ios-app icon indicating copy to clipboard operation
ios-app copied to clipboard
verified publisher icon owncloud

[BUG] Eicar upload

Open dj4oC opened this issue 2 years ago • 3 comments

When I upload an eicar virus to oCIS, I get an error message. But I do not receive the same notification as I get in oCIS Web. Please see my screenshot:

image

As a user I would like to upload a virus from my iPad and get a propper message.

dj4oC avatar Sep 12 '23 10:09 dj4oC

HTTP 201 and no response with error message in the web UI:

CleanShot 2023-09-12 at 14 42 26@2x

michaelstingl avatar Sep 12 '23 12:09 michaelstingl

Backend doesn't tell the client there's a problem with the upload:

2023-09-12 14:49:35.752000+0200 ownCloud[55018:2240770] ⚪️ | [HTTP, Request, …] Sending request:
# REQUEST ---------------------------------------------------------
URL:         https://ocis.example.com/dav/spaces/c27943e2-2037-51f4-922f-e891a6dc0d5d$fda3dafd-32bd-4195-943b-f202c10b0185/
Error:       -
Req Signals: coreOnline, authAvailable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
POST /dav/spaces/c27943e2-2037-51f4-922f-e891a6dc0d5d$fda3dafd-32bd-4195-943b-f202c10b0185 HTTP/1.1
Host: ocis.example.com
Content-Length: 68
Tus-Resumable: 1.0.0
X-Request-ID: 5692FFCD-6A65-465B-A195-4DAE195A9E91
Original-Request-ID: 5692FFCD-6A65-465B-A195-4DAE195A9E91
Content-Type: application/offset+octet-stream
User-Agent: ownCloudApp/12.0.3 (App/271; iOS/16.4; iPhone)
Authorization: Bearer [redacted:1]
Accept-Language: en
Upload-Metadata: mtime MTY5NDUyMjkxMw==,filename ZWljYXIuY29tLnR4dA==,checksum U0hBMSAzMzk1ODU2Y2U4MWYyYjczODJkZWU3MjYwMmY3OThiNjQyZjE0MTQw
Upload-Length: 68
Upload-Offset: 0

[Contents from /Users/michaelstingl/Library/Developer/CoreSimulator/Devices/EB1FC39C-B505-4E6B-9C3B-FA76483C4E1E/data/Containers/Shared/AppGroup/69C4FD15-D435-4944-BDD7-E5DBE9D827EA/Vaults/901D929C-B3A9-4715-BDB3-61909A8F29DE/TUS/B6646CC1-A4EE-43DC-95E1-D7E31B614E2C/21F59B61-59EC-4666-944B-A9FB6B37A0B2 (68 bytes)]
----------------------------------------------------------------- [… POST, RequestID:5692FFCD-6A65-465B-A195-4DAE195A9E91, URLSessionTaskID:2] [OCHTTPPipeline.m:1183|FULL]

2023-09-12 14:49:37.083000+0200 ownCloud[55018:2240770] ⚪️ | [HTTP, Response, …] Received response:
# RESPONSE --------------------------------------------------------
Method:      POST
URL:         https://ocis.example.com/dav/spaces/c27943e2-2037-51f4-922f-e891a6dc0d5d$fda3dafd-32bd-4195-943b-f202c10b0185/
Request-ID:  5692FFCD-6A65-465B-A195-4DAE195A9E91
Error:       -
Req Signals: coreOnline, authAvailable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
201 CREATED
x-content-type-options: nosniff
Location: https://ocis.example.com/data/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjk0NjA5Mzc2LCJpYXQiOjE2OTQ1MjI5NzYsInRhcmdldCI6Imh0dHA6Ly9zdG9yYWdldXNlcnM6OTE1OC9kYXRhL3R1cy9hMGVkNTc0ZC03MWNiLTQwZTctOWM1MC1lMzY5YTRjYWVlY2IifQ._Oez3ntDG3i8QoF9PeolPh_jXfZXc0tdX-QS7W9ZJeE
oc-fileid: c27943e2-2037-51f4-922f-e891a6dc0d5d$fda3dafd-32bd-4195-943b-f202c10b0185!70bedd53-cef9-4d07-94fc-3a790f774aa6
content-security-policy: default-src 'none';
Strict-Transport-Security: max-age=15724800; includeSubDomains
oc-perm: SRDNVWZ
tus-resumable: 1.0.0
x-robots-tag: none
Access-Control-Allow-Origin: *
x-download-options: noopen
access-control-allow-headers: Tus-Resumable, Upload-Length, Upload-Metadata, If-Match
Content-Length: 0
Vary: Origin
Date: Tue, 12 Sep 2023 12:49:37 GMT
x-xss-protection: 1; mode=block
oc-etag: "a4c9d6f5414d249cb08358c7a88172c4"
upload-expires: 1694609376
access-control-expose-headers: Tus-Resumable, Upload-Offset, Location
x-frame-options: SAMEORIGIN
upload-offset: 68
Content-Type: text/plain
tus-extension: creation,creation-with-upload,checksum,expiration
x-permitted-cross-domain-policies: none
Last-Modified: Tue, 12 Sep 2023 12:48:33 +0000
Etag: "a4c9d6f5414d249cb08358c7a88172c4"
----------------------------------------------------------------- [… POST, RequestID:5692FFCD-6A65-465B-A195-4DAE195A9E91, URLSessionTaskID:2] [OCHTTPPipeline.m:1306|FULL]

