Commit 1bed03d8 authored by Matija Obreza's avatar Matija Obreza
Browse files

Introducing PathValidator

parent 009ccefd
/*
* Copyright 2016 Global Crop Diversity Trust, www.croptrust.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys2.server.filerepository.service.impl;
/**
* Simple path validator
*/
public class PathValidator {
/**
* Checks if path is valid.
*
* @param path the path
* @return true, if path is valid
*/
public static boolean isValidPath(final String path) {
return path != null && path.startsWith("/") && path.endsWith("/") && !path.contains("//")
&& !path.contains(" /") && !path.contains("/ ");
}
}
......@@ -42,7 +42,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Pageable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
/**
* The RepositoryServiceImpl implementation.
......@@ -77,8 +76,12 @@ public class RepositoryServiceImpl implements RepositoryService {
public RepositoryFile addFile(final String repositoryPath, final String originalFilename, final String contentType,
final byte[] bytes, final RepositoryFile metaData) throws InvalidRepositoryPathException,
InvalidRepositoryFileDataException {
if (!isValidPath(repositoryPath))
if (!PathValidator.isValidPath(repositoryPath)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Invalid path provided path=" + repositoryPath);
}
throw new InvalidRepositoryPathException();
}
if (originalFilename == null || contentType == null || bytes == null)
throw new InvalidRepositoryFileDataException();
......@@ -115,8 +118,12 @@ public class RepositoryServiceImpl implements RepositoryService {
public RepositoryImage addImage(final String repositoryPath, final String originalFilename,
final String contentType, final byte[] bytes, final RepositoryImage metaData)
throws InvalidRepositoryPathException, InvalidRepositoryFileDataException {
if (!isValidPath(repositoryPath))
if (!PathValidator.isValidPath(repositoryPath)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Invalid repository path=" + repositoryPath);
}
throw new InvalidRepositoryPathException();
}
if (originalFilename == null || contentType == null || bytes == null)
throw new InvalidRepositoryFileDataException();
......@@ -327,7 +334,7 @@ public class RepositoryServiceImpl implements RepositoryService {
@Transactional
public RepositoryFile moveFile(final RepositoryFile repositoryFile, final String newPath)
throws NoSuchRepositoryFileException, InvalidRepositoryPathException {
if (!isValidPath(newPath))
if (!PathValidator.isValidPath(newPath))
throw new InvalidRepositoryPathException();
if (repositoryFile == null)
......@@ -369,17 +376,6 @@ public class RepositoryServiceImpl implements RepositoryService {
resultFile.setTitle(sourceFile.getTitle());
}
/**
* Checks if is valid path.
*
* @param path the path
* @return true, if is valid path
*/
private boolean isValidPath(final String path) {
return path != null && !StringUtils.containsWhitespace(path) && path.startsWith("/") && path.endsWith("/")
&& !path.contains("//");
}
/*
* (non-Javadoc)
*
......
......@@ -94,7 +94,7 @@ public class S3StorageServiceImpl implements BytesStorageService {
public void upsert(final String path, final String filename, final byte[] data)
throws FileNotFoundException, IOException {
if (!isValidPath(path))
if (!PathValidator.isValidPath(path))
throw new IOException("Path is not valid");
if (filename == null)
......@@ -118,7 +118,7 @@ public class S3StorageServiceImpl implements BytesStorageService {
*/
@Override
public void remove(final String path, final String filename) throws IOException {
if (!isValidPath(path))
if (!PathValidator.isValidPath(path))
throw new IOException("Path is not valid");
if (filename == null)
......@@ -139,7 +139,7 @@ public class S3StorageServiceImpl implements BytesStorageService {
*/
@Override
public byte[] get(final String path, final String filename) throws IOException {
if (!isValidPath(path))
if (!PathValidator.isValidPath(path))
throw new IOException("Path is not valid");
if (filename == null)
......@@ -246,17 +246,6 @@ public class S3StorageServiceImpl implements BytesStorageService {
return mac.doFinal(stringToSign.getBytes("UTF8"));
}
/**
* Checks if path is valid.
*
* @param path the path
* @return true, if path is valid
*/
private boolean isValidPath(final String path) {
return path != null && !StringUtils.containsWhitespace(path) && path.startsWith("/") && path.endsWith("/")
&& !path.contains("//");
}
/**
* Initializes RestTemplate with the interceptor that signs the HTTP requests to AWS.
*
......
......@@ -19,6 +19,8 @@ package org.genesys2.server.filerepository.service;
import static org.hamcrest.CoreMatchers.*;
import static org.junit.Assert.*;
import java.io.IOException;
import org.genesys2.server.filerepository.InvalidRepositoryFileDataException;
import org.genesys2.server.filerepository.InvalidRepositoryPathException;
import org.genesys2.server.filerepository.NoSuchRepositoryFileException;
......@@ -222,4 +224,55 @@ public class FileRepositoryAddTest {
FileRepositoryAddTest.EMPTY_BYTES, null);
}
/**
* Path can contain spaces
*
* @throws NoSuchRepositoryFileException the no such repository file exception
* @throws InvalidRepositoryPathException the invalid repository path exception
* @throws InvalidRepositoryFileDataException the invalid repository file data exception
* @throws IOException
*/
@Test
public void validSpacesInPath() throws NoSuchRepositoryFileException, InvalidRepositoryPathException,
InvalidRepositoryFileDataException, IOException {
for (final String validPath : new String[] { "/valid/he re/", "/va lid/her e/", "/va lid/e/",
"/va lid/1 e/" }) {
try {
final RepositoryFile repoFile = fileRepoService.addFile(validPath, "originalFilename.txt",
"contentType", FileRepositoryAddTest.EMPTY_BYTES, null);
fileRepoService.removeFile(repoFile);
} catch (final InvalidRepositoryPathException e) {
fail("Repository must allow for path=" + validPath);
}
}
}
/**
* Path can contain spaces, but not next to /
*
* @throws NoSuchRepositoryFileException the no such repository file exception
* @throws InvalidRepositoryPathException the invalid repository path exception
* @throws InvalidRepositoryFileDataException the invalid repository file data exception
*/
@Test(expected = InvalidRepositoryPathException.class)
public void invalidSpaceNextToSlashInPath1()
throws NoSuchRepositoryFileException, InvalidRepositoryPathException, InvalidRepositoryFileDataException {
fileRepoService.addFile("/invalidpath/here /", "originalFilename.txt", "contentType",
FileRepositoryAddTest.EMPTY_BYTES, null);
}
/**
* Path can contain spaces, but not next to /
*
* @throws NoSuchRepositoryFileException the no such repository file exception
* @throws InvalidRepositoryPathException the invalid repository path exception
* @throws InvalidRepositoryFileDataException the invalid repository file data exception
*/
@Test(expected = InvalidRepositoryPathException.class)
public void invalidSpaceNextToSlashInPath2()
throws NoSuchRepositoryFileException, InvalidRepositoryPathException, InvalidRepositoryFileDataException {
fileRepoService.addFile("/invalidpath/ orhere/", "originalFilename.txt", "contentType",
FileRepositoryAddTest.EMPTY_BYTES, null);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment