Skip to content

OpenConceptLab/ocl_issues#2477 | repo external exports#881

Open
snyaggarwal wants to merge 1 commit into
masterfrom
issues#2477
Open

OpenConceptLab/ocl_issues#2477 | repo external exports#881
snyaggarwal wants to merge 1 commit into
masterfrom
issues#2477

Conversation

@snyaggarwal

@snyaggarwal snyaggarwal commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

@snyaggarwal snyaggarwal requested a review from paynejd June 16, 2026 11:08
@snyaggarwal snyaggarwal self-assigned this Jun 16, 2026
@snyaggarwal snyaggarwal mentioned this pull request Jun 17, 2026
Open
@snyaggarwal snyaggarwal linked an issue Jun 17, 2026 that may be closed by this pull request
Add external exports support for OCL versions (upload/delete to S3-like bucket + auditable downloads) OpenConceptLab/ocl_issues#2477
Open
10 tasks
filiperochalopes
filiperochalopes requested changes Jun 17, 2026
View reviewed changes

@filiperochalopes filiperochalopes left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was the download audit intentionally left out?

Do we currently have any way to audit which users downloaded files through AWS? This audit trail is needed for some decisions @askanter needs to make regarding which versions should be kept and which users are still using those versions.

Also, locally I’ve had some issues where the 302 redirect did not always happen. I’m currently using a local patch to cover redirect validation to the signed bucket path.

It would be useful to add an integration test ensuring that the download GET works correctly and results in a 302 redirect.

Comment thread core/common/models.py

return path

def get_external_export_path(self, key, filename):

@filiperochalopes filiperochalopes Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Simple sanitization using .replace() for slashes might be insufficient and risky.

  1. Path Traversal: It doesn't handle '..' sequences, which can lead to unpredictable path resolution.
  2. OS Compatibility: It preserves characters like ':', '*', '<', '>', which are invalid on Windows systems.
  3. Storage/URL Issues: Spaces and special characters are kept, which often break S3 signed URLs and Content-Disposition headers during download.

Recommendation: Use django.utils.text.get_valid_filename(filename) for a robust, industry-standard solution.

from django.utils.text import get_valid_filename

def get_external_export_path(self, key, filename):
    base_path = self.get_version_export_path(suffix=None).rstrip(".")
    safe_filename = get_valid_filename(filename)
    return f"{base_path}/external/{key}_{safe_filename}"

Comment thread core/repos/serializers.py

class Meta:
model = RepoExternalExport
fields = ('key', 'description', 'url', 'created_at', 'updated_at', 'file_path')

@filiperochalopes filiperochalopes Jun 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is file_path necessary here? Maybe remove it for security reasons, preventing disclosure of filesystem paths

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@filiperochalopes filiperochalopes filiperochalopes requested changes

@paynejd paynejd Awaiting requested review from paynejd

Requested changes must be addressed to merge this pull request.

Assignees

@snyaggarwal snyaggarwal

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add external exports support for OCL versions (upload/delete to S3-like bucket + auditable downloads)

2 participants

@snyaggarwal @filiperochalopes