[BUG][SECURITY]: Uploaded temporary files are not cleaned up when file extraction fails

[Ashvin-KS]

Bug Description

The backend upload processing flow removes uploaded files only on the happy path.

If text extraction fails for a PDF or DOCX file, the temporary uploaded file may remain on disk. This creates an avoidable resource leak and weakens upload hygiene.

The issue is especially relevant for repeated failed uploads or malformed files.

Steps to Reproduce

1. Start the EduAid backend locally.
2. Upload a malformed or corrupted PDF or DOCX file to the /upload endpoint.
3. Trigger an extraction failure.
4. Inspect the upload directory after the request fails.
5. Observe that the temporary file may still remain on disk.

Logs and Screenshots

No screenshot attached.

This issue is visible from the upload-processing flow and can be verified by forcing an extraction failure and checking whether the temporary file is removed.

Environment Details

• OS: Windows 11
• Python Version: 3.10.x
• Flask Version: 2.x
• Repository Branch: main
• Area: Backend file upload processing

Impact

High - Major feature is broken

Code of Conduct

• I have joined the Discord server and will post updates there
• I have searched existing issues to avoid duplicates

[piyush06singhal]

Hi @Ashvin-KS,

Thanks for raising this issue. I’d like to work on fixing it if that’s okay.

My approach would be:

• Review the /upload processing flow in the backend file handling logic.
• Ensure temporary files are always cleaned up regardless of success or failure.
• Introduce a try → except → finally pattern so cleanup runs in the finally block.
• Verify cleanup for both successful extraction and failure cases (e.g., corrupted files).
• Add defensive checks and logging to ensure safe file removal.

Please let me know if this approach aligns with what you had in mind.

[Ashvin-KS]

Hi @piyush06singhal,

Thank you for the detailed feedback and the propose approach! It's spot on—using a try...finally pattern for resource management is exactly the best-practice path for this backend.

I’ve already implemented these changes in PR #591.

The implementation focuses on:

• Guaranteed Cleanup: Refactored the process_file method in backend/Generator/main.py using a try...finally block to ensure os.remove(file_path) is always hit, regardless of whether text extraction succeeds or fails.
• Defensive Logic: Added an existence check before calling os.remove to prevent secondary FileNotFoundError exceptions.
• Safety Scope: Verified that even if the fitz (PyMuPDF) or mammoth extractors throw an exception (e.g., on malicious or corrupted inputs), the temporary server file is deleted immediately.

The PR is already linked to this issue and passing CI. I would appreciate it if you could take a look at the implementation there and share any feedback or additional ideas for the defensive checks you mentioned!

Thanks again for the interest.