Add error handeling to UploadFinder

Handle upload errors by rescuing them but sending them to sentry. Extract more functions.

Add error handeling to UploadFinder
Handle upload errors by rescuing them but sending them to sentry. Extract more functions.
d8de618a · allison.browne · 0b0d9e50 · d8de618a · d8de618a · d8de618a
Commit d8de618a authored May 19, 2020 by allison.browne
10 changed files
--- a/app/finders/uploader_finder.rb
+++ b/app/finders/uploader_finder.rb
@@ -16,6 +16,11 @@ class UploaderFinder
    retrieve_file_state!
    uploader
+  rescue ::Gitlab::Utils::PathTraversalAttackError, StandardError => e
+    # Send any unexpected errors to sentry and return nil
+    Raven.capture_exception(e) unless e.is_a?(::Gitlab::Utils::PathTraversalAttackError)
+    nil
  end
  def prevent_path_traversal_attack!

--- a/ee/app/services/status_page/publication_service_helpers.rb
+++ b/ee/app/services/status_page/publication_service_helpers.rb
@@ -2,8 +2,6 @@
 module StatusPage
  module PublicationServiceHelpers
-    include Gitlab::Utils::StrongMemoize
    def error(message, payload = {})
      ServiceResponse.error(message: message, payload: payload)
    end

--- a/ee/app/services/status_page/publish_attachments_service.rb
+++ b/ee/app/services/status_page/publish_attachments_service.rb
@@ -4,6 +4,7 @@ module StatusPage
  # Publishes Attachments from incident comments and descriptions to s3
  # Should only be called from publish details or a service that inherits from the publish_base_service
  class PublishAttachmentsService
+    include Gitlab::Utils::StrongMemoize
    include StatusPage::PublicationServiceHelpers
    def initialize(project:, issue:, user_notes:, storage_client:)
@@ -27,29 +28,27 @@ module StatusPage
    def publish_description_attachments
      publish_markdown_uploads(
-        markdown_field: issue.description,
+        markdown_field: issue.description
-        issue_iid: issue.iid
      )
    end
    def publish_user_note_attachments
      user_notes.each do |user_note|
        publish_markdown_uploads(
-          markdown_field: user_note.note,
+          markdown_field: user_note.note
-          issue_iid: issue.iid
        )
      end
    end
-    def publish_markdown_uploads(markdown_field:, issue_iid:)
+    def publish_markdown_uploads(markdown_field:)
      markdown_field.scan(FileUploader::MARKDOWN_PATTERN).map do |secret, file_name|
        break if @total_uploads >= StatusPage::Storage::MAX_UPLOADS
-        key = StatusPage::Storage.upload_path(issue_iid, secret, file_name)
+        key = upload_path(secret, file_name)
        next if existing_keys.include? key
-        # uploader behaves like a file with an 'open' method
+        file = find_file(secret, file_name)
-        file = UploaderFinder.new(project, secret, file_name).execute
+        next if file.nil?
        upload_file(key, file)
      end
@@ -57,10 +56,14 @@ module StatusPage
    def upload_file(key, file)
      file.open do |open_file|
-        # Send files to s3 storage in parts (hanles large files)
+        # Send files to s3 storage in parts (handles large files)
        storage_client.multipart_upload(key, open_file)
        @total_uploads += 1
      end
+    rescue Error => e
+      # Continue uploading other files if one fails
+      # But report the failure to Sentry
+      Raven.capture_exception(e)
    end
    def existing_keys
@@ -69,8 +72,17 @@ module StatusPage
      end
    end
+    def upload_path(secret, file_name)
+      StatusPage::Storage.upload_path(issue.iid, secret, file_name)
+    end
    def uploads_path
      StatusPage::Storage.uploads_path(issue.iid)
    end
+    def find_file(secret, file_name)
+      # Uploader object behaves like a file with an 'open' method
+      UploaderFinder.new(project, secret, file_name).execute
+    end
  end
 end
--- a/ee/app/services/status_page/publish_base_service.rb
+++ b/ee/app/services/status_page/publish_base_service.rb
@@ -2,6 +2,7 @@
 module StatusPage
  class PublishBaseService
+    include Gitlab::Utils::StrongMemoize
    include StatusPage::PublicationServiceHelpers
    def initialize(project:)

--- a/ee/lib/status_page/storage/s3_multipart_upload.rb
+++ b/ee/lib/status_page/storage/s3_multipart_upload.rb
@@ -30,7 +30,8 @@ module StatusPage
            complete_upload(upload_id, parts)
            # Rescue on Exception since even on keyboard inturrupt we want to abort the upload and re-raise
            # abort clears the already uploaded parts so that they do not cost the bucket owner
-            # The status page bucket lifecycle policy will clear out any parts if this fails without an exception (power failures etc.)
+            # The status page bucket lifecycle policy will clear out unaborted parts if
+            # this fails without an exception (power failures etc.)
          rescue Exception => e # rubocop:disable Lint/RescueException
            abort_upload(upload_id)
            raise e

