Closed MartinWahnschaffe closed 1 year ago
@MartinWahnschaffe 1.77.0 would be the milestone number of this change? Thank you :)
Talked with @MartinWahnschaffe, added ".msg" and ".jpeg" file extension to allowed file types.
Reported by HZI:
I cannot share cases or contact via S2S between our nightlies test-de1, test-de2 and test-de3. That is a problem, because we have to avoid hotfixes in the 1.77 and therefore i have to test the S2S-implementations on the nightlies.
Log provided suggests that a classloading problem with bouncycastle is causing the problem.
javax.ejb.TransactionRolledbackLocalException: Exception thrown from bean: javax.ejb.EJBTransactionRolledbackException:
Exception thrown from bean: java.lang.LinkageError: loader constraint violation: loader
com.sun.enterprise.loader.CurrentBeforeParentClassLoader @21ba2445 wants to load class org.bouncycastle.asn1.cms.AttributeTable. A different class with the same name was previously loaded by org.glassfish.javaee.full.deployment.EarLibClassLoader @4c5a7857. (org.bouncycastle.asn1.cms.AttributeTable is in unnamed module of loader org.glassfish.javaee.full.deployment.EarLibClassLoader @4c5a7857, parent loader org.glassfish.internal.api.DelegatingClassLoader @628b4ed6)
We had such a problem while developing this ticket. I will put bcmail-jdk15on
(to avoid classloader confusion for classes of bcutil-jdk15on
) to the serverlibs in hope that solves the problem.
I will put
bcmail-jdk15on
(to avoid classloader confusion for classes ofbcutil-jdk15on
) to the serverlibs in hope that solves the problem.
Done with https://github.com/hzi-braunschweig/SORMAS-Project/commit/964827ff3f01d0c36a6413dc3194c274e200be89 , should fix classloading problem for bouncycastle classes.
I am reopening this issue due to the following behavior:
Actual behavior: An error appears stating that the type of document is not supported.
I can not provide any logs from the local machine as nothing is shown there when the error is reproduced.
There are currently no default file types defined that are allowed, that's why this feature is not working out-of-the-box. I'll provide a change to deliver the default behaviour.
For cases, contacts and travel entries the issue that was reported in my comment above seems to not be reproducible anymore.
However, for events the error is still reproducible so I am reopening the ticket - this is due to the fact that the template for an event handout is .html but that format was not included among the default ones described in the body of this ticket above.
A decision should be made - does html need to be included? Or should the event handout template example from the configurations directory need to be changed and updated to be in another format?
@StefanKock @razvancornita I have tagged you as you have both contributed to the ticket and thought that a solution would be reached sooner if you could discuss this.
Verified ticket on the local machine using the latest version of SORMAS from the development branch - 1.77.0-SNAPSHOT(0bd6842).
Changes made to sormas.properties to be able to configure which types of files I want to whitelist:
When testing the feature I stumbled about these stacktraces that are printed on DEBUG level (DEV instance on Windows). Tools that are not found: tesseract.exe, magick, exiftool, ffmpeg
It's probably not a problem, but could lead to annoying log output.
Problem Description
The application allows to upload files with almost any MIME types such as EXE, HTML, JavaScript and many others which could be executed on downloading systems in harmful ways.
Proposed Change
Refine
Should we use file endings or mime-types for the configuration? File endings seem easier, but are less powerful. -> file endings
Acceptance Criteria
Implementation Details
We decided to use file endings instead of mime types for the configuration, because it's a lot easier and more intuitive for users. This means that you have to check two things:
Additional Information
(https://github.com/hzi-braunschweig/SORMAS-Security/issues/46)