Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Files with identical base names cause storage file collision #210

Open
tunecrew opened this issue Apr 11, 2022 · 5 comments
Open

Files with identical base names cause storage file collision #210

tunecrew opened this issue Apr 11, 2022 · 5 comments
Assignees
@codingjoe
Labels
bug

Comments

@tunecrew
Copy link

Uncovered an interesting behaviour/bug? when uploading multiple files that have the same filename. Behaves as follows:

  • From a file upload form with multiple set to True select 2 or more files with the same exact file name (this is possible on MacOs at least if the files are in different folders, but the file chooser modal is set to a parent folder of these folders - see screenshot for example).
  • Only one of the files is actually uploaded to the tmp folder.
  • If you select n different files, then n copies of the single uploaded file are copied from the tmp folder to their final destination, so instead of n different files with the same name, you end up with n copies of just one of the files.

I haven't dug in deeper yet.

Screenshot 2022-04-10 at 8 59 47 PM

Screenshot 2022-04-10 at 9 00 50 PM
@codingjoe codingjoe self-assigned this Apr 11, 2022
@codingjoe codingjoe added the bug label Apr 11, 2022
@codingjoe
Copy link
Owner

Hi @tunecrew,

Thank you for reaching out. I am curious, is that happening on S3 or in local development? If it's happening on S3, is you DEBUG setting on or off?

Meanwhile, I will try reproducing this.

Best Joe

@codingjoe codingjoe changed the title Unexpected behaviour when uploading multiple files with same name File name collision with files with identical base name Apr 11, 2022
@codingjoe codingjoe changed the title File name collision with files with identical base name Files with identical base names cause storage file collision Apr 11, 2022
@codingjoe
Copy link
Owner

Hm… so, I did some investigation. HTTP allows multiple files with the same name in a single request. However, since we don't rename files, this approach does not work currently. We'd need to introduce subfolders for each file, to mitigate this issue.

I will work on this, since I found something related to this, that also needs my attention.

@tunecrew
Copy link
Author

Hi - it happens locally (haven't tried it in production yet) - but my local dev environment is dockerised and uses Minio for S3, so I think the behaviour should mimic a production environment.

A couple thoughts based on your response:

  • Interesting that it is copying the same file n times to the final destination.
  • Could this be fixed by adding a suffix (timestamp random) to each filename as it is saved to tmp - that way each folder would still represent the logical grouping of a single upload user action.

@codingjoe
Copy link
Owner

Hi @tunecrew, I never took the time to properly thank you. Your bug report helped uncover a pretty substantial security bug. I credited you in the CVE, so you've probably seen it. Still, thank you again for. That was really helpful. However, I believe the patch did not solve your particular issue. Did you happen to make any progress on this meanwhile, or do you want me to have a got at it? Cheers, Joe

@tunecrew
Copy link
Author

You're very welcome! I haven't revisited it in a bit as I got sidetracked on another project, but I will be back on it this fall so I'll let you know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codingjoe codingjoe

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codingjoe @tunecrew