Merge pull request #722 from guardicore/snyk-upgrade-bb05e006ee678bf67c3eb4c3c10b3cdf

[Snyk] Upgrade filepond from 4.13.5 to 4.18.0
2020-07-20 16:29:09 +03:00 · 2020-07-20 16:29:09 +03:00 · 55a46baced
parent b0251fb180 0a1d7174c5
commit 55a46baced
5 changed files with 15 additions and 12 deletions
--- a/monkey/monkey_island/cc/resources/pba_file_download.py
+++ b/monkey/monkey_island/cc/resources/pba_file_download.py
@ -1,7 +1,7 @@
 import flask_restful
 from flask import send_from_directory
-from monkey_island.cc.resources.pba_file_upload import GET_FILE_DIR
+from monkey_island.cc.services.post_breach_files import UPLOADS_DIR
 __author__ = 'VakarisZ'
@ -13,4 +13,4 @@ class PBAFileDownload(flask_restful.Resource):
    # Used by monkey. can't secure.
    def get(self, path):
-        return send_from_directory(GET_FILE_DIR, path)
+        return send_from_directory(UPLOADS_DIR, path)
--- a/monkey/monkey_island/cc/resources/pba_file_upload.py
+++ b/monkey/monkey_island/cc/resources/pba_file_upload.py
@ -14,7 +14,6 @@ from monkey_island.cc.services.post_breach_files import (
 __author__ = 'VakarisZ'
 LOG = logging.getLogger(__name__)
 GET_FILE_DIR = "./userUploads"
 # Front end uses these strings to identify which files to work with (linux of windows)
 LINUX_PBA_TYPE = 'PBAlinux'
 WINDOWS_PBA_TYPE = 'PBAwindows'
@ -24,6 +23,9 @@ class FileUpload(flask_restful.Resource):
    """
    File upload endpoint used to exchange files with filepond component on the front-end
    """
    def __init__(self):
        # Create all directories on the way if they don't exist
        UPLOADS_DIR.mkdir(parents=True, exist_ok=True)
    @jwt_required()
    def get(self, file_type):
@ -37,7 +39,7 @@ class FileUpload(flask_restful.Resource):
            filename = ConfigService.get_config_value(copy.deepcopy(PBA_LINUX_FILENAME_PATH))
        else:
            filename = ConfigService.get_config_value(copy.deepcopy(PBA_WINDOWS_FILENAME_PATH))
-        return send_from_directory(GET_FILE_DIR, filename)
+        return send_from_directory(UPLOADS_DIR, filename)
    @jwt_required()
    def post(self, file_type):
@ -62,7 +64,7 @@ class FileUpload(flask_restful.Resource):
        """
        filename_path = PBA_LINUX_FILENAME_PATH if file_type == 'PBAlinux' else PBA_WINDOWS_FILENAME_PATH
        filename = ConfigService.get_config_value(filename_path)
-        file_path = os.path.join(UPLOADS_DIR, filename)
+        file_path = UPLOADS_DIR.joinpath(filename)
        try:
            if os.path.exists(file_path):
                os.remove(file_path)
@ -81,7 +83,7 @@ class FileUpload(flask_restful.Resource):
        :return: filename string
        """
        filename = secure_filename(request_.files['filepond'].filename)
-        file_path = os.path.join(UPLOADS_DIR, filename)
+        file_path = UPLOADS_DIR.joinpath(filename).absolute()
-        request_.files['filepond'].save(file_path)
+        request_.files['filepond'].save(str(file_path))
        ConfigService.set_config_value((PBA_LINUX_FILENAME_PATH if is_linux else PBA_WINDOWS_FILENAME_PATH), filename)
        return filename
--- a/monkey/monkey_island/cc/services/post_breach_files.py
+++ b/monkey/monkey_island/cc/services/post_breach_files.py
@ -1,5 +1,6 @@
 import logging
 import os
 from pathlib import Path
 import monkey_island.cc.services.config
@ -10,7 +11,7 @@ logger = logging.getLogger(__name__)
 # Where to find file names in config
 PBA_WINDOWS_FILENAME_PATH = ['monkey', 'behaviour', 'PBA_windows_filename']
 PBA_LINUX_FILENAME_PATH = ['monkey', 'behaviour', 'PBA_linux_filename']
-UPLOADS_DIR = 'monkey_island/cc/userUploads'
+UPLOADS_DIR = Path('monkey_island', 'cc', 'userUploads')
 def remove_PBA_files():
--- a/monkey/monkey_island/cc/ui/package-lock.json
+++ b/monkey/monkey_island/cc/ui/package-lock.json
@ -6017,9 +6017,9 @@
      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw=="
    },
    "filepond": {
-      "version": "4.13.5",
+      "version": "4.18.0",
-      "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.13.5.tgz",
+      "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.18.0.tgz",
-      "integrity": "sha512-WZi8kMGZNh6hH6qsUdvCQcQOF5uPaTV1PdPC4PiAZauRyepDxtAnkK4OHRW+UXIkA2CW2IdHFrqlKvDR4Dk24A=="
+      "integrity": "sha512-lIRv27uYU0DQjUNa0G+aGsdmkhxdEzk9k2gbOsWLQdO+4u6FGNPjA1lUfy5vkF4ifx2GEeO1X+xP6Kqyb6tWaw=="
    },
    "fill-range": {
      "version": "4.0.0",
--- a/monkey/monkey_island/cc/ui/package.json
+++ b/monkey/monkey_island/cc/ui/package.json
@ -73,7 +73,7 @@
    "downloadjs": "^1.4.7",
    "fetch": "^1.1.0",
    "file-saver": "^2.0.2",
-    "filepond": "^4.7.3",
+    "filepond": "^4.18.0",
    "jwt-decode": "^2.2.0",
    "marked": "^0.8.2",
    "normalize.css": "^8.0.0",