[APP-7307]: Remove logo file path manipulation in CLI for OrganizationSetLogo. #4651

maxhorowitz · 2024-12-20T18:03:43Z

https://viam.atlassian.net/browse/APP-7307

…side handler anyway).

maxhorowitz · 2024-12-20T18:07:27Z

Validated it works:

maxhorowitz at stingray in ~/dev/rdk on APP-7307 [$]
$ go run cli/viam/main.go organization logo set --org-id="********" --logo-path="../../Desktop/jeep.png"
Error: Logo file is too large: 217947 bytes (max size is 200KB)
exit status 1

jr22 · 2024-12-20T18:10:54Z

cli/client.go

@@ -345,15 +344,7 @@ func (c *viamClient) organizationLogoSetAction(cCtx *cli.Context, orgID, logoFil
 	if err := c.ensureLoggedIn(); err != nil {
 		return err
 	}
-
-	// determine whether this is a valid file path on the local system
-	logoFilePath = strings.ToLower(filepath.Clean(logoFilePath))


can we keep the filepath.Clean?

jr22 · 2024-12-20T18:11:06Z

cli/client.go

-	}
-
-	logoFile, err := os.Open(logoFilePath)
+	logoFile, err := os.Open(logoFilePath) //nolint:gosec


what is the linter complaining about for security

If I add filepath.Clean maybe it won't be necessary - but yeah really didn't know what / why needed

jr22 · 2024-12-20T18:11:25Z

cli/client.go

-	if len(logoFilePath) < 5 || logoFilePath[len(logoFilePath)-4:] != ".png" {
-		return errors.Errorf("%s is not a valid .png file path", logoFilePath)


why remove? because it might be a png but not have png ending?

we do this checking server side so agree we dont necessarily need it here

Duplicated validation thats not as thorough as what we have in the BE because of that reason

Remove string manipulation/validation from CLI (is covered in server-…

b91083e

…side handler anyway).

maxhorowitz requested a review from a team as a code owner December 20, 2024 18:03

maxhorowitz requested review from purplenicole730 and lia-viam December 20, 2024 18:03

viambot added the safe to test This pull request is marked safe to test from a trusted zone label Dec 20, 2024

maxhorowitz requested a review from jr22 December 20, 2024 18:07

jr22 reviewed Dec 20, 2024

View reviewed changes

Add back filepath.Clean() to client validation.

e516383

viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 20, 2024

maxhorowitz requested a review from jr22 December 20, 2024 18:16

jr22 approved these changes Dec 20, 2024

View reviewed changes

njooma approved these changes Dec 20, 2024

View reviewed changes

maxhorowitz merged commit 5d987fd into viamrobotics:main Dec 22, 2024
16 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[APP-7307]: Remove logo file path manipulation in CLI for OrganizationSetLogo. #4651

[APP-7307]: Remove logo file path manipulation in CLI for OrganizationSetLogo. #4651

maxhorowitz commented Dec 20, 2024

maxhorowitz commented Dec 20, 2024

jr22 Dec 20, 2024

maxhorowitz Dec 20, 2024

jr22 Dec 20, 2024

maxhorowitz Dec 20, 2024

jr22 Dec 20, 2024

jr22 Dec 20, 2024

maxhorowitz Dec 20, 2024

		if len(logoFilePath) < 5 \|\| logoFilePath[len(logoFilePath)-4:] != ".png" {
		return errors.Errorf("%s is not a valid .png file path", logoFilePath)

[APP-7307]: Remove logo file path manipulation in CLI for OrganizationSetLogo. #4651

[APP-7307]: Remove logo file path manipulation in CLI for OrganizationSetLogo. #4651

Conversation

maxhorowitz commented Dec 20, 2024

maxhorowitz commented Dec 20, 2024

jr22 Dec 20, 2024

Choose a reason for hiding this comment

maxhorowitz Dec 20, 2024

Choose a reason for hiding this comment

jr22 Dec 20, 2024

Choose a reason for hiding this comment

maxhorowitz Dec 20, 2024

Choose a reason for hiding this comment

jr22 Dec 20, 2024

Choose a reason for hiding this comment

jr22 Dec 20, 2024

Choose a reason for hiding this comment

maxhorowitz Dec 20, 2024

Choose a reason for hiding this comment