fix: Add layer of security and download p7zip-full lib on docker

OpenSourcePolitics · Sep 25, 2024 · 1385c2b · 1385c2b
1 parent d609ab2
commit 1385c2b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,7 @@ ENV RAILS_ENV=production \
 WORKDIR /app
 
 RUN apt-get update && \
-    apt-get -y install libpq-dev curl git libicu-dev build-essential libproj-dev proj-bin && \
+    apt-get -y install libpq-dev curl git libicu-dev build-essential libproj-dev proj-bin p7zip-full && \
     curl https://deb.nodesource.com/setup_16.x | bash && \
     apt-get install -y nodejs  && \
     npm install --global yarn && \
@@ -42,7 +42,7 @@ ENV RAILS_ENV=production \
     RAILS_LOG_TO_STDOUT=true
 
 RUN apt update && \
-    apt install -y postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \
+    apt install -y postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 p7zip-full && \
     gem install bundler:2.4.9
 
 WORKDIR /app

diff --git a/Dockerfile.local b/Dockerfile.local
@@ -8,7 +8,7 @@ ENV RAILS_ENV=production \
 # Install common dependencies
 RUN apt-get update -q && \
     apt-get install -yq --no-install-recommends \
-    libpq-dev curl git libicu-dev build-essential openssl && \
+    libpq-dev curl git libicu-dev build-essential openssl p7zip-full && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
@@ -66,7 +66,7 @@ WORKDIR /app
 # Install runtime dependencies
 RUN apt-get update -q && \
     apt-get install -yq --no-install-recommends \
-    postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \
+    postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 p7zip-full && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 

diff --git a/app/services/decidim/download_your_data_exporter.rb b/app/services/decidim/download_your_data_exporter.rb
@@ -30,7 +30,7 @@ def export
       save_user_data(tmpdir, user_data)
       save_user_attachments(tmpdir, user_attachments)
 
-      SevenZipWrapper.compress_and_encrypt(filename: @path, password: @password, input_directory: tmpdir)
+      Decidim::SevenZipWrapper.compress_and_encrypt(filename: @path, password: @password, input_directory: tmpdir)
     end
 
     private
@@ -59,6 +59,9 @@ def save_user_data(tmpdir, user_data)
         next if exporter_data.read == "\n"
 
         file_name = File.join(tmpdir, "#{entity}-#{exporter_data.filename}")
+
+        dir_path = File.dirname(file_name)
+        FileUtils.mkdir_p(dir_path) unless Dir.exist?(dir_path)
         File.write(file_name, exporter_data.read)
       end
     end