def finished():
try:
downloadable_files = file_download_feature.get_downloadable_files(
execution_id)
for file in downloadable_files:
filename = os.path.basename(file)
relative_path = file_utils.relative_path(
file, downloads_folder)
url_path = relative_path.replace(os.path.sep, '/')
url_path = 'result_files/' + url_path
web_socket.safe_write(
wrap_to_server_event('file', {
'url': url_path,
'filename': filename
}))
except:
LOGGER.exception('Could not prepare downloadable files')
connection = web_socket.ws_connection
if (connection is not None) and (hasattr(connection,
'ping_callback')):
# we need to stop callback explicitly and as soon as possible, to avoid sending ping after close
connection.ping_callback.stop()
output_stream.wait_close(timeout=5)
web_socket.ioloop.add_callback(web_socket.close, code=1000)
def finished(self):
output_stream.wait_close()
script_output = ''.join(output_stream.get_old_data())
try:
downloadable_files = file_download_feature.prepare_downloadable_files(
executor.config, script_output,
executor.parameter_values, audit_name)
for file in downloadable_files:
filename = os.path.basename(file)
relative_path = file_utils.relative_path(
file, TEMP_FOLDER)
web_socket.safe_write(
wrap_to_server_event(
'file', {
'url': relative_path.replace(
os.path.sep, '/'),
'filename': filename
}))
except:
LOGGER.exception("Couldn't prepare downloadable files")
web_socket.ioloop.add_callback(web_socket.close)
def finished(self):
reading_thread.join()
output_logger.close()
try:
downloadable_files = file_download_feature.prepare_downloadable_files(
process_wrapper.get_config(),
process_wrapper.get_full_output(),
process_wrapper.execution_info.param_values,
audit_name,
get_tornado_secret(),
TEMP_FOLDER)
for file in downloadable_files:
filename = os.path.basename(file)
relative_path = file_utils.relative_path(file, TEMP_FOLDER)
web_socket.safe_write(wrap_to_server_event(
'file',
{'url': relative_path.replace(os.path.sep, '/'), 'filename': filename}))
except:
logger.exception("Couldn't prepare downloadable files")
tornado.ioloop.IOLoop.current().add_callback(web_socket.close)
def validate_absolute_path(self, root, absolute_path):
logger = logging.getLogger('scriptServer')
audit_name = get_audit_name(self, logger)
file_path = file_utils.relative_path(absolute_path, os.path.abspath(root))
if not file_download_feature.allowed_to_download(file_path, audit_name, get_tornado_secret()):
logger.warning('Access attempt from ' + audit_name + ' to ' + absolute_path)
raise tornado.web.HTTPError(404)
return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path):
audit_name = get_audit_name_from_request(self)
user_id = identify_user(self)
file_download_feature = self.application.file_download_feature
file_path = file_utils.relative_path(absolute_path, os.path.abspath(root))
if not file_download_feature.allowed_to_download(file_path, user_id):
LOGGER.warning('Access attempt from ' + user_id + '(' + audit_name + ') to ' + absolute_path)
raise tornado.web.HTTPError(403)
return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path):
audit_name = get_audit_name_from_request(self)
user_id = _identify_user(self)
file_download_feature = self.application.file_download_feature
file_path = file_utils.relative_path(absolute_path, os.path.abspath(root))
if not file_download_feature.allowed_to_download(file_path, user_id):
LOGGER.warning('Access attempt from ' + user_id + '(' + audit_name + ') to ' + absolute_path)
raise tornado.web.HTTPError(403)
return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path):
if not self.application.auth.is_enabled() and (absolute_path.endswith("/login.html")):
raise tornado.web.HTTPError(404)
relative_path = file_utils.relative_path(absolute_path, root)
if self.is_admin_file(relative_path):
if not has_admin_rights(self):
user_id = identify_user(self)
LOGGER.warning('User %s (%s) tried to access admin static file %s',
user_id, get_audit_name_from_request(self), relative_path)
raise tornado.web.HTTPError(403)
return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path):
if not self.application.auth.is_enabled() and (absolute_path.endswith("/login.html")):
raise tornado.web.HTTPError(404)
relative_path = file_utils.relative_path(absolute_path, root)
if self.is_admin_file(relative_path):
if not has_admin_rights(self):
user_id = _identify_user(self)
LOGGER.warning('User %s (%s) tried to access admin static file %s',
user_id, get_audit_name_from_request(self), relative_path)
raise tornado.web.HTTPError(403)
return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def finished():
try:
downloadable_files = file_download_feature.get_downloadable_files(execution_id)
for file in downloadable_files:
filename = os.path.basename(file)
relative_path = file_utils.relative_path(file, downloads_folder)
url_path = relative_path.replace(os.path.sep, '/')
url_path = 'result_files/' + url_path
web_socket.safe_write(wrap_to_server_event(
'file',
{'url': url_path, 'filename': filename}))
except:
LOGGER.exception('Could not prepare downloadable files')
connection = web_socket.ws_connection
if (connection is not None) and (hasattr(connection, 'ping_callback')):
# we need to stop callback explicitly and as soon as possible, to avoid sending ping after close
connection.ping_callback.stop()
output_stream.wait_close(timeout=5)
web_socket.ioloop.add_callback(web_socket.close, code=1000)
def prepare_download_url(self, file):
downloads_folder = self.application.downloads_folder
relative_path = file_utils.relative_path(file, downloads_folder)
url_path = relative_path.replace(os.path.sep, '/')
url_path = 'result_files/' + url_path
return url_path
def test_prohibit_access_to_different_user(self):
user1_folder = self.storage.prepare_new_folder('user1', test_utils.temp_folder)
relative_folder = file_utils.relative_path(user1_folder, test_utils.temp_folder)
self.assertFalse(self.storage.allowed_to_access(relative_folder, 'user2'))
def test_allow_to_access_own_folder(self):
user1_folder = self.storage.prepare_new_folder('user1', test_utils.temp_folder)
relative_folder = file_utils.relative_path(user1_folder, test_utils.temp_folder)
self.assertTrue(self.storage.allowed_to_access(relative_folder, 'user1'))
def test_prohibit_access_to_different_user(self):
user1_folder = self.storage.prepare_new_folder('user1', test_utils.temp_folder)
relative_folder = file_utils.relative_path(user1_folder, test_utils.temp_folder)
self.assertFalse(self.storage.allowed_to_access(relative_folder, 'user2'))
def test_allow_to_access_own_folder(self):
user1_folder = self.storage.prepare_new_folder('user1', test_utils.temp_folder)
relative_folder = file_utils.relative_path(user1_folder, test_utils.temp_folder)
self.assertTrue(self.storage.allowed_to_access(relative_folder, 'user1'))
