Test updated logger on clsi

Merge pull request #182 from overleaf/msm-fix-npe-community-edition
Fixed NPE when Settings.clsi is defined but Settings.clsi.docker is not
2020-07-24 14:22:48 +01:00 · 2020-07-15 11:01:08 +02:00 · 2020-07-15 10:58:36 +02:00 · 2020-07-15 10:57:46 +02:00 · 2020-07-15 10:57:34 +02:00 · 2020-07-03 12:58:25 +02:00
15 changed files with 576 additions and 55 deletions
--- a/app/js/CompileController.js
+++ b/app/js/CompileController.js
@@ -218,6 +218,15 @@ module.exports = CompileController = {
    const { project_id } = req.params
    const { user_id } = req.params
    const { image } = req.query
+    if (
+      image &&
+      Settings.clsi &&
+      Settings.clsi.docker &&
+      Settings.clsi.docker.allowedImages &&
+      !Settings.clsi.docker.allowedImages.includes(image)
+    ) {
+      return res.status(400).send('invalid image')
+    }
    logger.log({ image, file, project_id }, 'word count request')

    return CompileManager.wordcount(project_id, user_id, file, image, function(
--- a/app/js/CompileManager.js
+++ b/app/js/CompileManager.js
@@ -520,7 +520,9 @@ module.exports = CompileManager = {
        compileName,
        command,
        directory,
-        Settings.clsi != null ? Settings.clsi.docker.image : undefined,
+        Settings.clsi && Settings.clsi.docker
+          ? Settings.clsi.docker.image
+          : undefined,
        timeout,
        {},
        compileGroup,
--- a/app/js/DockerRunner.js
+++ b/app/js/DockerRunner.js
@@ -86,6 +86,13 @@ module.exports = DockerRunner = {
      ;({ image } = Settings.clsi.docker)
    }

+    if (
+      Settings.clsi.docker.allowedImages &&
+      !Settings.clsi.docker.allowedImages.includes(image)
+    ) {
+      return callback(new Error('image not allowed'))
+    }
+
    if (Settings.texliveImageNameOveride != null) {
      const img = image.split('/')
      image = `${Settings.texliveImageNameOveride}/${img[2]}`
--- a/app/js/LocalCommandRunner.js
+++ b/app/js/LocalCommandRunner.js
@@ -15,6 +15,7 @@
 */
 let CommandRunner
 const { spawn } = require('child_process')
+const _ = require('underscore')
 const logger = require('logger-sharelatex')

 logger.info('using standard command runner')
@@ -33,6 +34,8 @@ module.exports = CommandRunner = {
    let key, value
    if (callback == null) {
      callback = function(error) {}
+    } else {
+      callback = _.once(callback)
    }
    command = Array.from(command).map(arg =>
      arg.toString().replace('$COMPILE_DIR', directory)
--- a/app/js/RequestParser.js
+++ b/app/js/RequestParser.js
@@ -61,7 +61,13 @@ module.exports = RequestParser = {
      response.imageName = this._parseAttribute(
        'imageName',
        compile.options.imageName,
-        { type: 'string' }
+        {
+          type: 'string',
+          validValues:
+            settings.clsi &&
+            settings.clsi.docker &&
+            settings.clsi.docker.allowedImages
+        }
      )
      response.draft = this._parseAttribute('draft', compile.options.draft, {
        default: false,
--- a/config/settings.defaults.js
+++ b/config/settings.defaults.js
@@ -129,6 +129,17 @@ if (process.env.DOCKER_RUNNER) {
    process.exit(1)
  }

+  if (process.env.ALLOWED_IMAGES) {
+    try {
+      module.exports.clsi.docker.allowedImages = process.env.ALLOWED_IMAGES.split(
+        ' '
+      )
+    } catch (error) {
+      console.error(error, 'could not apply allowed images setting')
+      process.exit(1)
+    }
+  }
+
  module.exports.path.synctexBaseDir = () => '/compile'

  module.exports.path.sandboxedCompilesHostDir = process.env.COMPILES_HOST_DIR
--- a/docker-compose-config.yml
+++ b/docker-compose-config.yml
@@ -3,6 +3,7 @@ version: "2.3"
 services:
  dev:
    environment:
+      ALLOWED_IMAGES: "quay.io/sharelatex/texlive-full:2017.1"
      TEXLIVE_IMAGE: quay.io/sharelatex/texlive-full:2017.1
      TEXLIVE_IMAGE_USER: "tex"
      SHARELATEX_CONFIG: /app/config/settings.defaults.coffee
@@ -18,6 +19,7 @@ services:
      
  ci:
    environment:
+      ALLOWED_IMAGES: ${TEXLIVE_IMAGE}
      TEXLIVE_IMAGE: quay.io/sharelatex/texlive-full:2017.1
      TEXLIVE_IMAGE_USER: "tex"
      SHARELATEX_CONFIG: /app/config/settings.defaults.coffee
--- a/package-lock.json
+++ b/package-lock.json
@@ -176,6 +176,43 @@
        "google-auth-library": "^5.5.0",
        "retry-request": "^4.0.0",
        "teeny-request": "^6.0.0"
+      },
+      "dependencies": {
+        "google-auth-library": {
+          "version": "5.10.1",
