Better error handling for access to denylist files

This commit is contained in:
Dane Everitt 2021-01-10 16:43:33 -08:00
parent 2c1b211280
commit b10e4dd437
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
2 changed files with 15 additions and 9 deletions

View File

@ -122,20 +122,22 @@ func (e *RequestError) Abort(c *gin.Context) {
// Looks at the given RequestError and determines if it is a specific filesystem error that // Looks at the given RequestError and determines if it is a specific filesystem error that
// we can process and return differently for the user. // we can process and return differently for the user.
func (e *RequestError) getAsFilesystemError() (int, string) { func (e *RequestError) getAsFilesystemError() (int, string) {
err := errors.Unwrap(e.err) if filesystem.IsErrorCode(e.err, filesystem.ErrCodePathResolution) || errors.Is(e.err, os.ErrNotExist) {
if err == nil {
return 0, ""
}
if errors.Is(err, os.ErrNotExist) || filesystem.IsErrorCode(err, filesystem.ErrCodePathResolution) {
return http.StatusNotFound, "The requested resource was not found on the system." return http.StatusNotFound, "The requested resource was not found on the system."
} }
if filesystem.IsErrorCode(err, filesystem.ErrCodeDiskSpace) { if filesystem.IsErrorCode(e.err, filesystem.ErrCodeDiskSpace) {
return http.StatusConflict, "There is not enough disk space available to perform that action." return http.StatusConflict, "There is not enough disk space available to perform that action."
} }
if strings.HasSuffix(err.Error(), "file name too long") { if filesystem.IsErrorCode(e.err, filesystem.ErrCodeDenylistFile) {
return http.StatusForbidden, "This file cannot be modified: present in egg denylist."
}
if filesystem.IsErrorCode(e.err, filesystem.ErrCodeIsDirectory) {
return http.StatusBadRequest, "Cannot perform that action: file is a directory."
}
if strings.HasSuffix(e.err.Error(), "file name too long") {
return http.StatusBadRequest, "Cannot perform that action: file name is too long." return http.StatusBadRequest, "Cannot perform that action: file name is too long."
} }
if e, ok := err.(*os.SyscallError); ok && e.Syscall == "readdirent" { if e, ok := e.err.(*os.SyscallError); ok && e.Syscall == "readdirent" {
return http.StatusNotFound, "The requested directory does not exist." return http.StatusNotFound, "The requested directory does not exist."
} }
return 0, "" return 0, ""

View File

@ -35,7 +35,11 @@ func (e *Error) Error() string {
case ErrCodeUnknownArchive: case ErrCodeUnknownArchive:
return "filesystem: unknown archive format" return "filesystem: unknown archive format"
case ErrCodeDenylistFile: case ErrCodeDenylistFile:
return "filesystem: file access prohibited: denylist" r := e.resolved
if r == "" {
r = "<empty>"
}
return fmt.Sprintf("filesystem: file access prohibited: [%s] is on the denylist", r)
case ErrCodePathResolution: case ErrCodePathResolution:
r := e.resolved r := e.resolved
if r == "" { if r == "" {