Commit e75ce2b7 authored by Matija Obreza's avatar Matija Obreza
Browse files

Repository path should not contain \?&

parent c54ea4da
......@@ -16,13 +16,20 @@
package org.genesys2.server.filerepository;
// TODO: Auto-generated Javadoc
/**
* The Class InvalidRepositoryPathException.
* The InvalidRepositoryPathException is thrown when Repository is not happy with your selected path.
*/
public class InvalidRepositoryPathException extends FileRepositoryException {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 1L;
private String invalidPath;
public InvalidRepositoryPathException(String path) {
this.invalidPath = path;
}
public String getInvalidPath() {
return invalidPath;
}
}
......@@ -16,6 +16,8 @@
package org.genesys2.server.filerepository.service.impl;
import org.genesys2.server.filerepository.InvalidRepositoryPathException;
/**
* Simple path validator
*/
......@@ -26,8 +28,20 @@ public class PathValidator {
* @param path the path
* @return true, if path is valid
*/
public static boolean isValidPath(final String path) {
return path != null && path.startsWith("/") && path.endsWith("/") && !path.contains("//")
&& !path.contains(" /") && !path.contains("/ ");
protected static boolean isValidPath(final String path) {
return path != null && path.startsWith("/") && path.endsWith("/") && !path.contains("//") && !path.contains(" /") && !path.contains("/ ") && !path.contains("?") && !path.contains("&")
&& !path.contains("\\");
}
/**
* Checks if path is valid and throws InvalidPathException when path is not valid
*
* @param path
* @throws InvalidRepositoryPathException when path is not valid.
*/
public static void checkValidPath(final String path) throws InvalidRepositoryPathException {
if (!isValidPath(path)) {
throw new InvalidRepositoryPathException(path);
}
}
}
......@@ -105,12 +105,7 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
final byte[] bytes, final RepositoryFile metaData)
throws InvalidRepositoryPathException, InvalidRepositoryFileDataException, IOException {
if (!PathValidator.isValidPath(repositoryPath)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Invalid path provided path=" + repositoryPath);
}
throw new InvalidRepositoryPathException();
}
PathValidator.checkValidPath(repositoryPath);
if (originalFilename == null || contentType == null || bytes == null)
throw new InvalidRepositoryFileDataException();
......@@ -154,12 +149,8 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
public RepositoryImage addImage(final String repositoryPath, final String originalFilename,
final String contentType, final byte[] bytes, final RepositoryImage metaData)
throws InvalidRepositoryPathException, InvalidRepositoryFileDataException, IOException {
if (!PathValidator.isValidPath(repositoryPath)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Invalid repository path=" + repositoryPath);
}
throw new InvalidRepositoryPathException();
}
PathValidator.checkValidPath(repositoryPath);
if (originalFilename == null || contentType == null || bytes == null)
throw new InvalidRepositoryFileDataException();
......@@ -392,8 +383,8 @@ public class RepositoryServiceImpl implements RepositoryService, InitializingBea
@Transactional
public RepositoryFile moveFile(final RepositoryFile repositoryFile, final String newPath)
throws NoSuchRepositoryFileException, InvalidRepositoryPathException {
if (!PathValidator.isValidPath(newPath))
throw new InvalidRepositoryPathException();
PathValidator.checkValidPath(newPath);
if (repositoryFile == null)
throw new NoSuchRepositoryFileException();
......
/*
* Copyright 2016 Global Crop Diversity Trust, www.croptrust.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys2.server.filerepository.service;
import org.genesys2.server.filerepository.InvalidRepositoryPathException;
import org.genesys2.server.filerepository.service.impl.PathValidator;
import org.junit.Test;
/**
* Test repository paths.
*/
public class PathValidatorTest {
/**
* Okay paths, should not throw exception
* @throws InvalidRepositoryPathException
*/
@Test
public void testValidPaths() throws InvalidRepositoryPathException {
PathValidator.checkValidPath("/ding/");
}
@Test(expected = InvalidRepositoryPathException.class)
public void failInvalidPath0() throws InvalidRepositoryPathException {
PathValidator.checkValidPath("//");
}
@Test(expected = InvalidRepositoryPathException.class)
public void failInvalidPath1() throws InvalidRepositoryPathException {
PathValidator.checkValidPath("/?param=value&param2=value2_thumb/");
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment