Stowage/browsertrix-crawler
2
0
Fork 0
mirror of https://github.com/webrecorder/browsertrix-crawler.git synced 2025-10-19 14:33:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Write behaviors downloaded from URL to tempdir (#816)

Browse source 
Follow-up to #368 

This makes download locations consistent between custom behaviors
downloaded from URLs and those downloaded from Git repos, and resolves a
container security issue in Browsertrix.
This commit is contained in:
Tessa Walsh 2025-04-04 11:23:29 -04:00 committed by GitHub
parent 28241c824e
commit 2961d3b9f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "browsertrix-crawler", "name": "browsertrix-crawler",
"version": "1.5.10", "version": "1.5.11",
"main": "browsertrix-crawler", "main": "browsertrix-crawler",
"type": "module", "type": "module",
"repository": "https://github.com/webrecorder/browsertrix-crawler", "repository": "https://github.com/webrecorder/browsertrix-crawler",

4
src/util/file_reader.ts
View file

@ -83,7 +83,9 @@ async function collectGitBehaviors(gitUrl: string): Promise<FileSources> {
async function collectOnlineBehavior(url: string): Promise<FileSources> { async function collectOnlineBehavior(url: string): Promise<FileSources> {
const filename = crypto.randomBytes(4).toString("hex") + ".js"; const filename = crypto.randomBytes(4).toString("hex") + ".js";
const behaviorFilepath = `/app/behaviors/${filename}`; const tmpDir = `/tmp/behaviors-${crypto.randomBytes(4).toString("hex")}`;
await fsp.mkdir(tmpDir, { recursive: true });
const behaviorFilepath = path.join(tmpDir, filename);
try { try {
const res = await fetch(url, { dispatcher: getProxyDispatcher() }); const res = await fetch(url, { dispatcher: getProxyDispatcher() });