Always make a copy of a file.

If decryption is not required, copy the file anyway so the logic around removing the "decrypted" version of the file can still exist. This allows us to serve the "undecrypted" file back to the client even if we're secure-deleting the "decrypted" file here. I believe this fixes #30
matrix-org · Nov 14, 2018 · 4784b64 · 4784b64
1 parent c4cfb0d
commit 4784b64
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/src/reporting.js b/src/reporting.js
@@ -258,11 +258,10 @@ async function generateReport(console, httpUrl, matrixFile, filePath, tempDir, s
         return reportCache[reportHash];
     }
 
-    // By default, the file is considered decrypted
-    let decryptedFilePath = filePath;
+    // Always make a decryptedFile on disk
+    let decryptedFilePath = path.join(tempDir, 'unsafeDownloadedDecryptedFile');
 
     if (matrixFile && matrixFile.key) {
-        decryptedFilePath = path.join(tempDir, 'unsafeDownloadedDecryptedFile');
         console.info(`Decrypting ${filePath}, writing to ${decryptedFilePath}`);
 
         try {
@@ -271,6 +270,13 @@ async function generateReport(console, httpUrl, matrixFile, filePath, tempDir, s
             console.error(err);
             throw new ClientError(400, 'Failed to decrypt file', 'MCS_MEDIA_FAILED_TO_DECRYPT');
         }
+    } else {
+        try {
+            fs.copyFileSync(filePath, decryptedFilePath);
+        } catch (err) {
+            console.error(err);
+            throw new ClientError(400, 'Failed to copy file for decryption', 'MCS_MEDIA_FAILED_TO_DECRYPT');
+        }
     }
 
     const cmd = script + ' ' + decryptedFilePath;