-
Bug
-
Resolution: Fixed
-
Blocker
-
4.5
-
MOODLE_405_STABLE
-
MOODLE_405_STABLE
-
MDL-83245-main -
1. Setup requirements:
- Install the exiftool to your local machine by following the instructions on https://exiftool.sourceforge.net/install.html.
If you have any problems following the instructions on the web page, you can always search on your favourite search engine, as I did. I'm running my machine on Ubuntu, so I searched "How to install exiftool on ubuntu", and I found the easiest way to do it by only running "sudo apt install exiftool," which didn't exist in the installation instructions. - Download two attached files: pic.jpg
and pic.tiff
2. Test default setting for fresh install
- Create a new instance, but don't install it yet.
- Pull the patch
- Install via Web
- Navigate to Site Admin > Server > File redact > EXIF remover
- VERIFY the exifremoverenabled is enabled.
Please repeat the whole process, but for the step 3, install the new instance via CLI.
3. Test upgrade
- Login as admin.
- Run the upgrade.
- During the upgrade, VERIFY there is a new setting. EXIF remover setting.
- VERIFY the Enable EXIF remover checkbox is disabled as default.
- Please enable it and leave the other config as-is.
- Save changes.
- Create a course and navigate to the course page.
- Turn ON the edit mode.
- Add a File resources
- Specify the name with "Test EXIF remover".
- At the description, Add an image by uploading the pic.jpg
- At the Select files. Upload the pic.tiff
- Click the Save and Display button.
- VERIFY you see the pic.jpg image.
- Download the image by clicking the image with a right mouse click to show the context menu and then click the "save image as".
- VERIFY there is a text "Click pic.tiff link to view the file" and the "pic.tiff" text is clickable.
- Click the "pic.tiff" link to download the image.
- Open a new browser tab and access https://exif.tools/
- Upload the two images that you have downloaded to the website to view the metada. Please, do it one by one.
- VERIFY the downloaded jpg file doesn't contain the GPS, Aperture, Field Of View, and other existing tag names before the removal.
- VERIFY the downloaded tiff file still has the EXIF tags.
- Repeat the steps based on the below config table and specify the VERIFY column to pass or fail depend on the manual test result. The file redact settings is in the Site admin > Server > File redaction > EXIF remover.
Test name Enabled Path to Exiftool Remove tags Expected JPG Expected TIFF Expected Orientation tag Verify Test 1 Yes Empty Any value All tags removed Tags persist Removed (JPG file only) Pass/Fail Test 2 Yes /usr/bin/exiftool GPS Only GPS tags removed GPS tags removed Still exist Pass/Fail Test 3 Yes /usr/bin/exiftool All All tags removed All tags removed Still exist Pass/Fail Steps to run the PHPUnit for EXIF remover
- Open config.php and add the below codes:
define('TEST_PATH_TO_EXIFTOOL', '/usr/bin/exiftool');
/usr/bin/exiftool is a path to the exiftool. You can replace it according to the location on your machine.
- VERIFY all the tests in files/tests/redactor/manager_test.php are passed.
- VERIFY all the tests in files/tests/redactor/services/exifremover_service_test.php are passed.
