From 226a60b644f480b7b5e407f8a3efc7a7aebb5424 Mon Sep 17 00:00:00 2001 From: To-om Date: Mon, 24 Jan 2022 15:12:41 +0100 Subject: [PATCH] #2305 Ensure file is closed --- ScalliGraph | 2 +- .../thehive/controllers/v0/AttachmentCtrl.scala | 16 +++++++++++----- .../org/thp/thehive/services/AttachmentSrv.scala | 5 ++++- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/ScalliGraph b/ScalliGraph index 2183465ee8..c3d33716ee 160000 --- a/ScalliGraph +++ b/ScalliGraph @@ -1 +1 @@ -Subproject commit 2183465ee81f5fe41e2eb1fc2181b4d708986a6b +Subproject commit c3d33716ee1cf98f17310a21aefac70b99fd4c7b diff --git a/thehive/app/org/thp/thehive/controllers/v0/AttachmentCtrl.scala b/thehive/app/org/thp/thehive/controllers/v0/AttachmentCtrl.scala index 506c3e71c0..e3b7ef0da4 100644 --- a/thehive/app/org/thp/thehive/controllers/v0/AttachmentCtrl.scala +++ b/thehive/app/org/thp/thehive/controllers/v0/AttachmentCtrl.scala @@ -17,6 +17,7 @@ import play.api.mvc._ import java.nio.file.Files import javax.inject.{Inject, Singleton} +import scala.concurrent.ExecutionContext import scala.util.{Failure, Try} @Singleton @@ -24,7 +25,8 @@ class AttachmentCtrl @Inject() ( entrypoint: Entrypoint, appConfig: ApplicationConfig, attachmentSrv: AttachmentSrv, - db: Database + db: Database, + ec: ExecutionContext ) { val forbiddenChar: Seq[Char] = Seq('/', '\n', '\r', '\t', '\u0000', '\f', '`', '?', '*', '\\', '<', '>', '|', '\"', ':', ';') @@ -76,8 +78,12 @@ class AttachmentCtrl @Inject() ( zipParams.setEncryptionMethod(EncryptionMethod.ZIP_STANDARD) zipParams.setFileNameInZip(filename) // zipParams.setSourceExternalStream(true) - zipFile.addStream(attachmentSrv.stream(attachment), zipParams) - + val is = attachmentSrv.stream(attachment) + try zipFile.addStream(is, zipParams) + finally is.close() + val source = FileIO.fromPath(f).mapMaterializedValue { fut => + fut.andThen { case _ => Files.delete(f) }(ec) + } Result( header = ResponseHeader( 200, @@ -88,8 +94,8 @@ class AttachmentCtrl @Inject() ( "Content-Length" -> Files.size(f).toString ) ), - body = HttpEntity.Streamed(FileIO.fromPath(f), Some(Files.size(f)), Some("application/zip")) - ) // FIXME remove temporary file (but when ?) + body = HttpEntity.Streamed(source, Some(Files.size(f)), Some("application/zip")) + ) } } .recoverWith { diff --git a/thehive/app/org/thp/thehive/services/AttachmentSrv.scala b/thehive/app/org/thp/thehive/services/AttachmentSrv.scala index 4bb209f105..bf6d1688e0 100644 --- a/thehive/app/org/thp/thehive/services/AttachmentSrv.scala +++ b/thehive/app/org/thp/thehive/services/AttachmentSrv.scala @@ -65,7 +65,10 @@ class AttachmentSrv @Inject() (configuration: Configuration, storageSrv: Storage case Some(a) => (a.size, a.hashes) case None => val s = storageSrv.getSize("attachment", attachmentId).getOrElse(throw NotFoundError(s"Attachment $attachmentId not found")) - val hs = hashers.fromInputStream(storageSrv.loadBinary("attachment", attachmentId)) + val is = storageSrv.loadBinary("attachment", attachmentId) + val hs = + try hashers.fromInputStream(is) + finally is.close() (s, hs) } createEntity(Attachment(filename, size, contentType, hashes, attachmentId))