From 741ed5883816460a6498174cea46f43951a438cc Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sat, 24 Feb 2024 14:34:09 +0000 Subject: [PATCH] Add a limit on the number of points in a GPS trace --- app/models/trace.rb | 2 +- config/settings.yml | 2 ++ lib/gpx.rb | 10 +++++++++- test/models/trace_test.rb | 12 ++++++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/app/models/trace.rb b/app/models/trace.rb index 2411fb9b7..3ab25ce30 100644 --- a/app/models/trace.rb +++ b/app/models/trace.rb @@ -202,7 +202,7 @@ class Trace < ApplicationRecord logger.info("GPX Import importing #{name} (#{id}) from #{user.email}") file.open do |file| - gpx = GPX::File.new(file.path) + gpx = GPX::File.new(file.path, :maximum_points => Settings.max_trace_size) f_lat = 0 f_lon = 0 diff --git a/config/settings.yml b/config/settings.yml index 6eab4807e..c057be978 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -45,6 +45,8 @@ default_note_query_limit: 100 max_note_query_limit: 10000 # Maximum value of open issues counter for moderators, anything equal or greater to this value "n" is shown as "n+" max_issues_count: 99 +# Maximum number of points in a GPX trace +max_trace_size: 1000000 # Zoom level to use for postcode results from the geocoder postcode_zoom: 15 # Timeout for API calls in seconds diff --git a/lib/gpx.rb b/lib/gpx.rb index 274ece7d9..3e1cb9afa 100644 --- a/lib/gpx.rb +++ b/lib/gpx.rb @@ -6,8 +6,9 @@ module GPX attr_reader :possible_points, :actual_points, :tracksegs - def initialize(file) + def initialize(file, options = {}) @file = file + @maximum_points = options[:maximum_points] || Float::INFINITY end def parse_file(reader) @@ -19,6 +20,7 @@ module GPX if reader.name == "trkpt" point = TrkPt.new(@tracksegs, reader["lat"].to_f, reader["lon"].to_f) @possible_points += 1 + raise FileTooBigError if @possible_points > @maximum_points elsif reader.name == "ele" && point point.altitude = reader.read_string.to_f elsif reader.name == "time" && point @@ -172,4 +174,10 @@ module GPX longitude >= -180 && longitude <= 180 end end + + class FileTooBigError < RuntimeError + def initialise + super("GPX File contains too many points") + end + end end diff --git a/test/models/trace_test.rb b/test/models/trace_test.rb index 1a2376ca8..f95ebe4c3 100644 --- a/test/models/trace_test.rb +++ b/test/models/trace_test.rb @@ -289,6 +289,18 @@ class TraceTest < ActiveSupport::TestCase assert_equal 2, trace.size end + def test_import_enforces_limit + trace = create(:trace, :inserted => false, :fixture => "f") + + with_settings(:max_trace_size => 1) do + assert_raise GPX::FileTooBigError do + trace.import + end + end + + assert_not trace.inserted + end + private def check_query(query, traces) -- 2.39.5