+          "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-5.10.1.tgz",
+          "integrity": "sha512-rOlaok5vlpV9rSiUu5EpR0vVpc+PhN62oF4RyX/6++DG1VsaulAFEMlDYBLjJDDPI6OcNOCGAKy9UVB/3NIDXg==",
+          "requires": {
+            "arrify": "^2.0.0",
+            "base64-js": "^1.3.0",
+            "ecdsa-sig-formatter": "^1.0.11",
+            "fast-text-encoding": "^1.0.0",
+            "gaxios": "^2.1.0",
+            "gcp-metadata": "^3.4.0",
+            "gtoken": "^4.1.0",
+            "jws": "^4.0.0",
+            "lru-cache": "^5.0.0"
+          }
+        },
+        "jwa": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.0.tgz",
+          "integrity": "sha512-jrZ2Qx916EA+fq9cEAeCROWPTfCwi1IVHqT2tapuqLEVVDKFDENFw1oL+MwrTvH6msKxsd1YTDVw6uKEcsrLEA==",
+          "requires": {
+            "buffer-equal-constant-time": "1.0.1",
+            "ecdsa-sig-formatter": "1.0.11",
+            "safe-buffer": "^5.0.1"
+          }
+        },
+        "jws": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.0.tgz",
+          "integrity": "sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg==",
+          "requires": {
+            "jwa": "^2.0.0",
+            "safe-buffer": "^5.0.1"
+          }
+        }
      }
    },
    "@google-cloud/debug-agent": {
@@ -371,6 +408,41 @@
        "type-fest": "^0.12.0"
      },
      "dependencies": {
+        "google-auth-library": {
+          "version": "5.10.1",
+          "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-5.10.1.tgz",
+          "integrity": "sha512-rOlaok5vlpV9rSiUu5EpR0vVpc+PhN62oF4RyX/6++DG1VsaulAFEMlDYBLjJDDPI6OcNOCGAKy9UVB/3NIDXg==",
+          "requires": {
+            "arrify": "^2.0.0",
+            "base64-js": "^1.3.0",
+            "ecdsa-sig-formatter": "^1.0.11",
+            "fast-text-encoding": "^1.0.0",
+            "gaxios": "^2.1.0",
+            "gcp-metadata": "^3.4.0",
+            "gtoken": "^4.1.0",
+            "jws": "^4.0.0",
+            "lru-cache": "^5.0.0"
+          }
+        },
+        "jwa": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.0.tgz",
+          "integrity": "sha512-jrZ2Qx916EA+fq9cEAeCROWPTfCwi1IVHqT2tapuqLEVVDKFDENFw1oL+MwrTvH6msKxsd1YTDVw6uKEcsrLEA==",
+          "requires": {
+            "buffer-equal-constant-time": "1.0.1",
+            "ecdsa-sig-formatter": "1.0.11",
+            "safe-buffer": "^5.0.1"
+          }
+        },
+        "jws": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.0.tgz",
+          "integrity": "sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg==",
+          "requires": {
+            "jwa": "^2.0.0",
+            "safe-buffer": "^5.0.1"
+          }
+        },
        "type-fest": {
          "version": "0.12.0",
          "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.12.0.tgz",
@@ -379,12 +451,12 @@
      }
    },
    "@google-cloud/logging-bunyan": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/@google-cloud/logging-bunyan/-/logging-bunyan-2.0.3.tgz",
-      "integrity": "sha512-8n9MwsCRd4v8WZg17+d3m7qInud7lYTm5rpwXHY0/lzWEJYjeiztT09BiCYh56EEhHr+ynymJnzUDZKazkywlg==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@google-cloud/logging-bunyan/-/logging-bunyan-3.0.0.tgz",
+      "integrity": "sha512-ZLVXEejNQ27ktGcA3S/sd7GPefp7kywbn+/KoBajdb1Syqcmtc98jhXpYQBXVtNP2065iyu77s4SBaiYFbTC5A==",
      "requires": {
        "@google-cloud/logging": "^7.0.0",
-        "google-auth-library": "^5.0.0"
+        "google-auth-library": "^6.0.0"
      }
    },
    "@google-cloud/paginator": {
@@ -750,9 +822,9 @@
      }
    },
    "@grpc/proto-loader": {
-      "version": "0.5.4",
-      "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.5.4.tgz",
-      "integrity": "sha512-HTM4QpI9B2XFkPz7pjwMyMgZchJ93TVkL3kWPW8GDMDKYxsMnmf4w2TNMJK7+KNiYHS5cJrCEAFlF+AwtXWVPA==",
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.5.5.tgz",
+      "integrity": "sha512-WwN9jVNdHRQoOBo9FDH7qU+mgfjPc8GygPYms3M+y3fbQLfnCe/Kv/E01t7JRgnrsOHH8euvSbed3mIalXhwqQ==",
      "requires": {
        "lodash.camelcase": "^4.3.0",
        "protobufjs": "^6.8.6"
@@ -1465,6 +1537,7 @@
      "version": "1.8.12",
      "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-1.8.12.tgz",
      "integrity": "sha1-8VDw9nSKvdcq6uhPBEA74u8RN5c=",
+      "dev": true,
      "requires": {
        "dtrace-provider": "~0.8",
        "moment": "^2.10.6",
@@ -1553,6 +1626,11 @@
      "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==",
      "dev": true
    },
+    "charenc": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/charenc/-/charenc-0.0.2.tgz",
