[Quality] DRY: Tempdir-Validation und Extension-Listen zentralisieren #26

New Issue

Closed

opened 2026-05-27 12:21:06 +02:00 by ferdi2go · 1 comment

ferdi2go commented 2026-05-27 12:21:06 +02:00

Owner

Copy Link

Copy Source

Problem

server.py enthaelt 6x dieselbe tempdir-Pfad-Validation:

• Zeile 144, 179, 229, 333, 458, 518, 529

Extension-Whitelists sind doppelt:

• UPLOAD_ALLOWED_EXTENSIONS (Z.136), _HEIC_EXTS (Z.137), PREVIEW_ALLOWED_EXTENSIONS (Z.222 ff.)

Fix

def validate_temp_path(path: str) -> str:
    abs_p = os.path.abspath(path)
    if not abs_p.startswith(tempfile.gettempdir()) or not os.path.isdir(abs_p):
        raise HTTPException(403, "Zugriff nicht erlaubt")
    return abs_p

IMAGE_FORMATS = {
    "upload": {".jpg", ".jpeg", ".png", ".webp", ".heic", ".heif"},
    "preview": {".jpg", ".jpeg", ".png", ".webp"},
}

## Problem `server.py` enthaelt 6x dieselbe tempdir-Pfad-Validation: - Zeile 144, 179, 229, 333, 458, 518, 529 Extension-Whitelists sind doppelt: - `UPLOAD_ALLOWED_EXTENSIONS` (Z.136), `_HEIC_EXTS` (Z.137), `PREVIEW_ALLOWED_EXTENSIONS` (Z.222 ff.) ## Fix ```python def validate_temp_path(path: str) -> str: abs_p = os.path.abspath(path) if not abs_p.startswith(tempfile.gettempdir()) or not os.path.isdir(abs_p): raise HTTPException(403, "Zugriff nicht erlaubt") return abs_p IMAGE_FORMATS = { "upload": {".jpg", ".jpeg", ".png", ".webp", ".heic", ".heif"}, "preview": {".jpg", ".jpeg", ".png", ".webp"}, } ```

ferdi2go added the maintenancepriority: low labels 2026-05-27 12:21:06 +02:00

ferdi2go commented 2026-05-27 13:58:09 +02:00

Author

Owner

Copy Link

Copy Source

Fix umgesetzt in server.py:

Zentrale Extension-Listen

IMAGE_FORMATS = {
    "upload":  {".jpg", ".jpeg", ".png", ".webp", ".heic", ".heif"},
    "heic":    {".heic", ".heif"},
    "preview": {".jpg", ".jpeg", ".png", ".webp"},
}

UPLOAD_ALLOWED_EXTENSIONS, _HEIC_EXTS, PREVIEW_ALLOWED_EXTENSIONS zeigen jetzt alle auf den Dict (Single Source of Truth).

Tempdir-Validation-Helper

def _require_tempdir_path(path: str, must_be: str) -> str:
    abs_p = os.path.abspath(path)
    if not abs_p.startswith(tempfile.gettempdir()):
        raise HTTPException(403, "Zugriff nicht erlaubt")
    if must_be == "dir" and not os.path.isdir(abs_p):
        raise HTTPException(404, "Ordner nicht gefunden")
    if must_be == "file" and not os.path.isfile(abs_p):
        raise HTTPException(404, "Datei nicht gefunden")
    return abs_p

Verwendet jetzt in /download, /preview, /thumb, /uploads-DELETE, /move, /export, /exif, /detect-angle.

Status: Vorher 9 dupliziete Tempdir-Checks (Z.179, 229, 333, 458, 518, 529, 541, 715, 732). Nachher: 1 (im Helper).

Nebeneffekt (positiv): not-found-Verzeichnisse innerhalb tempdir geben jetzt 404 statt 403 - das ist genau, was #27 fordert.

Nicht angefasst: Z.218 und Z.709 sind opt-in-Logik (waehle existierenden Ordner falls er passt, sonst Default), kein 403-Validation - eigener Pattern.

Fix umgesetzt in `server.py`: **Zentrale Extension-Listen** ```python IMAGE_FORMATS = { "upload": {".jpg", ".jpeg", ".png", ".webp", ".heic", ".heif"}, "heic": {".heic", ".heif"}, "preview": {".jpg", ".jpeg", ".png", ".webp"}, } ``` `UPLOAD_ALLOWED_EXTENSIONS`, `_HEIC_EXTS`, `PREVIEW_ALLOWED_EXTENSIONS` zeigen jetzt alle auf den Dict (Single Source of Truth). **Tempdir-Validation-Helper** ```python def _require_tempdir_path(path: str, must_be: str) -> str: abs_p = os.path.abspath(path) if not abs_p.startswith(tempfile.gettempdir()): raise HTTPException(403, "Zugriff nicht erlaubt") if must_be == "dir" and not os.path.isdir(abs_p): raise HTTPException(404, "Ordner nicht gefunden") if must_be == "file" and not os.path.isfile(abs_p): raise HTTPException(404, "Datei nicht gefunden") return abs_p ``` Verwendet jetzt in `/download`, `/preview`, `/thumb`, `/uploads`-DELETE, `/move`, `/export`, `/exif`, `/detect-angle`. **Status:** Vorher 9 dupliziete Tempdir-Checks (Z.179, 229, 333, 458, 518, 529, 541, 715, 732). Nachher: 1 (im Helper). **Nebeneffekt** (positiv): not-found-Verzeichnisse innerhalb tempdir geben jetzt 404 statt 403 - das ist genau, was #27 fordert. Nicht angefasst: Z.218 und Z.709 sind opt-in-Logik (waehle existierenden Ordner _falls_ er passt, sonst Default), kein 403-Validation - eigener Pattern.

ferdi2go closed this issue 2026-05-27 13:58:09 +02:00

ferdi2go referenced this issue 2026-05-27 14:01:27 +02:00

[Quality] HTTP-Status-Codes vereinheitlichen + Job-Dict typisieren #27

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

bug

maintenance

priority: high

priority: low

priority: medium

security

ux

No Label maintenance priority: low

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

ferdi2go

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: ferdi2go/OnlyFrames#26