrapper.compress_and_encrypt(filename: @path, password: @password, input_directory: tmpdir)
Decidim::SevenZipWrapper.compress_and_encrypt(filename: @path, password: @password, input_directory: tmpdir)
end

private
Expand Down Expand Up @@ -59,6 +59,9 @@ def save_user_data(tmpdir, user_data)
next if exporter_data.read == "\n"

file_name = File.join(tmpdir, "#{entity}-#{exporter_data.filename}")

dir_path = File.dirname(file_name)
FileUtils.mkdir_p(dir_path) unless Dir.exist?(dir_path)
File.write(file_name, exporter_data.read)
end
end
Expand All @@ -70,7 +73,8 @@ def save_user_attachments(tmpdir, user_attachments)

blobs = attachment.is_a?(ActiveStorage::Attached::One) ? [attachment.blob] : attachment.blobs
blobs.each do |blob|
Dir.mkdir(File.join(tmpdir, entity.parameterize))
dir_path = File.join(tmpdir, entity.parameterize)
Dir.mkdir(dir_path) unless Dir.exist?(dir_path)
file_name = File.join(tmpdir, entity.parameterize, blob.filename.to_s)
blob.open do |blob_file|
File.write(file_name, blob_file.read.force_encoding("UTF-8"))
Expand Down

0 comments on commit 2ad38fd

Please sign in to comment.