Skip to content

Commit

Permalink
Check MD5 sum on PUT submission
Browse files Browse the repository at this point in the history
  • Loading branch information
@zackgalbreath
zackgalbreath committed Dec 4, 2014
1 parent 1c7e572 commit 4e44463
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 42 deletions.
62 changes: 31 additions & 31 deletions cdash/do_submit.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ function post_submit()
{
include("models/buildfile.php");

// we expect a POST wit the following values
// We expect POST to contain the following values.
$vars = array('project','build','stamp','site','track','type','starttime','endtime','datafilesmd5');
foreach($vars as $var)
{
Expand Down Expand Up @@ -340,7 +340,8 @@ function post_submit()
function put_submit_file()
{
include("models/buildfile.php");
// we expect a GET wit the following values

// We expect GET to contain the following values:
$vars = array('buildid','type');
foreach($vars as $var)
{
Expand All @@ -353,6 +354,7 @@ function put_submit_file()
}
}

// Verify buildid.
if(!is_numeric($_GET['buildid']))
{
$response_array['status'] = 1;
Expand All @@ -361,6 +363,7 @@ function put_submit_file()
return;
}

// Abort early if we already have this file.
$buildfile = new BuildFile();
$buildfile->BuildId = $_GET['buildid'];
$buildfile->Type = htmlspecialchars(pdo_real_escape_string($_GET['type']));
Expand All @@ -374,11 +377,19 @@ function put_submit_file()
return;
}

// We are currently not checking the md5 and trusting the sender
// but we should add that in the future
// $md5sum = md5_file($filename);
// Get the ID of the project associated with this build.
$row = pdo_single_row_query(
"SELECT projectid FROM build WHERE id = $buildfile->BuildId");
if(empty($row))
{
$response_array['status'] = 1;
$response_array['description'] = "Cannot find projectid for build #$buildfile->BuildId";
echo json_encode($response_array);
return;
}
$projectid = $row[0];

// Write the file in the backup directory (same place as other submissions).
// Begin writing this file to the backup directory.
global $CDASH_BACKUP_DIRECTORY;
$uploadDir = $CDASH_BACKUP_DIRECTORY;
$filename = $uploadDir."/".$buildfile->md5;
Expand All @@ -390,46 +401,35 @@ function put_submit_file()
return;
}

// Read the input file
$bytes = 0;
$file_path='php://input';
$filehandler = fopen($file_path, 'r');
while(!feof($filehandler))
// Read the data 1 KB at a time and write to the file.
$putdata = fopen("php://input", "r");
while ($data = fread($putdata, 1024))
{
$content = fread($filehandler, 8192);
$bytes += strlen($content);
if (fwrite($handle, $content) === FALSE)
{
$response_array['status'] = 1;
$response_array['description'] = "Cannot write to file ($filename)";
echo json_encode($response_array);
return;
}
fwrite($handle, $data);
}
// Close the streams.
fclose($handle);
unset($handle);
fclose($filehandler);
unset($filehandler);
fclose($putdata);

// Get the ID of the project associated with this build.
$buildfile->BuildId = $_GET['buildid'];
$row = pdo_single_row_query(
"SELECT projectid FROM build WHERE id = $buildfile->BuildId");
if(empty($row))
// Check that the md5sum of the file matches what we were expecting.
$md5sum = md5_file($filename);
if($md5sum != $buildfile->md5)
{
$response_array['status'] = 1;
$response_array['description'] = "Cannot find projectid for build #$buildfile->BuildId";
$response_array['description'] =
"md5 mismatch. expected: $buildfile->md5, received: $md5sum";
unlink($filename);
$buildfile->Delete();
echo json_encode($response_array);
return;
}
$projectid = $row[0];

global $CDASH_ASYNCHRONOUS_SUBMISSION;
if($CDASH_ASYNCHRONOUS_SUBMISSION)
{
// Create a new entry in the submission table for this file.
$bytes = filesize($filename);
$now_utc = gmdate(FMT_DATETIMESTD);
$filename = $uploadDir."/$buildfile->md5";
pdo_query("INSERT INTO submission (filename,projectid,status,attempts,filesize,filemd5sum,created) ".
"VALUES ('$filename','$projectid','0','0','$bytes','$buildfile->md5','$now_utc')");
}
Expand Down
32 changes: 21 additions & 11 deletions models/buildfile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,19 +31,19 @@ function Insert()
echo "BuildFile::Insert(): BuildId not set<br>";
return false;
}

if(!$this->Type)
{
echo "BuildFile::Insert(): Type not set<br>";
return false;
}

if(!$this->md5)
{
echo "BuildFile::Insert(): md5 not set<br>";
return false;
}

if(!$this->Filename)
{
echo "BuildFile::Insert(): Filename not set<br>";
Expand All @@ -53,7 +53,7 @@ function Insert()
$filename = pdo_real_escape_string($this->Filename);
$type = pdo_real_escape_string($this->Type);
$md5 = pdo_real_escape_string($this->md5);

// Check if we already have a row
$query = "SELECT buildid FROM buildfile WHERE buildid=".qnum($this->BuildId)." AND md5='".$md5."'";
$query_result = pdo_query($query);
Expand All @@ -62,41 +62,51 @@ function Insert()
add_last_sql_error("BuildFile Insert",0,$this->BuildId);
return false;
}

if(pdo_num_rows($query_result)>0)
{
return false;
}

$query = "INSERT INTO buildfile (buildid,type,filename,md5)
VALUES (".qnum($this->BuildId).",'".$type."','".$filename."','".$md5."')";
if(!pdo_query($query))
{
add_last_sql_error("BuildFile Insert",0,$this->BuildId);
return false;
}

return true;
} // end insert

function MD5Exists()
{
$md5 = pdo_real_escape_string($this->md5);

$query = "SELECT buildid FROM buildfile WHERE md5='".$md5."'";
$query_result = pdo_query($query);
if(!$query_result)
{
add_last_sql_error("BuildFile MD5Exists",0,$md5);
return false;
}

if(pdo_num_rows($query_result)==0)
{
return false;
}
return true;
} // end MD5Exists


/** Delete this BuildFile */
function Delete()
{
if(!$this->BuildId || !$this->md5)
{
return false;
}
pdo_query("DELETE FROM buildfile WHERE buildid=$this->BuildId AND md5='$this->md5'");
}

}
?>

0 comments on commit 4e44463

Please sign in to comment.