+      "integrity": "sha1-wKHS86cJLgN3S/qD8UwPxXkKhmc="
+    },
    "check-error": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz",
@@ -1800,6 +1878,11 @@
        "which": "^1.2.9"
      }
    },
+    "crypt": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/crypt/-/crypt-0.0.2.tgz",
+      "integrity": "sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs="
+    },
    "d64": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/d64/-/d64-1.0.0.tgz",
@@ -3019,21 +3102,74 @@
      "dev": true
    },
    "google-auth-library": {
-      "version": "5.10.1",
-      "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-5.10.1.tgz",
-      "integrity": "sha512-rOlaok5vlpV9rSiUu5EpR0vVpc+PhN62oF4RyX/6++DG1VsaulAFEMlDYBLjJDDPI6OcNOCGAKy9UVB/3NIDXg==",
+      "version": "6.0.5",
+      "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-6.0.5.tgz",
+      "integrity": "sha512-Wj31lfTm2yR4g3WfOOB1Am1tt478Xq9OvzTPQJi17tn/I9R5IcsxjANBsE93nYmxYxtwDedhOdIb8l3vSPG49Q==",
      "requires": {
        "arrify": "^2.0.0",
        "base64-js": "^1.3.0",
        "ecdsa-sig-formatter": "^1.0.11",
        "fast-text-encoding": "^1.0.0",
-        "gaxios": "^2.1.0",
-        "gcp-metadata": "^3.4.0",
-        "gtoken": "^4.1.0",
+        "gaxios": "^3.0.0",
+        "gcp-metadata": "^4.1.0",
+        "gtoken": "^5.0.0",
        "jws": "^4.0.0",
-        "lru-cache": "^5.0.0"
+        "lru-cache": "^6.0.0"
      },
      "dependencies": {
+        "bignumber.js": {
+          "version": "9.0.0",
+          "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.0.0.tgz",
+          "integrity": "sha512-t/OYhhJ2SD+YGBQcjY8GzzDHEk9f3nerxjtfa6tlMXfe7frs/WozhvCNoGvpM0P3bNf3Gq5ZRMlGr5f3r4/N8A=="
+        },
+        "gaxios": {
+          "version": "3.0.4",
+          "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-3.0.4.tgz",
+          "integrity": "sha512-97NmFuMETFQh6gqPUxkqjxRMjmY8aRKRMphIkgO/b90AbCt5wAVuXsp8oWjIXlLN2pIK/fsXD8edcM7ULkFMLg==",
+          "requires": {
+            "abort-controller": "^3.0.0",
+            "extend": "^3.0.2",
+            "https-proxy-agent": "^5.0.0",
+            "is-stream": "^2.0.0",
+            "node-fetch": "^2.3.0"
+          }
+        },
+        "gcp-metadata": {
+          "version": "4.1.4",
+          "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-4.1.4.tgz",
+          "integrity": "sha512-5J/GIH0yWt/56R3dNaNWPGQ/zXsZOddYECfJaqxFWgrZ9HC2Kvc5vl9upOgUUHKzURjAVf2N+f6tEJiojqXUuA==",
+          "requires": {
+            "gaxios": "^3.0.0",
+            "json-bigint": "^1.0.0"
+          }
+        },
+        "google-p12-pem": {
+          "version": "3.0.2",
+          "resolved": "https://registry.npmjs.org/google-p12-pem/-/google-p12-pem-3.0.2.tgz",
+          "integrity": "sha512-tbjzndQvSIHGBLzHnhDs3cL4RBjLbLXc2pYvGH+imGVu5b4RMAttUTdnmW2UH0t11QeBTXZ7wlXPS7hrypO/tg==",
+          "requires": {
+            "node-forge": "^0.9.0"
+          }
+        },
+        "gtoken": {
+          "version": "5.0.2",
+          "resolved": "https://registry.npmjs.org/gtoken/-/gtoken-5.0.2.tgz",
+          "integrity": "sha512-lull70rHCTvRTmAt+R/6W5bTtx4MjHku7AwJwK5fGqhOmygcZud0nrZcX+QUNfBJwCzqy7S5i1Bc4NYnr5PMMA==",
+          "requires": {
+            "gaxios": "^3.0.0",
+            "google-p12-pem": "^3.0.0",
+            "jws": "^4.0.0",
+            "mime": "^2.2.0"
+          }
+        },
+        "json-bigint": {
+          "version": "1.0.0",
+          "resolved": "https://registry.npmjs.org/json-bigint/-/json-bigint-1.0.0.tgz",
+          "integrity": "sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ==",
+          "requires": {
+            "bignumber.js": "^9.0.0"
+          }
+        },
        "jwa": {
          "version": "2.0.0",
          "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.0.tgz",
@@ -3052,6 +3188,24 @@
            "jwa": "^2.0.0",
            "safe-buffer": "^5.0.1"
          }
+        },
+        "lru-cache": {
+          "version": "6.0.0",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+          "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+          "requires": {
+            "yallist": "^4.0.0"
+          }
+        },
+        "mime": {
+          "version": "2.4.6",
+          "resolved": "https://registry.npmjs.org/mime/-/mime-2.4.6.tgz",
+          "integrity": "sha512-RZKhC3EmpBchfTGBVb8fb+RL2cWyw/32lshnsETttkBAyAUXSGHxbEJWWRXc751DrIxG1q04b8QwMbAwkRPpUA=="
+        },