--- a/lib/api/validations/validators/file_path.rb
+++ b/lib/api/validations/validators/file_path.rb
@@ -8,7 +8,7 @@ module API
          path = params[attr_name]
          Gitlab::Utils.check_path_traversal!(path)
-        rescue StandardError
+        rescue Gitlab::Utils::PathTraversalAttackError
          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
                                               message: "should be a valid file path"
        end

--- a/lib/gitlab/gfm/uploads_rewriter.rb
+++ b/lib/gitlab/gfm/uploads_rewriter.rb
@@ -22,7 +22,9 @@ module Gitlab
        return @text unless needs_rewrite?
        @text.gsub(@pattern) do |markdown|
-          file = UploaderFinder.new(@source_project, $~[:secret], $~[:file]).execute
+          file = find_file($~[:secret], $~[:file])
+          # No file will be returned for a path traversal
+          next if file.nil?
          break markdown unless file.try(:exists?)
@@ -46,7 +48,7 @@ module Gitlab
      def files
        referenced_files = @text.scan(@pattern).map do
-          UploaderFinder.new(@source_project, $~[:secret], $~[:file]).execute
+          find_file($~[:secret], $~[:file])
        end
        referenced_files.compact.select(&:exists?)
@@ -55,6 +57,10 @@ module Gitlab
      def was_embedded?(markdown)
        markdown.starts_with?("!")
      end
+      def find_file(secret, file_name)
+        UploaderFinder.new(@source_project, secret, file_name).execute
+      end
    end
  end
 end
--- a/lib/gitlab/utils.rb
+++ b/lib/gitlab/utils.rb
@@ -3,6 +3,8 @@
 module Gitlab
  module Utils
    extend self
+    # disable Cop/CustomErrorClass because recommended style causes 'already initialized constant' warning
+    class PathTraversalAttackError < StandardError; end # rubocop:disable Cop/CustomErrorClass
    # Ensure that the relative path will not traverse outside the base directory
    # We url decode the path to avoid passing invalid paths forward in url encoded format.
@@ -17,7 +19,7 @@ module Gitlab
          path.end_with?("#{File::SEPARATOR}..") ||
          (!allowed_absolute && Pathname.new(path).absolute?)
-        raise StandardError.new("Invalid path")
+        raise PathTraversalAttackError.new('Invalid path')
      end
      path

--- a/spec/finders/uploader_finder_spec.rb
+++ b/spec/finders/uploader_finder_spec.rb
@@ -15,24 +15,40 @@ describe UploaderFinder do
      upload.save
    end
-    it 'gets the uploader' do
+    context 'when sucessful' do
-      allow_next_instance_of(FileUploader) do |uploader|
+      before do
-        allow(uploader).to receive(:retrieve_from_store!).with(upload.path).and_return(uploader)
+        allow_next_instance_of(FileUploader) do |uploader|
+          allow(uploader).to receive(:retrieve_from_store!).with(upload.path).and_return(uploader)
+        end
      end
-      expect(subject).to be_an_instance_of(FileUploader)
+      it 'gets the file-like uploader' do
-      expect(subject.model).to eq(project)
+        expect(subject).to be_an_instance_of(FileUploader)
-      expect(subject.secret).to eq(secret)
+        expect(subject.model).to eq(project)
+        expect(subject.secret).to eq(secret)
+      end
    end
-    context 'path traversal in file name' do
+    context 'when path traversal in file name' do
      before do
        upload.path = '/uploads/11111111111111111111111111111111/../../../../../../../../../../../../../../etc/passwd)'
        upload.save
      end
-      it 'throws an error' do
+      it 'returns nil' do
-        expect { subject }.to raise_error(an_instance_of(StandardError).and(having_attributes(message: "Invalid path")))
+        expect(subject).to be(nil)
+      end
+    end
+    context 'when unexpected failure' do
+      before do
+        allow_next_instance_of(FileUploader) do |uploader|
+          allow(uploader).to receive(:retrieve_from_store!).and_raise(StandardError)
+        end
+      end
+      it 'returns nil when unexpected error is raised' do
+        expect(subject).to be(nil)
      end
    end
  end

--- a/spec/lib/gitlab/gfm/uploads_rewriter_spec.rb
+++ b/spec/lib/gitlab/gfm/uploads_rewriter_spec.rb
@@ -54,6 +54,14 @@ describe Gitlab::Gfm::UploadsRewriter do
          expect(new_paths).not_to include image_uploader.secret
          expect(new_paths).not_to include zip_uploader.secret
        end
+        it 'skips nil files do' do
+          allow_next_instance_of(UploaderFinder) do |finder|
+            allow(finder).to receive(:execute).and_return(nil)
+          end
+          expect(new_files).to be_empty
+        end
      end
    end