search

freedomofpress / dangerzone

Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs
https://dangerzone.rocks/
GNU Affero General Public License v3.0
3.36k stars 153 forks source link

Time Out #754

Closed zyberzebra closed 3 months ago

zyberzebra commented 3 months ago

image

apyrgio commented 3 months ago

Probably similar to https://github.com/freedomofpress/dangerzone/issues/749. I see that your OS is Windows, which means that this problem is not contained to Fedora 39 Silverblue, as we originally assumed. We need to debug further.

Out of curiosity, does this happen with every file that you try to sanitize?

zyberzebra commented 3 months ago

Yes. You need some errorlogs?

apyrgio commented 3 months ago

Dang. Even with very simple ones, like this: https://github.com/freedomofpress/dangerzone/raw/main/tests/test_docs/sample-doc.doc?

You need some errorlogs?

Sure, if you can run dangerzone-cli in Windows, and copy its output, that would help. You should be able to find it under "Program files" -> "Dangerzone".

zyberzebra commented 3 months ago

The Simple one worked: 

[doc x0jORC] 0% Converting page 1/3 to pixels
[doc x0jORC] 16% Converting page 2/3 to pixels
[doc x0jORC] 32% Converting page 3/3 to pixels
[doc x0jORC] 49% Converted document to pixels
> 'C:\Program Files\Docker\Docker\resources\bin\docker.EXE' run --network none -u dangerzone --security-opt=no-new-privileges:true --cap-drop all --rm -i -v 'C:\Users\user\AppData\Local\Temp\tmppf1tmu4d:/safezone:Z' -e OCR=0 -e OCR_LANGUAGE=None dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.pixels_to_pdf
[doc x0jORC] 50% Converting page 1/3 from pixels to PDF
[doc x0jORC] 65% Converting page 2/3 from pixels to PDF
[doc x0jORC] 80% Converting page 3/3 from pixels to PDF
[doc x0jORC] 100% Safe PDF created

Safe PDF(s) created successfully

Thats the output on my pdf

[doc i1G6FA] 49% Converted document to pixels
ERROR An exception occurred while converting document 'i1G6FA'
Traceback (most recent call last):
  File "C:\Users\dz\dangerzone\dangerzone\isolation_provider\base.py", line 76, in convert
  File "C:\Users\dz\AppData\Local\Programs\Python\Python311\Lib\subprocess.py", line 1264, in wait
  File "C:\Users\dz\AppData\Local\Programs\Python\Python311\Lib\subprocess.py", line 1591, in _wait
subprocess.TimeoutExpired: Command '['C:\\Program Files\\Docker\\Docker\\resources\\bin\\docker.EXE', 'run', '--network', 'none', '-u', 'dangerzone', '--security-opt=no-new-privileges:true', '--cap-drop', 'all', '--rm', '-i', 'dangerzone.rocks/dangerzone', '/usr/bin/python3', '-m', 'dangerzone.conversion.doc_to_pixels']' timed out after 3 seconds
ERROR [doc i1G6FA] 0% Command '['C:\\Program Files\\Docker\\Docker\\resources\\bin\\docker.EXE', 'run', '--network', 'none', '-u', 'dangerzone', '--security-opt=no-new-privileges:true', '--cap-drop', 'all', '--rm', '-i', 'dangerzone.rocks/dangerzone', '/usr/bin/python3', '-m', 'dangerzone.conversion.doc_to_pixels']' timed out after 3 seconds

Failed to convert document(s)
banerian commented 3 months ago

i have had this problem, and by editing dangerzone/isolation_provider/base.py

line 76 conversion_proc.wait(3) to '10' conversion worked. I guess I should submit a MR to make this timeout something in settings?

apyrgio commented 3 months ago

@banerian Thanks a lot for this extra info. This shows that whatever is blocking the container from quitting, does not stay on indefinitely. However, the proper fix here is to find out what's the blocker in the first place. Waiting for an arbitrary number of seconds during each conversion will not cut it, I'm afraid.

I have some questions, if you have some time:

  1. What is your OS and Dangerzone version?
  2. Can you convert a simple document with no errors, or does that fail as well?
  3. Can you give us any specifics about the documents that you are converting and you hit this error?
    • Think document type (.pdf, .doc, etc.), number of pages, if they come from a particular source, etc.
    • Even better, if you can share a :warning: non-sensitive :warning: document with us that triggers this error, that would be amazing. You can hit me up at alex.p@freedom.press, if you don't want to share something publicly.

  4. Since you can edit the Dangerzone source, could you make the following change in the dangerzone/isolation_provider/container.py file, run dangerzone-cli, and send us its output?

      diff --git a/dangerzone/isolation_provider/container.py b/dangerzone/isolation_provider/container.py
  index cbadcc3..6553677 100644
  --- a/dangerzone/isolation_provider/container.py
  +++ b/dangerzone/isolation_provider/container.py
  @@ -165,7 +165,7 @@ class Container(IsolationProvider):
               args,
               stdin=subprocess.PIPE,
               stdout=subprocess.PIPE,
  -            stderr=self.proc_stderr,
  +            #stderr=self.proc_stderr,
               startupinfo=startupinfo,
           )

(the above applies to anyone affected by this issue, thanks in advance)

apyrgio commented 3 months ago

Actually, I'll ping you in another issue (https://github.com/freedomofpress/dangerzone/issues/749#issuecomment-2028074500), since this is one is a duplicate, and we can continue the discussion there.