+        "yallist": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+          "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
        }
      }
    },
@@ -3078,14 +3232,49 @@
      },
      "dependencies": {
        "@types/node": {
-          "version": "13.13.12",
-          "resolved": "https://registry.npmjs.org/@types/node/-/node-13.13.12.tgz",
-          "integrity": "sha512-zWz/8NEPxoXNT9YyF2osqyA9WjssZukYpgI4UYZpOjcyqwIUqWGkcCionaEb9Ki+FULyPyvNFpg/329Kd2/pbw=="
+          "version": "13.13.15",
+          "resolved": "https://registry.npmjs.org/@types/node/-/node-13.13.15.tgz",
+          "integrity": "sha512-kwbcs0jySLxzLsa2nWUAGOd/s21WU1jebrEdtzhsj1D4Yps1EOuyI1Qcu+FD56dL7NRNIJtDDjcqIG22NwkgLw=="
+        },
+        "google-auth-library": {
+          "version": "5.10.1",
+          "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-5.10.1.tgz",
+          "integrity": "sha512-rOlaok5vlpV9rSiUu5EpR0vVpc+PhN62oF4RyX/6++DG1VsaulAFEMlDYBLjJDDPI6OcNOCGAKy9UVB/3NIDXg==",
+          "requires": {
+            "arrify": "^2.0.0",
+            "base64-js": "^1.3.0",
+            "ecdsa-sig-formatter": "^1.0.11",
+            "fast-text-encoding": "^1.0.0",
+            "gaxios": "^2.1.0",
+            "gcp-metadata": "^3.4.0",
+            "gtoken": "^4.1.0",
+            "jws": "^4.0.0",
+            "lru-cache": "^5.0.0"
+          }
+        },
+        "jwa": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.0.tgz",
+          "integrity": "sha512-jrZ2Qx916EA+fq9cEAeCROWPTfCwi1IVHqT2tapuqLEVVDKFDENFw1oL+MwrTvH6msKxsd1YTDVw6uKEcsrLEA==",
+          "requires": {
+            "buffer-equal-constant-time": "1.0.1",
+            "ecdsa-sig-formatter": "1.0.11",
+            "safe-buffer": "^5.0.1"
+          }
+        },
+        "jws": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.0.tgz",
+          "integrity": "sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg==",
+          "requires": {
+            "jwa": "^2.0.0",
+            "safe-buffer": "^5.0.1"
+          }
        },
        "protobufjs": {
-          "version": "6.9.0",
-          "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-6.9.0.tgz",
-          "integrity": "sha512-LlGVfEWDXoI/STstRDdZZKb/qusoAWUnmLg9R8OLSO473mBLWHowx8clbX5/+mKDEI+v7GzjoK9tRPZMMcoTrg==",
+          "version": "6.10.1",
+          "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-6.10.1.tgz",
+          "integrity": "sha512-pb8kTchL+1Ceg4lFd5XUpK8PdWacbvV5SK2ULH2ebrYtl4GjJmS24m6CKME67jzV53tbJxHlnNOSqQHbTsR9JQ==",
          "requires": {
            "@protobufjs/aspromise": "^1.1.2",
            "@protobufjs/base64": "^1.1.2",
@@ -3270,9 +3459,9 @@
      },
      "dependencies": {
        "agent-base": {
-          "version": "6.0.0",
-          "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.0.tgz",
-          "integrity": "sha512-j1Q7cSCqN+AwrmDd+pzgqc0/NpC655x2bUf5ZjRIO77DcNBFmh+OgRNzF6OKdCC9RSCb19fGd99+bhXFdkRNqw==",
+          "version": "6.0.1",
+          "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.1.tgz",
+          "integrity": "sha512-01q25QQDwLSsyfhrKbn8yuur+JNw0H+0Y4JiGIKd3z9aYk/w/2kxD/Upc+t2ZBBSUNff50VjPsSW2YxM8QYKVg==",
          "requires": {
            "debug": "4"
          }
@@ -3312,9 +3501,9 @@
      },
      "dependencies": {
        "agent-base": {
-          "version": "6.0.0",
-          "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.0.tgz",
-          "integrity": "sha512-j1Q7cSCqN+AwrmDd+pzgqc0/NpC655x2bUf5ZjRIO77DcNBFmh+OgRNzF6OKdCC9RSCb19fGd99+bhXFdkRNqw==",
+          "version": "6.0.1",
+          "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.1.tgz",
+          "integrity": "sha512-01q25QQDwLSsyfhrKbn8yuur+JNw0H+0Y4JiGIKd3z9aYk/w/2kxD/Upc+t2ZBBSUNff50VjPsSW2YxM8QYKVg==",
          "requires": {
            "debug": "4"
          }
@@ -3903,15 +4092,33 @@
      }
    },
    "logger-sharelatex": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/logger-sharelatex/-/logger-sharelatex-2.1.0.tgz",
-      "integrity": "sha512-WgAABqnBMOv0VAwQJyw+fY4rpqKX+nPJNRydGEYZTo+6lKtJI2TttmZ+Coryg1LEzAjNagxoU78XOHKQvhg7qg==",
+      "version": "git+https://github.com/overleaf/logger-module.git#96a5056440321e6c6cb092a4ec4d4fdebdd77545",
+      "from": "git+https://github.com/overleaf/logger-module.git#csh-metadata-fallback-node-fetch",
      "requires": {
-        "@google-cloud/logging-bunyan": "^2.0.0",
+        "@google-cloud/logging-bunyan": "^3.0.0",
        "@overleaf/o-error": "^3.0.0",
-        "bunyan": "1.8.12",
