Summary

Fix the security checklist with super-locked-down webservers.

Review Request #5827 — Created May 14, 2014 and submitted May 16, 2014, 1:03 a.m.

Information

Owner

david

Repository

Review Board

Branch

release-2.0.x

Bugs

3341

Depends On

Commit

55afa2c...

Reviewers

Groups

reviewboard

People

Description

Some web server configurations prevent uploading of files with suspicious types
(like .cgi, .php, etc). In this case, the security checklist would throw a 500
because it would fail to even save the file, much less fetch it.

I've rearranged things a little bit to catch OSError exceptions when saving
files and remove them from the list of things that we then test/delete.

Testing Done

Manually caused one of the file types to throw an OSError and saw that the
security checks still passed.

Seems fine, but if we can't upload a certain file type, then technically, doesn't it pass as secure? Maybe we should just catch that we can't upload it and go "Yep, you're fine here!"

david May 14, 2014, 10:42 p.m.

That's what this does. If we couldn't upload it, it removes it from the list of extensions that gets checked later.

chipx86 May 16, 2014, 1:02 a.m.
```
Oh okay, I misunderstood.
```

Ship it!

```
Ship It!
```

Status: Closed (submitted)

Change Summary:

Pushed to release-2.0.x (2aab84a)