Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame^] | 1 | # Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style |
| 3 | # license that can be found in the LICENSE file or at |
| 4 | # https://developers.google.com/open-source/licenses/bsd |
| 5 | |
| 6 | """Servlet to safely display textual issue attachments. |
| 7 | |
| 8 | Unlike most attachments, this is not a download, it is a full HTML page |
| 9 | with safely escaped user content. |
| 10 | """ |
| 11 | from __future__ import print_function |
| 12 | from __future__ import division |
| 13 | from __future__ import absolute_import |
| 14 | |
| 15 | import logging |
| 16 | |
| 17 | import webapp2 |
| 18 | |
| 19 | from google.appengine.api import app_identity |
| 20 | |
| 21 | from third_party import cloudstorage |
| 22 | import ezt |
| 23 | |
| 24 | from features import prettify |
| 25 | from framework import exceptions |
| 26 | from framework import filecontent |
| 27 | from framework import permissions |
| 28 | from framework import servlet |
| 29 | from framework import template_helpers |
| 30 | from tracker import attachment_helpers |
| 31 | from tracker import tracker_bizobj |
| 32 | from tracker import tracker_helpers |
| 33 | |
| 34 | |
| 35 | class AttachmentText(servlet.Servlet): |
| 36 | """AttachmentText displays textual attachments much like source browsing.""" |
| 37 | |
| 38 | _PAGE_TEMPLATE = 'tracker/issue-attachment-text.ezt' |
| 39 | _MAIN_TAB_MODE = servlet.Servlet.MAIN_TAB_ISSUES |
| 40 | |
| 41 | def GatherPageData(self, mr): |
| 42 | """Parse the attachment ID from the request and serve its content. |
| 43 | |
| 44 | Args: |
| 45 | mr: commonly used info parsed from the request. |
| 46 | |
| 47 | Returns: |
| 48 | Dict of values used by EZT for rendering almost the page. |
| 49 | """ |
| 50 | with mr.profiler.Phase('get issue, comment, and attachment'): |
| 51 | try: |
| 52 | attachment, issue = tracker_helpers.GetAttachmentIfAllowed( |
| 53 | mr, self.services) |
| 54 | except exceptions.NoSuchIssueException: |
| 55 | webapp2.abort(404, 'issue not found') |
| 56 | except exceptions.NoSuchAttachmentException: |
| 57 | webapp2.abort(404, 'attachment not found') |
| 58 | except exceptions.NoSuchCommentException: |
| 59 | webapp2.abort(404, 'comment not found') |
| 60 | |
| 61 | content = [] |
| 62 | if attachment.gcs_object_id: |
| 63 | bucket_name = app_identity.get_default_gcs_bucket_name() |
| 64 | full_path = '/' + bucket_name + attachment.gcs_object_id |
| 65 | logging.info("reading gcs: %s" % full_path) |
| 66 | with cloudstorage.open(full_path, 'r') as f: |
| 67 | content = f.read() |
| 68 | |
| 69 | filesize = len(content) |
| 70 | |
| 71 | # This servlet only displays safe textual attachments. The user should |
| 72 | # not have been given a link to this servlet for any other kind. |
| 73 | if not attachment_helpers.IsViewableText(attachment.mimetype, filesize): |
| 74 | self.abort(400, 'not a text file') |
| 75 | |
| 76 | u_text, is_binary, too_large = filecontent.DecodeFileContents(content) |
| 77 | lines = prettify.PrepareSourceLinesForHighlighting(u_text.encode('utf8')) |
| 78 | |
| 79 | config = self.services.config.GetProjectConfig(mr.cnxn, mr.project_id) |
| 80 | granted_perms = tracker_bizobj.GetGrantedPerms( |
| 81 | issue, mr.auth.effective_ids, config) |
| 82 | page_perms = self.MakePagePerms( |
| 83 | mr, issue, permissions.DELETE_ISSUE, permissions.CREATE_ISSUE, |
| 84 | granted_perms=granted_perms) |
| 85 | |
| 86 | page_data = { |
| 87 | 'issue_tab_mode': 'issueDetail', |
| 88 | 'local_id': issue.local_id, |
| 89 | 'filename': attachment.filename, |
| 90 | 'filesize': template_helpers.BytesKbOrMb(filesize), |
| 91 | 'file_lines': lines, |
| 92 | 'is_binary': ezt.boolean(is_binary), |
| 93 | 'too_large': ezt.boolean(too_large), |
| 94 | 'code_reviews': None, |
| 95 | 'page_perms': page_perms, |
| 96 | } |
| 97 | if is_binary or too_large: |
| 98 | page_data['should_prettify'] = ezt.boolean(False) |
| 99 | else: |
| 100 | page_data.update(prettify.BuildPrettifyData( |
| 101 | len(lines), attachment.filename)) |
| 102 | |
| 103 | return page_data |