Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apps-engine method executePreFileUpload allows not allowed files in some cases #33506

Open
shiryov opened this issue Oct 9, 2024 · 3 comments
Open

Apps-engine method executePreFileUpload allows not allowed files in some cases #33506

shiryov opened this issue Oct 9, 2024 · 3 comments

Comments

@shiryov
Copy link

shiryov commented Oct 9, 2024

Description:

If executePreFileUpload execution time is more than one second, the FileUploadNotAllowedException is ignored and file is uploaded into the chat.

Steps to reproduce:

  1. Create simple app with sleep(1000) in method executePreFileUpload before throwing FileUploadNotAllowedException
  2. Install app
  3. Upload any file to the channel/group/dm

Expected behavior:

File upload is blocked

Actual behavior:

File upload successful

Server Setup Information:

  • Version of Rocket.Chat Server: 6.11.3
  • License Type: Enterprise
  • Number of Users: 7500
  • Operating System: Linux
  • Deployment Method: docker
  • Number of Running Instances: 25
  • NodeJS Version: v14.21.3

Client Setup Information

  • Desktop App or Browser Version: Chrome
  • Operating System: Windows

Additional context

import {
    IAppAccessors,
    ILogger,
    IConfigurationExtend,
    IEnvironmentRead,
    IHttp,
    IModify,
    IPersistence,
    IRead,
} from '@rocket.chat/apps-engine/definition/accessors';
import { App } from '@rocket.chat/apps-engine/definition/App';
import { IAppInfo } from '@rocket.chat/apps-engine/definition/metadata';
import { FileUploadNotAllowedException } from '@rocket.chat/apps-engine/definition/exceptions';
import { IFileUploadContext, IPreFileUpload } from '@rocket.chat/apps-engine/definition/uploads';

export class PreMethodTimeoutTestApp extends App implements IPreFileUpload {
    constructor(info: IAppInfo, logger: ILogger, accessors: IAppAccessors) {
        super(info, logger, accessors);
    }

    async sleep(ms) {
        return new Promise(resolve => setTimeout(resolve, ms));
    }

    public async executePreFileUpload(context: IFileUploadContext, read: IRead, http: IHttp, persis: IPersistence, modify: IModify): Promise<void> {
        await this.sleep(1003);
        throw new FileUploadNotAllowedException('Virus found');
    }
}

Relevant logs:

Skipped file:
image

But the exception was throwed:
image

This issue does not reproduce in version 6.9.x or older
@reetp
Copy link

reetp commented Oct 9, 2024

For reference opened here:

https://forums.rocket.chat/t/how-to-use-apps-for-long-1-20-sec-file-checking-on-external-service/20731

Please follow the guide.

  • Ensure you’re running the latest version of Rocket.Chat. An update might resolve your issue.

https://developer.rocket.chat/docs/contribute-through-bug-reporting

@CyberStranger
Copy link

CyberStranger commented Oct 10, 2024
edited
Loading

I tested this in RocketChat 6.13, and this issue is also present.
preFileUpload

@reetp
Copy link

reetp commented Oct 10, 2024

License Type: Enterprise

You should open a ticket directly with support - you will get a faster response there. Let them know this issue is open.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shiryov @reetp @CyberStranger