fix: tighten clean tree delete semantics#12406
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fb56e3f47d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| case "unknown_backup": | ||
| if strings.HasPrefix(item.Name, path.Join(global.Dir.LocalBackupDir, "log/website")) { | ||
| dropFileOrDir(item.Name) | ||
| } else { | ||
| dropFile(item.Name) | ||
| } | ||
| dropFileOrDir(item.Name) |
There was a problem hiding this comment.
The new unknown_backup branch now calls dropFileOrDir(item.Name) directly, so any authenticated caller who can hit /toolbox/clean can submit an arbitrary absolute path (for example / or another system directory) and trigger recursive deletion via os.RemoveAll. This is a regression from the prior behavior that only removed non-directory paths outside log/website, and it removes the last server-side guard against destructive directory deletion for forged requests.
Useful? React with 👍 / 👎.
| if (canDeleteNode(item) && item.isCheck) { | ||
| submitCleans.value.push({ treeType: item.type, name: item.name, size: item.size }); | ||
| continue; | ||
| } | ||
| if (item.children) { | ||
| if (hasChildren(item)) { | ||
| loadSubmitCheck(item.children); |
There was a problem hiding this comment.
loadSubmitCheck now queues a checked deletable node and still descends into its children, which causes duplicate clean entries when a checked directory also has checked descendants (common for upload/download trees where directories are marked canDelete). In that case the request includes both parent and child deletions, inflating selected/recorded size and issuing redundant delete operations for paths already removed by the parent.
Useful? React with 👍 / 👎.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wanghe-fit2cloud The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
3 participants
Refs #12399