-        "raven": "1.1.3",
-        "yn": "^3.1.1"
+        "bunyan": "^1.8.14",
+        "node-fetch": "^2.6.0",
+        "raven": "^2.6.4",
+        "yn": "^4.0.0"
+      },
+      "dependencies": {
+        "bunyan": {
+          "version": "1.8.14",
+          "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-1.8.14.tgz",
+          "integrity": "sha512-LlahJUxXzZLuw/hetUQJmRgZ1LF6+cr5TPpRj6jf327AsiIq2jhYEH4oqUUkVKTor+9w2BT3oxVwhzE5lw9tcg==",
+          "requires": {
+            "dtrace-provider": "~0.8",
+            "moment": "^2.19.3",
+            "mv": "~2",
+            "safe-json-stringify": "~1"
+          }
+        },
+        "yn": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/yn/-/yn-4.0.0.tgz",
+          "integrity": "sha512-huWiiCS4TxKc4SfgmTwW1K7JmXPPAmuXWYy4j9qjQo4+27Kni8mGhAAi1cloRWmBe2EqcLgt3IGqQoRL/MtPgg=="
+        }
      }
    },
    "loglevel": {
@@ -3979,11 +4186,6 @@
        "yallist": "^3.0.2"
      }
    },
-    "lsmod": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/lsmod/-/lsmod-1.0.0.tgz",
-      "integrity": "sha1-mgD3bco26yP6BTUK/htYXUKZ5ks="
-    },
    "lynx": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/lynx/-/lynx-0.2.0.tgz",
@@ -4016,6 +4218,23 @@
      "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.1.0.tgz",
      "integrity": "sha512-glc9y00wgtwcDmp7GaE/0b0OnxpNJsVf3ael/An6Fe2Q51LLwN1er6sdomLRzz5h0+yMpiYLhWYF5R7HeqVd4g=="
    },
+    "md5": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/md5/-/md5-2.2.1.tgz",
+      "integrity": "sha1-U6s41f48iJG6RlMp6iP6wFQBJvk=",
+      "requires": {
+        "charenc": "~0.0.1",
+        "crypt": "~0.0.1",
+        "is-buffer": "~1.1.1"
+      },
+      "dependencies": {
+        "is-buffer": {
+          "version": "1.1.6",
+          "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz",
+          "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w=="
+        }
+      }
+    },
    "media-typer": {
      "version": "0.3.0",
      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
@@ -5589,21 +5808,26 @@
      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
    },
    "raven": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/raven/-/raven-1.1.3.tgz",
-      "integrity": "sha1-QnPBrm005CMPUbLAEEGjK5Iygio=",
+      "version": "2.6.4",
+      "resolved": "https://registry.npmjs.org/raven/-/raven-2.6.4.tgz",
+      "integrity": "sha512-6PQdfC4+DQSFncowthLf+B6Hr0JpPsFBgTVYTAOq7tCmx/kR4SXbeawtPch20+3QfUcQDoJBLjWW1ybvZ4kXTw==",
      "requires": {
        "cookie": "0.3.1",
-        "json-stringify-safe": "5.0.1",
-        "lsmod": "1.0.0",
-        "stack-trace": "0.0.9",
-        "uuid": "3.0.0"
+        "md5": "^2.2.1",
+        "stack-trace": "0.0.10",
+        "timed-out": "4.0.1",
+        "uuid": "3.3.2"
      },
      "dependencies": {
+        "stack-trace": {
+          "version": "0.0.10",
+          "resolved": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz",
+          "integrity": "sha1-VHxws0fo0ytOEI6hoqFZ5f3eGcA="
+        },
        "uuid": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.0.0.tgz",
-          "integrity": "sha1-Zyj8BFnEUNeWqZwxg3VpvfZy1yg="
+          "version": "3.3.2",
+          "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz",
+          "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA=="
        }
      }
    },
@@ -6249,7 +6473,8 @@
    "stack-trace": {
      "version": "0.0.9",
      "resolved": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.9.tgz",
-      "integrity": "sha1-qPbq7KkGdMMz58Q5U/J1tFFRBpU="
+      "integrity": "sha1-qPbq7KkGdMMz58Q5U/J1tFFRBpU=",
+      "dev": true
    },
    "statsd-parser": {
      "version": "0.0.4",
@@ -6555,6 +6780,11 @@
        "readable-stream": "2 || 3"
      }
    },
+    "timed-out": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz",
+      "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8="
+    },
    "timekeeper": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/timekeeper/-/timekeeper-2.2.0.tgz",
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
    "heapdump": "^0.3.15",
    "lockfile": "^1.0.4",
    "lodash": "^4.17.15",
-    "logger-sharelatex": "^2.1.0",
+    "logger-sharelatex": "git+https://github.com/overleaf/logger-module.git#csh-metadata-fallback-node-fetch",
    "lynx": "0.2.0",
    "metrics-sharelatex": "^2.6.0",
    "mysql": "^2.18.1",
--- a/test/acceptance/js/AllowedImageNames.js
+++ b/test/acceptance/js/AllowedImageNames.js
@@ -0,0 +1,102 @@