Next request results in a 404, but I'd expect a 425 🤔

2023-09-12 14:49:37.095000+0200 ownCloud[55018:2240770] ⚪️ | [HTTP, Request, …] Sending request:
# REQUEST ---------------------------------------------------------
URL:         https://ocis.example.com/dav/spaces/c27943e2-2037-51f4-922f-e891a6dc0d5d$fda3dafd-32bd-4195-943b-f202c10b0185/eicar.com.txt
Error:       -
Req Signals: coreOnline, authAvailable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PROPFIND /dav/spaces/c27943e2-2037-51f4-922f-e891a6dc0d5d$fda3dafd-32bd-4195-943b-f202c10b0185/eicar.com.txt HTTP/1.1
Host: ocis.example.com
Content-Length: 404
Prefer: return=minimal
X-Request-ID: 6B0A80D7-7C72-48F9-A54B-E17A19301044
Original-Request-ID: 6B0A80D7-7C72-48F9-A54B-E17A19301044
Content-Type: application/xml
Depth: 0
User-Agent: ownCloudApp/12.0.3 (App/271; iOS/16.4; iPhone)
Authorization: Bearer [redacted:1]
Accept-Language: en

<?xml version="1.0" encoding="UTF-8"?>
<D:propfind xmlns:D="DAV:" xmlns:oc="http://owncloud.org/ns">
<D:prop>
<D:resourcetype/>
<D:getlastmodified/>
<D:getcontentlength/>
<D:getcontenttype/>
<D:getetag/>
<oc:id/>
<oc:size/>
<oc:permissions/>
<oc:favorite/>
<oc:share-types/>
<oc:owner-id/>
<oc:owner-display-name/>
<D:quota-available-bytes/>
<D:quota-used-bytes/>
<oc:checksums/>
</D:prop>
</D:propfind>

----------------------------------------------------------------- [… PROPFIND, RequestID:6B0A80D7-7C72-48F9-A54B-E17A19301044, URLSessionTaskID:3] [OCHTTPPipeline.m:1183|FULL]


2023-09-12 14:49:37.331000+0200 ownCloud[55018:2240770] ⚪️ | [HTTP, Response, …] Received response:
# RESPONSE --------------------------------------------------------
Method:      PROPFIND
URL:         https://ocis.example.com/dav/spaces/c27943e2-2037-51f4-922f-e891a6dc0d5d$fda3dafd-32bd-4195-943b-f202c10b0185/eicar.com.txt
Request-ID:  6B0A80D7-7C72-48F9-A54B-E17A19301044
Error:       -
Req Signals: coreOnline, authAvailable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
404 NOT FOUND
Content-Type: text/xml; charset=utf-8
Access-Control-Allow-Origin: *
content-security-policy: default-src 'none';
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
Date: Tue, 12 Sep 2023 12:49:37 GMT
x-robots-tag: none
Content-Length: 201
Strict-Transport-Security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
Vary: Origin
x-frame-options: SAMEORIGIN

<?xml version="1.0" encoding="UTF-8"?>
<d:error xmlns:d="DAV" xmlns:s="http://sabredav.org/ns"><s:exception>Sabre\DAV\Exception\NotFound</s:exception><s:message>Resource not found</s:message></d:error>

michaelstingl avatar Sep 12 '23 12:09 michaelstingl

@dj4oC I’d tend to ignore the 404 error and don’t display it to the user. But this doesn’t solve your problems, uploads will just disappear silently…

michaelstingl avatar Sep 12 '23 15:09 michaelstingl