fix: prevent file corruption in transform download#219
Open
bhsf-james-pannell wants to merge 1 commit intosailpoint-oss:mainfrom
Open
fix: prevent file corruption in transform download#219bhsf-james-pannell wants to merge 1 commit intosailpoint-oss:mainfrom
bhsf-james-pannell wants to merge 1 commit intosailpoint-oss:mainfrom
Conversation
- Add O_TRUNC flag to WriteFile to properly truncate existing files - Add filename collision detection using in-memory map - Use sanitize.PathName directly instead of manual space stripping Fixes issue where re-downloading transforms or downloading transforms with similar names that sanitize identically would produce corrupted or overwritten JSON files.
|
|
There was a problem hiding this comment.
Pull request overview
Fixes corrupted JSON output produced by sail transform download by ensuring files are correctly overwritten and by reducing accidental overwrites from filename collisions.
Changes:
- Truncate existing files on write to prevent leftover trailing bytes from prior content.
- Generate unique filenames for transforms whose names sanitize to the same base filename.
- Use
sanitize.PathNamefor consistent filename sanitization and switch file open mode to write-only.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
internal/output/output.go |
Updates file open flags to include truncation (O_TRUNC) when overwriting files. |
cmd/transform/download.go |
Adds sanitized filename generation plus in-memory collision handling for transform downloads. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
🎉 Thanks for opening this pull request! Please be sure to check out our contributing guidelines. 🙌 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
he
sail transform downloadcommand produces corrupted JSON files in two scenarios:1. Re-downloading to existing folder
WriteFileusesO_CREATE|O_RDWRwithoutO_TRUNC. When new content is shorter than existing file content, leftover bytes remain, producing invalid JSON.2. Filename collisions
Transform names like "AD - samAccountName" and "AD-samAccountName" both sanitize to
AD-samAccountName.json. The second overwrites the first, and combined with bug #1, produces merged/corrupted content.Changes
O_TRUNCflag toWriteFileto properly truncate existing files-1,-2, etc.)sanitize.PathNamedirectly instead of manual space strippingO_RDWRtoO_WRONLY(write-only, since we never read)Bug: Missing O_TRUNC
Original file (first download):
{ "name": "ToUpper", "type": "upper", "attributes": { "input": { "type": "identityAttribute" } } }After transform is updated and re-downloaded (shorter content):
{ "name": "ToUpper", "type": "upper" }put": { "type": "identityAttribute" } } }Bug: Filename Collision
First transform written:
{ "name": "AD - samAccountName", "type": "accountAttribute", "attributes": { "sourceName": "Active Directory" } }Second transform overwrites (shorter, same sanitized filename):
{ "name": "AD-samAccountName", "type": "static" }ountAttribute", "attributes": { "sourceName": "Active Directory" } }After Fix