+const Client = require('./helpers/Client')
+const ClsiApp = require('./helpers/ClsiApp')
+const { expect } = require('chai')
+
+describe('AllowedImageNames', function() {
+  beforeEach(function(done) {
+    this.project_id = Client.randomId()
+    this.request = {
+      options: {
+        imageName: undefined
+      },
+      resources: [
+        {
+          path: 'main.tex',
+          content: `\
+\\documentclass{article}
+\\begin{document}
+Hello world
+\\end{document}\
+`
+        }
+      ]
+    }
+    ClsiApp.ensureRunning(done)
+  })
+
+  describe('with a valid name', function() {
+    beforeEach(function(done) {
+      this.request.options.imageName = process.env.TEXLIVE_IMAGE
+
+      Client.compile(this.project_id, this.request, (error, res, body) => {
+        this.error = error
+        this.res = res
+        this.body = body
+        done(error)
+      })
+    })
+    it('should return success', function() {
+      expect(this.res.statusCode).to.equal(200)
+    })
+
+    it('should return a PDF', function() {
+      let pdf
+      try {
+        pdf = Client.getOutputFile(this.body, 'pdf')
+      } catch (e) {}
+      expect(pdf).to.exist
+    })
+  })
+
+  describe('with an invalid name', function() {
+    beforeEach(function(done) {
+      this.request.options.imageName = 'something/evil:1337'
+      Client.compile(this.project_id, this.request, (error, res, body) => {
+        this.error = error
+        this.res = res
+        this.body = body
+        done(error)
+      })
+    })
+    it('should return non success', function() {
+      expect(this.res.statusCode).to.not.equal(200)
+    })
+
+    it('should not return a PDF', function() {
+      let pdf
+      try {
+        pdf = Client.getOutputFile(this.body, 'pdf')
+      } catch (e) {}
+      expect(pdf).to.not.exist
+    })
+  })
+
+  describe('wordcount', function() {
+    beforeEach(function(done) {
+      Client.compile(this.project_id, this.request, done)
+    })
+    it('should error out with an invalid imageName', function() {
+      Client.wordcountWithImage(
+        this.project_id,
+        'main.tex',
+        'something/evil:1337',
+        (error, result) => {
+          expect(String(error)).to.include('statusCode=400')
+        }
+      )
+    })
+
+    it('should produce a texcout a valid imageName', function() {
+      Client.wordcountWithImage(
+        this.project_id,
+        'main.tex',
+        process.env.TEXLIVE_IMAGE,
+        (error, result) => {
+          expect(error).to.not.exist
+          expect(result).to.exist
+          expect(result.texcount).to.exist
+        }
+      )
+    })
+  })
+})
--- a/test/acceptance/js/ExampleDocumentTests.js
+++ b/test/acceptance/js/ExampleDocumentTests.js
@@ -235,6 +235,7 @@ describe('Example Documents', function() {
                ) === 'failure'
              ) {
                console.log('DEBUG: error', error, 'body', JSON.stringify(body))
+                return done(new Error('Compile failed'))
              }
              const pdf = Client.getOutputFile(body, 'pdf')
              return downloadAndComparePdf(
@@ -263,6 +264,7 @@ describe('Example Documents', function() {
                ) === 'failure'
              ) {
                console.log('DEBUG: error', error, 'body', JSON.stringify(body))
+                return done(new Error('Compile failed'))
              }
              const pdf = Client.getOutputFile(body, 'pdf')
              return downloadAndComparePdf(
--- a/test/acceptance/js/helpers/Client.js
+++ b/test/acceptance/js/helpers/Client.js
@@ -189,6 +189,11 @@ module.exports = Client = {
  },

  wordcount(project_id, file, callback) {
+    const image = undefined
+    Client.wordcountWithImage(project_id, file, image, callback)
+  },
+
+  wordcountWithImage(project_id, file, image, callback) {
    if (callback == null) {
      callback = function(error, pdfPositions) {}
    }
@@ -196,6 +201,7 @@ module.exports = Client = {
      {
        url: `${this.host}/project/${project_id}/wordcount`,
        qs: {
+          image,
          file
        }
      },
@@ -203,6 +209,9 @@ module.exports = Client = {
        if (error != null) {
          return callback(error)
        }
+        if (response.statusCode !== 200) {
+          return callback(new Error(`statusCode=${response.statusCode}`))
+        }
        return callback(null, JSON.parse(body))
      }
    )
--- a/test/unit/js/CompileControllerTests.js
+++ b/test/unit/js/CompileControllerTests.js
@@ -12,6 +12,7 @@
