pulibrary / orangelight / 2d9d2978-cc59-410e-b0a2-90826072e6b0

95%

main: 95%

Pull #5128

circleci

[#5124] Reject requests that contain file uploads

While these file uploads are very limited with regards to how much damage they can
do directly (they are not uploaded to a folder that is served to the web, they are
deleted very quickly by the Rack tempfile reaper or ruby gc very quickly, etc.),
they can set off OIT's security sensors leading to our VMs being quarantined, which
is a threat to the availability of the catalog service.

Users don't need to upload files to the catalog, so let's just reject requests
of this type.

Rack has a nice seam for this: it allows us to supply a tempfile factory to customize
how we store these uploaded files on disk.  This commit simply raises an exception
as our implementation of this factory; I could imagine that implementing a factory
that returns a file handle to /dev/null could work as an alternative approach.

Closes #5124

11 of 11 new or added lines in 1 file covered. (100.0%)

6025 of 6315 relevant lines covered (95.41%)

1520.41 hits per line