Storage: externalize allow_unsanitized_svg_upload (#52703)

2025-02-14 17:43:35 -06:00 · 2022-07-25 21:11:17 +04:00 · 2022-07-25 21:11:17 +04:00 · 3cd43bd7ea
commit 3cd43bd7ea
parent 9c3f9887fc
5 changed files with 40 additions and 8 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -1266,3 +1266,10 @@ max_crawl_duration =
 # Minimum interval between two subsequent scheduler runs. Default is 12h.
 # This setting should be expressed as a duration. Examples: 10s (seconds), 1m (minutes).
 scheduler_interval =
 #################################### Storage ################################################
 [storage]
 # Allow uploading SVG files without sanitization.
 allow_unsanitized_svg_upload = false
--- a/pkg/services/store/service.go
+++ b/pkg/services/store/service.go
@ -194,9 +194,7 @@ func ProvideService(sql *sqlstore.SQLStore, features featuremgmt.FeatureToggles,
 		}
 	})
-	return newStandardStorageService(sql, globalRoots, initializeOrgStorages, authService, storageServiceConfig{
+	return newStandardStorageService(sql, globalRoots, initializeOrgStorages, authService, cfg)
 		allowUnsanitizedSvgUpload: false,
 	})
 }
 func createSystemBrandingPathFilter() filestorage.PathFilter {
@ -207,7 +205,7 @@ func createSystemBrandingPathFilter() filestorage.PathFilter {
 		nil)
 }
-func newStandardStorageService(sql *sqlstore.SQLStore, globalRoots []storageRuntime, initializeOrgStorages func(orgId int64) []storageRuntime, authService storageAuthService, cfg storageServiceConfig) *standardStorageService {
+func newStandardStorageService(sql *sqlstore.SQLStore, globalRoots []storageRuntime, initializeOrgStorages func(orgId int64) []storageRuntime, authService storageAuthService, cfg *setting.Cfg) *standardStorageService {
 	rootsByOrgId := make(map[int64][]storageRuntime)
 	rootsByOrgId[ac.GlobalOrgID] = globalRoots
@ -220,7 +218,9 @@ func newStandardStorageService(sql *sqlstore.SQLStore, globalRoots []storageRunt
 		sql:         sql,
 		tree:        res,
 		authService: authService,
-		cfg:         cfg,
+		cfg: storageServiceConfig{
 			allowUnsanitizedSvgUpload: cfg.Storage.AllowUnsanitizedSvgUpload,
 		},
 	}
 }
--- a/pkg/services/store/service_test.go
+++ b/pkg/services/store/service_test.go
@ -11,12 +11,18 @@ import (
 	"github.com/grafana/grafana/pkg/infra/filestorage"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tsdb/testdatasource"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 )
 var (
 	cfg = &setting.Cfg{
 		Storage: setting.StorageSettings{
 			AllowUnsanitizedSvgUpload: true,
 		},
 	}
 	htmlBytes, _        = ioutil.ReadFile("testdata/page.html")
 	jpgBytes, _         = ioutil.ReadFile("testdata/image.jpg")
 	svgBytes, _         = ioutil.ReadFile("testdata/image.svg")
@ -57,7 +63,7 @@ func TestListFiles(t *testing.T) {
 	store := newStandardStorageService(sqlstore.InitTestDB(t), roots, func(orgId int64) []storageRuntime {
 		return make([]storageRuntime, 0)
-	}, allowAllAuthService, storageServiceConfig{})
+	}, allowAllAuthService, cfg)
 	frame, err := store.List(context.Background(), dummyUser, "public/testdata")
 	require.NoError(t, err)
@ -77,7 +83,7 @@ func TestListFilesWithoutPermissions(t *testing.T) {
 	store := newStandardStorageService(sqlstore.InitTestDB(t), roots, func(orgId int64) []storageRuntime {
 		return make([]storageRuntime, 0)
-	}, denyAllAuthService, storageServiceConfig{})
+	}, denyAllAuthService, cfg)
 	frame, err := store.List(context.Background(), dummyUser, "public/testdata")
 	require.NoError(t, err)
 	rowLen, err := frame.RowLen()
@ -102,7 +108,7 @@ func setupUploadStore(t *testing.T, authService storageAuthService) (StorageServ
 	}
 	store := newStandardStorageService(sqlstore.InitTestDB(t), []storageRuntime{sqlStorage}, func(orgId int64) []storageRuntime {
 		return make([]storageRuntime, 0)
-	}, authService, storageServiceConfig{allowUnsanitizedSvgUpload: true})
+	}, authService, cfg)
 	return store, mockStorage, storageName
 }
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -443,6 +443,8 @@ type Cfg struct {
 	DashboardPreviews DashboardPreviewsSettings
 	Storage StorageSettings
 	// Access Control
 	RBACEnabled         bool
 	RBACPermissionCache bool
@ -1014,6 +1016,7 @@ func (cfg *Cfg) Load(args CommandLineArgs) error {
 	cfg.readDataSourcesSettings()
 	cfg.DashboardPreviews = readDashboardPreviewsSettings(iniFile)
 	cfg.Storage = readStorageSettings(iniFile)
 	if VerifyEmailEnabled && !cfg.Smtp.Enabled {
 		cfg.Logger.Warn("require_email_validation is enabled but smtp is disabled")
--- a/pkg/setting/setting_storage.go
+++ b/pkg/setting/setting_storage.go
@ -0,0 +1,16 @@
 package setting
 import (
 	"gopkg.in/ini.v1"
 )
 type StorageSettings struct {
 	AllowUnsanitizedSvgUpload bool
 }
 func readStorageSettings(iniFile *ini.File) StorageSettings {
 	s := StorageSettings{}
 	storageSection := iniFile.Section("storage")
 	s.AllowUnsanitizedSvgUpload = storageSection.Key("allow_unsanitized_svg_upload").MustBool(false)
 	return s
 }