Page MenuHomePhabricator

[dash] Decide on a file management strategy
Open, NormalPublic


  • When should an uploaded file be deleted?
  • How long should a generated report be available for download?

Event Timeline

Files that cannot be read by a CSV reader should be deleted immediately to avoid that potentially malicious resources are hosted on this public server. A simple check for file extension is not enough. Arbitrary files can be uploaded by just adding the extension *.csv.

Following operations has been done:

  1. Uploaded file is validated via Python Magic library. The header of the file is checked and MIME type is determined. If it is not a real CSV file (MIME is different than 'application/csv'), the file and its folder are deleted immediately. The user is informed about the situation.
  2. Generated reports and uploaded user files are deleted from the server after 24 hours. A background task is created and scheduled for this operation.
aekavur moved this task from In Progress to Done on the webChallengeR board.