 const SandboxedModule = require('sandboxed-module')
 const sinon = require('sinon')
 require('chai').should()
+const { expect } = require('chai')
 const modulePath = require('path').join(
  __dirname,
  '../../../app/js/CompileController'
@@ -287,21 +288,60 @@ describe('CompileController', function() {
      this.CompileManager.wordcount = sinon
        .stub()
        .callsArgWith(4, null, (this.texcount = ['mock-texcount']))
-      return this.CompileController.wordcount(this.req, this.res, this.next)
    })

    it('should return the word count of a file', function() {
+      this.CompileController.wordcount(this.req, this.res, this.next)
      return this.CompileManager.wordcount
        .calledWith(this.project_id, undefined, this.file, this.image)
        .should.equal(true)
    })

-    return it('should return the texcount info', function() {
+    it('should return the texcount info', function() {
+      this.CompileController.wordcount(this.req, this.res, this.next)
      return this.res.json
        .calledWith({
          texcount: this.texcount
        })
        .should.equal(true)
    })
+
+    describe('when allowedImages is set', function() {
+      beforeEach(function() {
+        this.Settings.clsi = { docker: {} }
+        this.Settings.clsi.docker.allowedImages = [
+          'repo/image:tag1',
+          'repo/image:tag2'
+        ]
+        this.res.send = sinon.stub()
+        this.res.status = sinon.stub().returns({ send: this.res.send })
+      })
+
+      describe('with an invalid image', function() {
+        beforeEach(function() {
+          this.req.query.image = 'something/evil:1337'
+          this.CompileController.wordcount(this.req, this.res, this.next)
+        })
+        it('should return a 400', function() {
+          expect(this.res.status.calledWith(400)).to.equal(true)
+        })
+        it('should not run the query', function() {
+          expect(this.CompileManager.wordcount.called).to.equal(false)
+        })
+      })
+
+      describe('with a valid image', function() {
+        beforeEach(function() {
+          this.req.query.image = 'repo/image:tag1'
+          this.CompileController.wordcount(this.req, this.res, this.next)
+        })
+        it('should not return a 400', function() {
+          expect(this.res.status.calledWith(400)).to.equal(false)
+        })
+        it('should run the query', function() {
+          expect(this.CompileManager.wordcount.called).to.equal(true)
+        })
+      })
+    })
  })
 })
--- a/test/unit/js/DockerRunnerTests.js
+++ b/test/unit/js/DockerRunnerTests.js
@@ -273,7 +273,7 @@ describe('DockerRunner', function() {
      })
    })

-    return describe('with image override', function() {
+    describe('with image override', function() {
      beforeEach(function() {
        this.Settings.texliveImageNameOveride = 'overrideimage.com/something'
        this.DockerRunner._runAndWaitForContainer = sinon
@@ -296,6 +296,62 @@ describe('DockerRunner', function() {
        return image.should.equal('overrideimage.com/something/image:2016.2')
      })
    })
+
+    describe('with image restriction', function() {
+      beforeEach(function() {
+        this.Settings.clsi.docker.allowedImages = [
+          'repo/image:tag1',
+          'repo/image:tag2'
+        ]
+        this.DockerRunner._runAndWaitForContainer = sinon
+          .stub()
+          .callsArgWith(3, null, (this.output = 'mock-output'))
+      })
+
+      describe('with a valid image', function() {
+        beforeEach(function() {
+          this.DockerRunner.run(
+            this.project_id,
+            this.command,
+            this.directory,
+            'repo/image:tag1',
+            this.timeout,
+            this.env,
+            this.compileGroup,
+            this.callback
+          )
+        })
+
+        it('should setup the container', function() {
+          this.DockerRunner._getContainerOptions.called.should.equal(true)
+        })
+      })
+
+      describe('with a invalid image', function() {
+        beforeEach(function() {
+          this.DockerRunner.run(
+            this.project_id,
+            this.command,
+            this.directory,
+            'something/different:evil',
+            this.timeout,
+            this.env,
+            this.compileGroup,
+            this.callback
+          )
+        })
+
+        it('should call the callback with an error', function() {
+          const err = new Error('image not allowed')
+          this.callback.called.should.equal(true)
