#21581 closed Bug (fixed)
collecstatic --clear is too lax about warning users
| Reported by: | loic84 | Owned by: | loic84 |
|---|---|---|---|
| Component: | contrib.staticfiles | Version: | dev |
| Severity: | Release blocker | Keywords: | |
| Cc: | eromijn@… | Triage Stage: | Accepted |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
STATIC_ROOT is not set in the settings.py that ships with the default project template, so STATIC_ROOT = '' from global_settings.py is used instead.
'' is a valid relative path, which means "from the current directory", so common case, you would wipe your whole project, worse case you can wipe your system (assuming you have sufficient privileges).
This is made worse by another bug: we don't display the affected directory.
The isinstance(self.storage, FileSystemStorage) (1) check fails because self.storage is not yet evaluated and still resolves to ConfiguredStorage (2) which is not a FileSystemStorage subclass.
(1) https://github.com/django/django/blob/master/django/contrib/staticfiles/management/commands/collectstatic.py#L141
(2) https://github.com/django/django/blob/master/django/contrib/staticfiles/storage.py#L304
Finally I think --dry-run should print a message that confirms that the command is really run in dry-run mode. Currently, when you do --dry-run --clear, you get a scary warning that you will delete files and you even have to confirm by typing "yes" just like the real command, that's enough to make you doubt that the --dry-run is effective.
I suggest the following:
- Set
global_settings.STATIC_ROOTtoNone. - Add
STATIC_ROOT = os.path.join(BASE_DIR, 'static')to the default template. - Have management commands refuse to run when
settings.STATIC_ROOT == None. - Evaluate
Command.storageone way or another. - Add a warning when the command is run with
--dry-runmode.
Change History (13)
comment:1 by , 10 years ago
| Cc: | added |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:2 by , 10 years ago
| Summary: | collecstatic --clear can potentially wipe clean a user's system. → collecstatic --clear is too lax about warning users |
|---|
Sounds like a plan, loic84
comment:3 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:7 by , 10 years ago
Loic, could you please take a look at #21750? I think we should probably make a change here to avoid that issue (perhaps move the validation of STATIC_ROOT to collectstatic).
comment:10 by , 10 years ago
FYI, I'm embarrassed to report that I just did this exact thing in 1.6.1 and wiped out my entire project! Thanks to VCS I was able to recover easily, but, yikes. Thanks Loic for finding and fixing this.
comment:11 by , 10 years ago
@marfire I can relate to your story since this happened to me on a staging server. I was quite grateful that my fabric task performed a cd to the project folder and didn't execute /srv/project/manage.py from my user directory!
The tricky part is that since [3f1c7b70537330435e2ec2fca9550f7b7fa4372e], STATIC_ROOT isn't present in the settings.py shipped by the default template, so it's a lot easier to forget setting it to a meaningful value, which in turn exposes to this bug.
Hopefully we'll be able to release 1.6.2 soon enough so we can forget about this bug.
Yes, this does seem quite serious. I think your suggestions are a good way to go, although I don't know this area of Django very well.