Skip to content

Commit

Permalink
Fix issues in SynapseArtifactUploaderAdmin service
Browse files Browse the repository at this point in the history
  • Loading branch information
msm1992 committed Jul 30, 2024
1 parent 996fee3 commit d51380d
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,25 @@
public class SynapseArtifactUploaderAdmin extends AbstractAdmin {

private static final Log log = LogFactory.getLog(SynapseArtifactUploaderAdmin.class);
private static final String XML_EXTENSION = "xml";

public boolean uploadArtifact(String fileName, DataHandler dataHandler) throws AxisFault {

File artifactDir = new File(getExtensionRepoPath());
File tempDir = new File(CarbonUtils.getCarbonHome() + File.separator + "tmp");
File destinationTempFile = new File(tempDir, fileName);
FileOutputStream fos = null;

String fileExtension = SynapseArtifactUploaderUtil.getFileExtension(fileName);
if (!XML_EXTENSION.equals(fileExtension)) {
throw new AxisFault("Invalid file type: " + fileExtension);
}

try {
if (!SynapseArtifactUploaderUtil.validateFilePath(destinationTempFile, tempDir)) {
throw new AxisFault("Attempt to upload " + destinationTempFile + ". File path is " +
"outside target directory");
}
fos = FileUtils.openOutputStream(destinationTempFile);
dataHandler.writeTo(fos);
} catch (IOException e) {
Expand Down Expand Up @@ -56,6 +67,17 @@ public String[] getArtifacts() {
}

public boolean removeArtifact(String fileName) throws AxisFault {
File destinationFile = new File(getExtensionRepoPath() + File.separator + fileName);
File artifactDir = new File(getExtensionRepoPath());
try {
if (!SynapseArtifactUploaderUtil.validateFilePath(destinationFile, artifactDir)) {
throw new AxisFault("Attempt to delete " + destinationFile + ". File path is " +
"outside target directory");
}
} catch (IOException e) {
handleException("File Delete failed", e);
}

File artifactFile = new File(getExtensionRepoPath() + File.separator + fileName);

if (artifactFile.exists() && artifactFile.isFile()) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package org.wso2.carbon.mediation.artifactuploader.util;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;

/**
Expand Down Expand Up @@ -31,4 +32,29 @@ public static String[] getArtifacts(String extensionsPath) {
return artifactList;
}

/**
* Finds the extension of a given file
*
* @param fileName - name of the file
* @return - extension
*/
public static String getFileExtension(String fileName) {
int index = fileName.lastIndexOf('.');
return fileName.substring(index + 1);
}

/**
* Validates whether the destinationFile is copied to the target directory
*
* @param destinationFile - file to be uploaded or removed
* @param targetDirectory - target directory
* @return true if the destination file is copied to the target directory
* @throws IOException
*/
public static boolean validateFilePath(File destinationFile, File targetDirectory) throws IOException {
String canonicalPathToFile = destinationFile.getCanonicalPath();
String canonicalPathToArtifactDir = targetDirectory.getCanonicalPath();
return canonicalPathToFile.startsWith(canonicalPathToArtifactDir);
}

}

0 comments on commit d51380d

Please sign in to comment.