2022-06-15 03:32:29 -05:00
|
|
|
package store
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2022-07-25 02:30:20 -05:00
|
|
|
"mime"
|
2022-06-15 03:32:29 -05:00
|
|
|
"path/filepath"
|
|
|
|
|
|
|
|
"github.com/grafana/grafana/pkg/infra/filestorage"
|
2022-07-07 06:32:18 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/rendering"
|
|
|
|
"github.com/grafana/grafana/pkg/services/store/sanitizer"
|
2022-08-10 04:56:48 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/user"
|
2022-06-15 03:32:29 -05:00
|
|
|
)
|
|
|
|
|
2022-08-10 04:56:48 -05:00
|
|
|
func (s *standardStorageService) sanitizeContents(ctx context.Context, user *user.SignedInUser, req *UploadRequest, storagePath string) ([]byte, error) {
|
2022-06-15 03:32:29 -05:00
|
|
|
if req.EntityType == EntityTypeImage {
|
|
|
|
ext := filepath.Ext(req.Path)
|
|
|
|
if ext == ".svg" {
|
2022-07-07 06:32:18 -05:00
|
|
|
resp, err := sanitizer.SanitizeSVG(ctx, &rendering.SanitizeSVGRequest{
|
|
|
|
Filename: storagePath,
|
|
|
|
Content: req.Contents,
|
|
|
|
})
|
|
|
|
if err != nil {
|
2022-07-29 01:26:44 -05:00
|
|
|
if s.cfg != nil && s.cfg.AllowUnsanitizedSvgUpload {
|
2023-09-04 11:46:08 -05:00
|
|
|
grafanaStorageLogger.Debug("Allowing unsanitized svg upload", "filename", req.Path, "sanitizationError", err)
|
2022-07-07 06:32:18 -05:00
|
|
|
return req.Contents, nil
|
|
|
|
} else {
|
2023-09-04 11:46:08 -05:00
|
|
|
grafanaStorageLogger.Debug("Disallowing unsanitized svg upload", "filename", req.Path, "sanitizationError", err)
|
2022-07-07 06:32:18 -05:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return resp.Sanitized, nil
|
2022-06-15 03:32:29 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-07-07 06:32:18 -05:00
|
|
|
return req.Contents, nil
|
|
|
|
}
|
|
|
|
|
2022-08-10 04:56:48 -05:00
|
|
|
func (s *standardStorageService) sanitizeUploadRequest(ctx context.Context, user *user.SignedInUser, req *UploadRequest, storagePath string) (*filestorage.UpsertFileCommand, error) {
|
2022-07-07 06:32:18 -05:00
|
|
|
contents, err := s.sanitizeContents(ctx, user, req, storagePath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2022-07-25 02:30:20 -05:00
|
|
|
// we have already validated that the file contents match the extension in `./validate.go`
|
|
|
|
mimeType := mime.TypeByExtension(filepath.Ext(req.Path))
|
|
|
|
if mimeType == "" {
|
2023-09-04 11:46:08 -05:00
|
|
|
grafanaStorageLogger.Info("Failed to find mime type", "path", req.Path)
|
2022-07-25 02:30:20 -05:00
|
|
|
mimeType = "application/octet-stream"
|
|
|
|
}
|
|
|
|
|
2022-06-15 03:32:29 -05:00
|
|
|
return &filestorage.UpsertFileCommand{
|
|
|
|
Path: storagePath,
|
2022-07-07 06:32:18 -05:00
|
|
|
Contents: contents,
|
2022-07-25 02:30:20 -05:00
|
|
|
MimeType: mimeType,
|
2022-06-15 03:32:29 -05:00
|
|
|
CacheControl: req.CacheControl,
|
|
|
|
ContentDisposition: req.ContentDisposition,
|
|
|
|
Properties: req.Properties,
|
|
|
|
}, nil
|
|
|
|
}
|