+          this.callback.args[0][0].message.should.equal(err.message)
+        })
+
+        it('should not setup the container', function() {
+          this.DockerRunner._getContainerOptions.called.should.equal(false)
+        })
+      })
+    })
  })

  describe('run with _getOptions', function() {
--- a/test/unit/js/RequestParserTests.js
+++ b/test/unit/js/RequestParserTests.js
@@ -114,6 +114,48 @@ describe('RequestParser', function() {
    })
  })

+  describe('when image restrictions are present', function() {
+    beforeEach(function() {
+      this.settings.clsi = { docker: {} }
+      this.settings.clsi.docker.allowedImages = [
+        'repo/name:tag1',
+        'repo/name:tag2'
+      ]
+    })
+
+    describe('with imageName set to something invalid', function() {
+      beforeEach(function() {
+        const request = this.validRequest
+        request.compile.options.imageName = 'something/different:latest'
+        this.RequestParser.parse(request, (error, data) => {
+          this.error = error
+          this.data = data
+        })
+      })
+
+      it('should throw an error for imageName', function() {
+        expect(String(this.error)).to.include(
+          'imageName attribute should be one of'
+        )
+      })
+    })
+
+    describe('with imageName set to something valid', function() {
+      beforeEach(function() {
+        const request = this.validRequest
+        request.compile.options.imageName = 'repo/name:tag1'
+        this.RequestParser.parse(request, (error, data) => {
+          this.error = error
+          this.data = data
+        })
+      })
+
+      it('should set the imageName', function() {
+        this.data.imageName.should.equal('repo/name:tag1')
+      })
+    })
+  })
+
  describe('with flags set', function() {
    beforeEach(function() {
      this.validRequest.compile.options.flags = ['-file-line-error']
Author	SHA1	Message	Date
Christopher Hoskin	b01755ca43	Test updated logger on clsi	2020-07-24 14:22:48 +01:00
Jakob Ackermann	1ee48d0274	Merge pull request #182 from overleaf/msm-fix-npe-community-edition Fixed NPE when Settings.clsi is defined but Settings.clsi.docker is not	2020-07-15 11:01:08 +02:00
Jakob Ackermann	384d544bf2	Merge pull request #183 from overleaf/jpa-clsi-allowed-image-names [misc] RequestParser: restrict imageName to an allow list and add tests	2020-07-15 10:58:36 +02:00
Jakob Ackermann	df09caaf46	Merge pull request #186 from overleaf/jpa-import-132 [LocalCommandRunner] run: block a double call of the callback	2020-07-15 10:57:46 +02:00
Jakob Ackermann	e59250d1fd	Merge pull request #185 from overleaf/jpa-import-123 [ExampleDocumentTests] drop out in case of an error during compilation	2020-07-15 10:57:34 +02:00
Jakob Ackermann	e0176bbcbc	Merge pull request #132 from das7pad/hotfix-double-call [LocalCommandRunner] run: block a double call of the callback	2020-07-03 12:58:25 +02:00
Jakob Ackermann	53cc80fc7f	[misc] fix formatting	2020-07-03 11:47:53 +01:00
Jakob Ackermann	47d1196dde	Merge pull request #123 from das7pad/hotfix/test-error-handling [ExampleDocumentTests] drop out in case of an error during compilation	2020-07-03 12:40:15 +02:00
Jakob Ackermann	267ff9e7f1	[ExampleDocumentTests] drop out in case of an error during compilation Signed-off-by: Jakob Ackermann <das7pad@outlook.com>	2020-07-03 11:38:12 +01:00
Jakob Ackermann	0cecf26569	[misc] move the image check prior to the base image override	2020-07-01 10:01:25 +01:00
Jakob Ackermann	ee0e8066d3	[misc] apply review feedback - move setting into clsi.docker namespace - rename the variable for images to allowedImages / ALLOWED_IMAGES - add an additional check for the image name into the DockerRunner Co-Authored-By: Brian Gough <brian.gough@overleaf.com>	2020-06-30 12:01:21 +01:00
Jakob Ackermann	6edb458910	[misc] wordcount: restrict image to an allow list and add tests	2020-06-26 13:28:12 +01:00
Jakob Ackermann	5ed09d1a98	[misc] RequestParser: restrict imageName to an allow list and add tests	2020-06-26 13:28:09 +01:00
Miguel Serrano	ad8fec6a1a	Fixed NPE when Settings.clsi is defined but Settings.clsi.docker is not	2020-06-25 12:31:10 +02:00
Jakob Ackermann	b18c9854b6	[LocalCommandRunner] run: block a double call of the callback The subprocess event handler fires the "error" and "close" event in case of a failure. Both events would call the given callback, resulting in double processing of the subprocess result downstream. Signed-off-by: Jakob Ackermann <das7pad@outlook.com>	2020-04-16 15:55:55 +02:00