1. Setup requirements: Install the exiftool to your local machine by following the instructions on https://exiftool.sourceforge.net/install.html . If you have any problems following the instructions on the web page, you can always search on your favourite search engine, as I did. I'm running my machine on Ubuntu, so I searched "How to install exiftool on ubuntu", and I found the easiest way to do it by only running "sudo apt install exiftool," which didn't exist in the installation instructions. Download two attached files: pic.jpg and pic.tiff 2. Test default setting for fresh install Create a new instance, but don't install it yet. Pull the patch Install via Web Navigate to Site Admin > Server > File redact > EXIF remover VERIFY the exifremoverenabled is enabled. Please repeat the whole process, but for the step 3, install the new instance via CLI. 3. Test upgrade Login as admin. Run the upgrade. During the upgrade, VERIFY there is a new setting. EXIF remover setting. VERIFY the Enable EXIF remover checkbox is disabled as default. Please enable it and leave the other config as-is. Save changes. Create a course and navigate to the course page. Turn ON the edit mode. Add a File resources Specify the name with "Test EXIF remover". At the description, Add an image by uploading the pic.jpg At the Select files. Upload the pic.tiff Click the Save and Display button. VERIFY you see the pic.jpg image. Download the image by clicking the image with a right mouse click to show the context menu and then click the "save image as". VERIFY there is a text " Click pic.tiff link to view the file " and the "pic.tiff" text is clickable. Click the "pic.tiff" link to download the image. Open a new browser tab and access https://exif.tools/ Upload the two images that you have downloaded to the website to view the metada. Please, do it one by one. VERIFY the downloaded jpg file doesn't contain the GPS, Aperture, Field Of View, and other existing tag names before the removal. VERIFY the downloaded tiff file still has the EXIF tags. Repeat the steps based on the below config table and specify the VERIFY column to pass or fail depend on the manual test result. The file redact settings is in the Site admin > Server > File redaction > EXIF remover. Test name Enabled Path to Exiftool Remove tags Expected JPG Expected TIFF Expected Orientation tag Verify Test 1 Yes Empty Any value All tags removed Tags persist Removed (JPG file only) Pass/Fail Test 2 Yes /usr/bin/exiftool GPS Only GPS tags removed GPS tags removed Still exist Pass/Fail Test 3 Yes /usr/bin/exiftool All All tags removed All tags removed Still exist Pass/Fail Steps to run the PHPUnit for EXIF remover Open config.php and add the below codes: define( 'TEST_PATH_TO_EXIFTOOL' , '/usr/bin/exiftool' ); /usr/bin/exiftool is a path to the exiftool. You can replace it according to the location on your machine. VERIFY all the tests in files/tests/redactor/manager_test.php are passed. VERIFY all the tests in files/tests/redactor/services/exifremover_service_test.php are passed. - Install the exiftool to your local machine by following the instructions on https://exiftool.sourceforge.net/install.html.
MDL-75850 introduced a new File Redaction system, located in lib/classes/fileredact.
This works by hooking in to the File Storage API using the after_file_created hook. It attempts to redact file content after the file has been persisted to the Moodle File pool and database. If a redaction is possible then it removes the file storage DB record, creates a new one, and then replaces all of the references to the original file.
To support this it requires the addition of a new $notify parameter when adding files to the file pool to disable the after_file_created hook.
The API itself is called in the form:
$manager = new \core\fileredact\manager($storedfile);
|
$manager->execute();
|
There is no return value from the execute call, and the actual redaction service (not the manager) is responsible for the interaction with the file system API internally to remove and replace the file.
There are a number of issues with this approach, including:
- it is in the wrong subsystem (should be core_files)
- the fileredact L2 namespace is not a valid API (or L2 namespace)
- it operates after the file metadata has been persisted, and after the file itself has been added to the storage pool
- the API design is opaque - the actual changes are hidden behind the API and are hard to understanad
- the API will lead to duplicated code beause the service is responsible for file system API interaction
- the execute method is essentially unnecessary
- the manager is single-file
For me, the most concerning is that we are persisting redactable content. Whilst this has been the case since day dot for Moodle, the point of this service is to not do this any longer. Additionally I do know that it is not accessible by users, but it is still PII that we can remove, and are removing, but just not at the right point.
Secondary to that is the limited nature fo the API.
To address this we should:
- move the operation to before the file is persisted to DB or the file pool using a newly converted component/hook
- move the API to the core_files namespace
- define this as a valid L2 AI
- stop taking a stored_file in the constructor to the manager
- provide options to redact content by either file path, or file content
- have the redaction methods return a relevat value so that the caller can handle the result
- allow the API to work on file content, or file paths
- allow for the API to take other formats in the future
- add unit tests
