Merge branch 'dev' into enhancement/backup-failure-alert

2024-08-30 18:23:09 +00:00 · 2022-06-21 21:34:51 +01:00 · 2022-06-21 21:34:51 +01:00 · ffba1fb438
commit ffba1fb438
parent 177d99e002 d3b1095867
4 changed files with 32 additions and 15 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@
 - Spelling mistake fixed in German lang file ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/370))
 - Backup failure warning (Tab text goes red) ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/373))
 - Rework server list on dashboard display for use on small screens ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/372))
+- File handling enhancements ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/362))
 <br><br>

 ## --- [4.0.3] - 2022/06/18
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@ -144,7 +144,8 @@ class Helpers:
    @staticmethod
    def check_file_perms(path):
        try:
-            open(path, "r", encoding="utf-8").close()
+            with open(path, "r", encoding="utf-8"):
+                pass
            logger.info(f"{path} is readable")
            return True
        except PermissionError:
@ -480,7 +481,8 @@ class Helpers:
    def check_writeable(path: str):
        filename = os.path.join(path, "tempfile.txt")
        try:
-            open(filename, "w", encoding="utf-8").close()
+            with open(filename, "w", encoding="utf-8"):
+                pass
            os.remove(filename)

            logger.info(f"{filename} is writable")
@ -518,7 +520,8 @@ class Helpers:

        # ensure the log file is there
        try:
-            open(log_file, "a", encoding="utf-8").close()
+            with open(log_file, "a", encoding="utf-8"):
+                pass
        except Exception as e:
            Console.critical(f"Unable to open log file! {e}")
            sys.exit(1)
@ -648,7 +651,7 @@ class Helpers:

        session_data = {"pid": pid, "started": now.strftime("%d-%m-%Y, %H:%M:%S")}
        with open(self.session_file, "w", encoding="utf-8") as f:
-            json.dump(session_data, f, indent=True)
+            json.dump(session_data, f, indent=4)

    # because this is a recursive function, we will return bytes,
    # and set human readable later
@ -782,13 +785,15 @@ class Helpers:
        cert.set_version(2)
        cert.sign(k, "sha256")

-        f = open(cert_file, "w", encoding="utf-8")
-        f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode())
-        f.close()
+        with open(cert_file, "w", encoding="utf-8") as cert_file_handle:
+            cert_file_handle.write(
+                crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode()
+            )

-        f = open(key_file, "w", encoding="utf-8")
-        f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode())
-        f.close()
+        with open(key_file, "w", encoding="utf-8") as key_file_handle:
+            key_file_handle.write(
+                crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode()
+            )

    @staticmethod
    def random_string_generator(size=6, chars=string.ascii_uppercase + string.digits):
@ -1007,7 +1012,8 @@ class Helpers:
            return False

        try:
-            open(jar_path, "wb").write(response.content)
+            with open(jar_path, "wb") as jar_file:
+                jar_file.write(response.content)
        except Exception as e:
            logger.error("Unable to finish executable download. Error: %s", e)
            return False
--- a/app/classes/shared/server.py
+++ b/app/classes/shared/server.py
@ -802,10 +802,9 @@ class ServerInstance:
        self.server_scheduler.remove_job("c_" + str(self.server_id))

    def agree_eula(self, user_id):
-        file = os.path.join(self.server_path, "eula.txt")
-        f = open(file, "w", encoding="utf-8")
-        f.write("eula=true")
-        f.close()
+        eula_file = os.path.join(self.server_path, "eula.txt")
+        with open(eula_file, "w", encoding="utf-8") as f:
+            f.write("eula=true")
        self.run_threaded_server(user_id)

    def backup_server(self):
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@ -1511,6 +1511,17 @@ class PanelHandler(BaseHandler):
            max_backups = bleach.clean(self.get_argument("max_backups", None))

            server_obj = self.controller.servers.get_server_obj(server_id)
+            if (
+                not backup_path
+                == self.helper.wtol_path(
+                    os.path.join(self.helper.backup_path, server_obj.server_uuid)
+                )
+                and self.helper.wtol_path(self.controller.project_root) in backup_path
+            ):
+                self.redirect(
+                    "/panel/error?error=Nefarious activities detected."
+                    " User attempted to make backup path within Crafty's root."
+                )
            server_obj.backup_path = backup_path
            self.controller.servers.update_server(server_obj)
            self.controller.management.set_backup_config(