Merge pull request #722 from guardicore/snyk-upgrade-bb05e006ee678bf6…

…7c3eb4c3c10b3cdf [Snyk] Upgrade filepond from 4.13.5 to 4.18.0
guardicore · Jul 20, 2020 · 55a46ba · 55a46ba
2 parents b0251fb + 0a1d717
commit 55a46ba
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 12 deletions.
diff --git a/monkey/monkey_island/cc/resources/pba_file_download.py b/monkey/monkey_island/cc/resources/pba_file_download.py
@@ -1,7 +1,7 @@
 import flask_restful
 from flask import send_from_directory
 
-from monkey_island.cc.resources.pba_file_upload import GET_FILE_DIR
+from monkey_island.cc.services.post_breach_files import UPLOADS_DIR
 
 __author__ = 'VakarisZ'
 
@@ -13,4 +13,4 @@ class PBAFileDownload(flask_restful.Resource):
 
     # Used by monkey. can't secure.
     def get(self, path):
-        return send_from_directory(GET_FILE_DIR, path)
+        return send_from_directory(UPLOADS_DIR, path)
diff --git a/monkey/monkey_island/cc/resources/pba_file_upload.py b/monkey/monkey_island/cc/resources/pba_file_upload.py
@@ -14,7 +14,6 @@
 __author__ = 'VakarisZ'
 
 LOG = logging.getLogger(__name__)
-GET_FILE_DIR = "./userUploads"
 # Front end uses these strings to identify which files to work with (linux of windows)
 LINUX_PBA_TYPE = 'PBAlinux'
 WINDOWS_PBA_TYPE = 'PBAwindows'
@@ -24,6 +23,9 @@ class FileUpload(flask_restful.Resource):
     """
     File upload endpoint used to exchange files with filepond component on the front-end
     """
+    def __init__(self):
+        # Create all directories on the way if they don't exist
+        UPLOADS_DIR.mkdir(parents=True, exist_ok=True)
 
     @jwt_required()
     def get(self, file_type):
@@ -37,7 +39,7 @@ def get(self, file_type):
             filename = ConfigService.get_config_value(copy.deepcopy(PBA_LINUX_FILENAME_PATH))
         else:
             filename = ConfigService.get_config_value(copy.deepcopy(PBA_WINDOWS_FILENAME_PATH))
-        return send_from_directory(GET_FILE_DIR, filename)
+        return send_from_directory(UPLOADS_DIR, filename)
 
     @jwt_required()
     def post(self, file_type):
@@ -62,7 +64,7 @@ def delete(self, file_type):
         """
         filename_path = PBA_LINUX_FILENAME_PATH if file_type == 'PBAlinux' else PBA_WINDOWS_FILENAME_PATH
         filename = ConfigService.get_config_value(filename_path)
-        file_path = os.path.join(UPLOADS_DIR, filename)
+        file_path = UPLOADS_DIR.joinpath(filename)
         try:
             if os.path.exists(file_path):
                 os.remove(file_path)
@@ -81,7 +83,7 @@ def upload_pba_file(request_, is_linux=True):
         :return: filename string
         """
         filename = secure_filename(request_.files['filepond'].filename)
-        file_path = os.path.join(UPLOADS_DIR, filename)
-        request_.files['filepond'].save(file_path)
+        file_path = UPLOADS_DIR.joinpath(filename).absolute()
+        request_.files['filepond'].save(str(file_path))
         ConfigService.set_config_value((PBA_LINUX_FILENAME_PATH if is_linux else PBA_WINDOWS_FILENAME_PATH), filename)
         return filename
diff --git a/monkey/monkey_island/cc/services/post_breach_files.py b/monkey/monkey_island/cc/services/post_breach_files.py
@@ -1,5 +1,6 @@
 import logging
 import os
+from pathlib import Path
 
 import monkey_island.cc.services.config
 
@@ -10,7 +11,7 @@
 # Where to find file names in config
 PBA_WINDOWS_FILENAME_PATH = ['monkey', 'behaviour', 'PBA_windows_filename']
 PBA_LINUX_FILENAME_PATH = ['monkey', 'behaviour', 'PBA_linux_filename']
-UPLOADS_DIR = 'monkey_island/cc/userUploads'
+UPLOADS_DIR = Path('monkey_island', 'cc', 'userUploads')
 
 
 def remove_PBA_files():

diff --git a/monkey/monkey_island/cc/ui/package-lock.json b/monkey/monkey_island/cc/ui/package-lock.json
diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json
@@ -73,7 +73,7 @@
     "downloadjs": "^1.4.7",
     "fetch": "^1.1.0",
     "file-saver": "^2.0.2",
-    "filepond": "^4.7.3",
+    "filepond": "^4.18.0",
     "jwt-decode": "^2.2.0",
     "marked": "^0.8.2",
     "normalize.css": "^8.0.0",