SuiteCRM icon indicating copy to clipboard operation
SuiteCRM copied to clipboard

Published 20 hours ago verified publisher icon salesagility

Rebuild and repair can lead to malformed grouped JS files

Open fswebteam opened this issue 6 months ago • 0 comments

Issue

Hello, we recently run into strange issue which caused various errors on the JS grouped scripts. After deeper analysis of these files and comparing them with the properly working files from some backups, we discovered that some parts of the code are repeated and causing issues. I then spend some time on analysing the entire flow of how these files are gnerated and discovered that there is no any locking mechanism introduced, which can lead to the scenario where multuiple processes can append individual js files into the target JS file in cache.

The problem is in t he ConcatenateFiles function in jssource/minify_utils.php this function is appending the individual JS files without locking the target file, so the other calls to this function can append the same stuff without any problem.

This wouldn't be a big problem if this can only by triggered from the repair section of the admin panel but unfortunately this can also be fired from the login screen view when the cached version of includes/ajavascript/sugar_grp1.js files is not available.

This is includes\MVC\View\SugarView.php:

        if (!is_file(sugar_cached("include/javascript/sugar_grp1.js"))) {
            $_REQUEST['root_directory'] = ".";
            require_once("jssource/minify_utils.php");
            ConcatenateFiles(".");
        }

so any visitor or bot that is opening the login screen of the CRM while the rebuild and repair process is running can lead to this issue I described.

Possible Fix

  1. Implement file locking, or
  2. build group js file with some unique (per process) temporary name and rename/replace it after it is complete (override existing file if found), or
  3. introduce simple maintenance mode that could block access to the non-admin parts whle rebuild or upgrade is happening

Steps to Reproduce the Issue

1. run rebuild and repair
2. trigger multiple calls to the login screen (like ab tool)
3. verify integrity of the grouped JS files

Context

No response

Version

7.11.18

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

PHP 7.2.34 and 10.3.38-MariaDB

Operating System and Version

ubuntu 20

fswebteam avatar Aug 21 '24 15:08 fswebteam