From 94be0ad12161c27843baca69af441063d27792b2 Mon Sep 17 00:00:00 2001 From: Guillaume MORET <90462045+AyakorK@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:34:29 +0200 Subject: [PATCH] fix: Add layer of security and download p7zip-full lib on docker (#237) --- Dockerfile | 4 ++-- Dockerfile.local | 4 ++-- app/services/decidim/download_your_data_exporter.rb | 5 ++++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 07108ecf..f9505fdb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ ENV RAILS_ENV=production \ WORKDIR /app RUN apt-get update && \ - apt-get -y install libpq-dev curl git libicu-dev build-essential libproj-dev proj-bin && \ + apt-get -y install libpq-dev curl git libicu-dev build-essential libproj-dev proj-bin p7zip-full && \ curl https://deb.nodesource.com/setup_16.x | bash && \ apt-get install -y nodejs && \ npm install --global yarn && \ @@ -42,7 +42,7 @@ ENV RAILS_ENV=production \ RAILS_LOG_TO_STDOUT=true RUN apt update && \ - apt install -y postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \ + apt install -y postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 p7zip-full && \ gem install bundler:2.4.9 WORKDIR /app diff --git a/Dockerfile.local b/Dockerfile.local index 8a545212..20fbdc5c 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -8,7 +8,7 @@ ENV RAILS_ENV=production \ # Install common dependencies RUN apt-get update -q && \ apt-get install -yq --no-install-recommends \ - libpq-dev curl git libicu-dev build-essential openssl && \ + libpq-dev curl git libicu-dev build-essential openssl p7zip-full && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* @@ -66,7 +66,7 @@ WORKDIR /app # Install runtime dependencies RUN apt-get update -q && \ apt-get install -yq --no-install-recommends \ - postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \ + postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 p7zip-full && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* diff --git a/app/services/decidim/download_your_data_exporter.rb b/app/services/decidim/download_your_data_exporter.rb index 3cb8432f..a20abcca 100644 --- a/app/services/decidim/download_your_data_exporter.rb +++ b/app/services/decidim/download_your_data_exporter.rb @@ -30,7 +30,7 @@ def export save_user_data(tmpdir, user_data) save_user_attachments(tmpdir, user_attachments) - SevenZipWrapper.compress_and_encrypt(filename: @path, password: @password, input_directory: tmpdir) + Decidim::SevenZipWrapper.compress_and_encrypt(filename: @path, password: @password, input_directory: tmpdir) end private @@ -59,6 +59,9 @@ def save_user_data(tmpdir, user_data) next if exporter_data.read == "\n" file_name = File.join(tmpdir, "#{entity}-#{exporter_data.filename}") + + dir_path = File.dirname(file_name) + FileUtils.mkdir_p(dir_path) unless Dir.exist?(dir_path) File.write(file_name, exporter_data.read) end end