tech.safesquid.com

Hello All,

Recently I was trying to test around the upload section and found a CRASH.
This CRASH happens in the Upload Config Section when the users try to upload a file other than the config.xml or an XML file that is Not SafeSquid's config.xml

The Two Validation missing here is:

• Check whether the file is XML or Not

• If it is XML check for Valid Sections are present or not, Because even if SafeSquid Config FIle is uploaded user might have removed few Sections.

In any of the cases, the Upload Config Sections should Discard the File and provide a valid error to the user.

The Upload Config File Handling is Problem.
Since even if it is any other file it should just be discarded rather than leading to SafeSquid-SWG service getting Stopped.

I hope the problem will be solved in the later versions
[ Current Tested SafeSquid-SWG Version: safesquid-2020.0131.1457.3-swg-standard ]

Below I have attached the logs. for both the scenarios.

Hello All,

The Upload Config Sections does not crashes SafeSquid-SWG Service.
The problem seems like it is mitigated Now. But this Solution has a flaws.
Currently, SafeSquid will not process any NON-Standard SafeSquid Config XML file nor any other file.
BUT the problem over here is, When the file is uploaded in UPLOAD CONFIG Section, the uploaded file is still stored in DIR: /tmp/safesquid
The Size allocated to Partition: /tmp/safesquid is 62M and if user uploads UNNECCESSARY Wrong files, they get stored in DIR: /tmp/safesquid
If the Partition is FULL, user will not be able to Upload New Config Nor will be able to Upgrade SafeSquid-SWG Instance.
Resulting in manual deletion of the files from /tmp/safesquid partitions.
This will also create problems because for debugging purposes few files are stored in Partition: /tmp/safesquid/