Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Either document or enable --shell-escape usage #25

Open
vincentxavier opened this issue Dec 7, 2022 · 1 comment
Open

Either document or enable --shell-escape usage #25

vincentxavier opened this issue Dec 7, 2022 · 1 comment

Comments

@vincentxavier
Copy link

vincentxavier commented Dec 7, 2022
edited
Loading

When compiling a document that need shell-escape pygmentize (ie minted package); document is generated but only show an error message.

Steps to Reproduce

  • http POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources='[{"main": "true", "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]' > devoir2.pdf
  • got attached file devoir_yto.pdf excepting devoir.pdf
@MonsieurV
Copy link
Member

The payload is not valid, but the server was not handling the error properly.

Now it returns a more explicit response:

$ http -v POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources='[{"main": "true", "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'         

POST /builds/sync HTTP/1.1
Accept: application/json, */*;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 164
Content-Type: application/json
Host: latex.ytotech.com
User-Agent: HTTPie/3.2.1

{
    "compiler": "pdflatex",
    "resources": "[{\"main\": \"true\", \"url\": \"https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex\"}]"
}


HTTP/1.1 400 BAD REQUEST
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 298
Content-Type: application/json
Date: Wed, 07 Dec 2022 15:50:55 GMT
Server: nginx

{
    "error": "INVALID_PAYLOAD_SHAPE",
    "input_spec": {
        "compiler": "pdflatex",
        "resources": "[{\"main\": \"true\", \"url\": \"https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex\"}]"
    },
    "input_spec_mode": "json",
    "shape_errors": {
        "resources": [
            "must be of list type"
        ]
    }
}

Issue with the example payload

As it does not contains any file (like in the multipart example), HTTPie send the payload as JSON. An the resources entry is then invalid, as it is a string (representing the JSON) and not the JSON itself.

It should be (note the := for passing raw json)

http -v POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources:='[{"main": true, "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'

Or with the nested JSON syntax:

http -v POST https://latex.ytotech.com/builds/sync compiler=pdflatex 'resources[0][main]:=true' 'resources[0][url]=https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex'

Or multipart must be "forced" on the HTTP client:

http -v --multipart POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources='[{"main": "true", "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'

Issue with piping to a .pdf file

When piping directly to .pdf file, it is not clear there has been an error reported, as it is not valid PDF: you see a blank PDF. I don't see other ways than to have a system or wrapper that check the HTTP return code first before creating the PDF file (only on 200/201 codes).

With HTTPie is is rather easy, but should not use piping but the --download flag with the --output option.

For eg.

http --multipart --download --output hello.pdf -v POST https://latex.ytotech.com/builds/sync \
    compiler=pdflatex \
    resources='[{"main": true, "content": "\\documentclass{article}\n \\begin{document}\n Hello World\n \\end{document}"}]'

In your case:

http --output devoir2.pdf --download --multipart POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources='[{"main": true, "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'

HTTPie will returns a proper error instead of just silently downloading the error to a PDF file.

About --shell-escape feature

For now it is not available, for security reasons. The compilation environment is isolated from the host, but not between successive compilations. Without specific hardening work, enabling shell-escaping would make it very easy to disturb the service (won't elaborate here).
Now this isolation issue is the next big thing I should work on... but it has been years I didn't put the time for it. It has to be said it is not so trivial a subject (for me at least).
One day!

I kept the issue open for this last one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vincentxavier @MonsieurV