Page MenuHomePhabricator
Create Task
Maniphest T28100

[dash] Decide on a file management strategy
Open, NormalPublic
Actions

Description

  • When should an uploaded file be deleted?
  • How long should a generated report be available for download?

Event Timeline

eisenman created this task.Dec 10 2020, 11:45 PM
eisenman added a comment.Jan 22 2021, 7:45 PM

Files that cannot be read by a CSV reader should be deleted immediately to avoid that potentially malicious resources are hosted on this public server. A simple check for file extension is not enough. Arbitrary files can be uploaded by just adding the extension *.csv.

aekavur claimed this task.Sep 7 2021, 11:43 AM
aekavur moved this task from Backlog to In Progress on the webChallengeR board.
aekavur closed this task as Resolved.Sep 13 2021, 4:09 PM

Following operations has been done:

  1. Uploaded file is validated via Python Magic library. The header of the file is checked and MIME type is determined. If it is not a real CSV file (MIME is different than 'application/csv'), the file and its folder are deleted immediately. The user is informed about the situation.
  2. Generated reports and uploaded user files are deleted from the server after 24 hours. A background task is created and scheduled for this operation.
aekavur reopened this task as Open.Sep 13 2021, 4:12 PM
aekavur moved this task from In Progress to Done on the webChallengeR board.
MITK · MIC · IMSY · DKFZ