Skip to content

Deprecate printToFile #730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 4 tasks
tresf opened this issue Nov 16, 2020 · 1 comment
Closed
1 of 4 tasks

Deprecate printToFile #730

tresf opened this issue Nov 16, 2020 · 1 comment
Assignees
@akberenz @tresf
Labels
security
Milestone
2.1.4

Comments

@tresf
Copy link
Contributor

tresf commented Nov 16, 2020
edited
Loading

Printing to file should be extremely restricted, like #306 and only allow writing to certain pre-approved locations.

qz.configs.create({ file: 'foo/bar.txt'});
// -- OR --
cfg.setPrinter({ file: 'foo/bar.txt'});

Considerations

  • This technique is still somewhat popular for writing to a UNC path. e.g. \\print-server\printer-share\my printer. We should consider allowing non-loopback UNC paths. Detecting a non-loopback can be tricky. e.g. \\127.0.0.1\, \\COMPUTER\\, as well as IPv6 variants. This may make UNC too difficult to support. A decision must be made on UNC paths.
  • Add a deprecation warning immediately for this feature, since it needs to be removed or inhibited. (Done via 80bd7ae)
  • It may be viable to alias this to a convenience wrapper around FileIO writing. That way the existing FileIO whitelisting techniques can be reused.
  • As a replacement to users using this feature, we'd may offer instructions for setting up a file-printer. This varies per-platform.

Use Cases

I believe existing deployments fall into the the following three use-cases.

  • A shortcut to print raw to a UNC share
    • See consideration above about possibly keeping UNC path support
  • Testing/troubleshooting raw content
    • This can be mitigated by adding instructions for setting up a RAW file printer
  • 3rd-party device interfacing

Some relevant code snippets:

tray/src/qz/printer/action/PrintRaw.java

Lines 286 to 288 in 572191a

} else if (output.isSetFile()) {
printToFile(output.getFile(), bab.getByteArray());
} else {

tray/src/qz/printer/PrintOutput.java

Lines 33 to 42 in b3e3640

if (configPrinter.has("file")) {
String filename = configPrinter.getString("file");
if (!FileUtilities.isGoodExtension(Paths.get(filename))) {
throw new IllegalArgumentException("Writing to file \"" + filename + "\" is denied for security reasons. (Prohibited file extension)");
} else if (FileUtilities.isBadPath(filename)) {
throw new IllegalArgumentException("Writing to file \"" + filename + "\" is denied for security reasons. (Prohibited directory name)");
} else {
file = new File(filename);
}
}

Supersedes #631
@tresf tresf added the security label Nov 16, 2020
@tresf tresf added this to the 2.1.4 milestone Nov 16, 2020
tresf added a commit that referenced this issue Nov 16, 2020
@tresf
Deprecate printToFile in favor of File IO. Per #730
80bd7ae
@tresf tresf mentioned this issue Nov 16, 2020
Closed
tresf added a commit that referenced this issue Nov 8, 2023
@tresf
Disable file writing by default
883094a 
Per #1210, #730
@tresf tresf mentioned this issue Nov 8, 2023
Merged
tresf added a commit that referenced this issue Nov 23, 2023
@tresf
Disable file writing by default
35c8306 
Per #1210, #730
tresf added a commit that referenced this issue Nov 25, 2023
@tresf @akberenz
System properties to harden file reading/writing, http behavior (#1213)
e329cb4 
* Disable file writing by default
* Restrict file reading
* Allow hardening of HTTP options
Per #1210, #730

---------

Co-authored-by: Berenz <[email protected]>
@tresf
Copy link
Contributor Author

tresf commented Nov 25, 2023

Closed via #1213

@tresf tresf closed this as completed Nov 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@akberenz akberenz

@tresf tresf

Labels
security
Projects
None yet
Milestone
2.1.4
Development

No branches or pull requests
2 participants
@akberenz @tresf