Skip to content

refactor: replace insecure custom downloader with Down::NetHttp #260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alexskr wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

refactor: replace insecure custom downloader with Down::NetHttp #260

alexskr wants to merge 3 commits into from

Conversation

@alexskr
Copy link
Member

@alexskr alexskr commented Nov 14, 2025

refactor: replace insecure custom downloader with Down::NetHttp

  • drop ftp support
  • Harden repository copy path (OntologySubmission.copy_file_repository)
  • Normalize src (accept Tempfile or String path)
  • Sanitize destination filename (strip control/unsafe chars, trim/collapse spaces, remove leading dots, 255-char cap)

@alexskr
refactor: replace insecure custom downloader with Down::NetHttp
3f88c4e 
 - drop ftp support
 - Harden repository copy path (OntologySubmission.copy_file_repository)
 - Normalize src (accept Tempfile or String path)
 - Sanitize destination filename (strip control/unsafe chars, trim/collapse spaces, remove leading dots, 255-char cap)
@codecov
Copy link

codecov bot commented Nov 14, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 90.24390% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.66%. Comparing base (b12f205) to head (10c4e51).

Files with missing lines Patch % Lines
lib/ontologies_linked_data/utils/file.rb 88.00% 3 Missing ⚠️
...tologies_linked_data/models/ontology_submission.rb 93.75% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #260      +/-   ##
===========================================
+ Coverage    80.06%   80.66%   +0.60%     
===========================================
  Files           84       84              
  Lines         5873     5828      -45     
===========================================
- Hits          4702     4701       -1     
+ Misses        1171     1127      -44
Flag Coverage Δ
unittests 80.66% <90.24%> (+0.60%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@alexskr alexskr changed the base branch from master to develop November 14, 2025 17:25
@alexskr
Merge branch 'develop' into refactor/file-download-and-copy
c55a8f6
@alexskr
Remove FTP support, refactor remote_file_exists? to FileHelpers, repl…
10c4e51 
…ace Thin in tests

- Remove all FTP download logic (check_ftp_file, URI::FTP branch, net-ftp dependency)
- Move remote_file_exists? to LinkedData::Utils::FileHelpers and reimplement using Down::NetHttp
- Update download_file to use max_redirects keyword for consistency
- Remove Thin dependency and add Webrick for test environment
@alexskr alexskr marked this pull request as ready for review November 20, 2025 21:33
@alexskr alexskr requested a review from mdorf November 20, 2025 21:40
@alexskr alexskr marked this pull request as draft November 20, 2025 22:09
@alexskr alexskr marked this pull request as ready for review November 21, 2025 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdorf mdorf Awaiting requested review from mdorf

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexskr