Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add built-in support for automatically deleting files after a certain amount of time #11

Open
kousu opened this issue Jul 11, 2020 · 6 comments
Open

Add built-in support for automatically deleting files after a certain amount of time #11

kousu opened this issue Jul 11, 2020 · 6 comments
Labels
enhancement

Comments

@kousu
Copy link

kousu commented Jul 11, 2020
edited
Loading

mod_http_upload supports http_upload_expire_after. I would like to see this in here, too.

(not demanding; just making a note; maybe i'll get around to writing this myself, once I get this installed)
@kousu
Copy link
Author

kousu commented Jul 11, 2020
edited by horazont
Loading

Actually prosody-filer suggests just writing a cronjob around find: https://github.com/ThomasLeister/prosody-filer#automatic-purge

[code snippet removed by @horazont for security reasons; see discussion below; this snippet was pretty much the same as below, but without -print0 and -0]

that's pretty much just as good.

@horazont
Copy link
Owner

horazont commented Jul 11, 2020
edited
Loading

I’d also recommend the cronjob at this stage.

However, the command line is a bit unsafe since the filename is determined by the client. If the client can pick a filename with e.g. a newline in it, it could make the cronjob delete arbitrary files.

To avoid that, use:

find /home/prosody-filer/upload/ -mindepth 1 -type d -mtime +28 -print0 | xargs -0 -- rm -rf

The -print0 makes find print the file names separated by NUL bytes (0x00, \0) instead of newlines (0x09, \n). -0 on xargs tells xargs to expect such input. Since NUL bytes are not valid in filenames on Linux, this protects against malicious filenames.

@horazont horazont changed the title expiry Add built-in support for automatically deleting files after a certain amount of time Jul 11, 2020
@kousu
Copy link
Author

kousu commented Jul 11, 2020

The -print0 makes find print the file names separated by NUL bytes (0x00, \0) instead of newlines (0x09, \n). -0 on xargs tells xargs to expect such input. Since NUL bytes are not valid in filenames on Linux, this protects against malicious filenames.

Ouch, good catch! I'm usually pretty good about catching shell injections but I didn't try.

@anjandev
Copy link
Contributor

anjandev commented Jul 11, 2020 via email

kousu added a commit to kousu/prosody-filer that referenced this issue Jul 11, 2020
@kousu
Protect against shell-injection attacks
cabca49 
By using `-print0`, filenames to purge are delimited by nuls instead of newlines, which can't be found in filenames on unix. Previously, someone who uploaded a file could inject an *extra set* of files to try to erase. For example, by uploading a file to:

"/path/to/dir/file1.png%09/var/log/messages%09/etc/passwd%09/home/user/something.png"

I can't take credit for this. This is from @horazont in horazont/xmpp-http-upload#11 (comment)
@kousu kousu mentioned this issue Jul 11, 2020
Merged
@kousu
Copy link
Author

kousu commented Jul 11, 2020

What a good open source day 👯

@horazont
Copy link
Owner

@kousu I took the liberty to edit your comment above so that someone just copying the first snippet they find isn’t getting into trouble :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@horazont @kousu @anjandev