Skip to content

Fixed crash when auditing on binary data #202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fixed crash when auditing on binary data #202

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c766ab1
Fixed crash when auditing on binary data
boxed Nov 30, 2021
3f30eb9
Merge branch 'master' into master
boxed Mar 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions easyaudit/tests/test_app/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@
from unittest import skip, skipIf

import django
from django.db.models import BinaryField

from easyaudit.utils import get_field_value

asgi_views_supported = django.VERSION >= (3, 1)
if asgi_views_supported:
Expand Down Expand Up @@ -246,3 +249,25 @@ def test_request_event_admin_no_users(self):
response = self.client.get(reverse('admin:easyaudit_requestevent_changelist'))
self.assertEqual(200, response.status_code)
filters = self._list_filters(response.content)


@override_settings(TEST=True)
class TestBinaryData(TestCase):
def test_binary_data(self):
class FakeObject:
pass
obj = FakeObject()
obj.binary_data = b'\x00\x00\x00 cHRM\x00\x00z&\x00\x00\x80\x84\x00\x00\xfa\x00\x00'
binary_field = BinaryField()
binary_field.name = 'binary_data'

# Small
actual = get_field_value(obj, binary_field)
expected = r"b'\x00\x00\x00 cHRM\x00\x00z&\x00\x00\x80\x84\x00\x00\xfa\x00\x00'"
assert actual == expected

# Large
obj.binary_data = b'\x00\x00\x00 cHRM\x00\x00z&\x00\x00\x80\x84\x00\x00\xfa\x00\x00' * 100
actual = get_field_value(obj, binary_field)
assert actual.startswith(expected[:-1])
assert actual.endswith('[truncated 2000 bytes]')
10 changes: 7 additions & 3 deletions easyaudit/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
from __future__ import unicode_literals

from uuid import UUID

from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.db.models import NOT_PROVIDED, DateTimeField
Expand All @@ -19,15 +17,21 @@ def get_field_value(obj, field):
:return: The value of the field as a string.
:rtype: str
"""
raw_value = getattr(obj, field.name, None)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well placed!

if isinstance(field, DateTimeField):
# DateTimeFields are timezone-aware, so we need to convert the field
# to its naive form before we can accurately compare them for changes.
try:
value = field.to_python(getattr(obj, field.name, None))
value = field.to_python(raw_value)
if value is not None and settings.USE_TZ and not timezone.is_naive(value):
value = timezone.make_naive(value, timezone=timezone.utc)
except ObjectDoesNotExist:
value = field.default if field.default is not NOT_PROVIDED else None
elif isinstance(raw_value, bytes):
if len(raw_value) > 100:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not saying this is a magic number, but it would be helpful to have a comment regarding this (and possibly make it a variable since it is referenced multiple times in this function scope).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm actually quite confused why this value is being truncated, and why at 100 bytes. What is this doing? This PR doesn't link an issue explaining the problem.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's being truncated because the audit log can't by default store a full copy of binary files that can be gigabytes in size.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be worth (possible even?) storing a hash of the binary data instead of the first 100 bytes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm.. that's an idea for sure. The advantage is that you can actually check if some data is the exact data. The downsides are that you don't get something immediately useful in the log, and that if you don't have the binary data you want to compare to anymore then the hash is useless.

Copy link
Contributor

@samamorgan samamorgan Feb 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would worry about the speed of hashing very large binary data. Say for a 1GB file, I'd expect at least 5 seconds for a hash to be generated if the implementation was purely C.

return repr(raw_value[:100]) + '[truncated {} bytes]'.format(len(raw_value) - 100)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return repr(raw_value[:100]) + '[truncated {} bytes]'.format(len(raw_value) - 100)
return repr(f"{raw_value[:100]}...[truncated {len(raw_value) - 100} bytes]")

else:
return repr(raw_value)
else:
try:
value = smart_str(getattr(obj, field.name, None))
Expand Down