summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Stockhammer <martin_s@apache.org>2019-03-03 00:10:49 +0100
committerMartin Stockhammer <martin_s@apache.org>2019-03-03 00:10:49 +0100
commitcc0d8ad0b525e641855319812877fdc6c8cd327c (patch)
tree3632760dce6982b3dbfdac46357c649a848662f8
parentbe4dab11592ec402fb4349f84fe7c535ce889abc (diff)
downloadarchiva-cc0d8ad0b525e641855319812877fdc6c8cd327c.tar.gz
archiva-cc0d8ad0b525e641855319812877fdc6c8cd327c.zip
Adding additional verifications for upload
-rw-r--r--archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java29
1 files changed, 25 insertions, 4 deletions
diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
index 4fd8f6808..71199866c 100644
--- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
+++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
@@ -69,6 +69,7 @@ import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
+import java.net.URLDecoder;
import java.nio.file.*;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
@@ -115,7 +116,8 @@ public class DefaultFileUploadService
throws IOException
{
Attachment attachment = multipartBody.getAttachment( attachmentId );
- return attachment == null ? "" : IOUtils.toString( attachment.getDataHandler().getInputStream() );
+ return attachment == null ? "" :
+ StringUtils.trim(URLDecoder.decode(IOUtils.toString( attachment.getDataHandler().getInputStream() ), "UTF-8"));
}
@Override
@@ -128,9 +130,26 @@ public class DefaultFileUploadService
String classifier = getStringValue( multipartBody, "classifier" );
String packaging = getStringValue( multipartBody, "packaging" );
+
+ checkParamChars( "classifier", classifier );
+ checkParamChars( "packaging", packaging);
+
// skygo: http header form pomFile was once sending 1 for true and void for false
// leading to permanent false value for pomFile if using toBoolean(); use , "1", ""
- boolean pomFile = BooleanUtils.toBoolean( getStringValue( multipartBody, "pomFile" ) );
+
+ boolean pomFile = false;
+ try
+ {
+ pomFile = BooleanUtils.toBoolean( getStringValue( multipartBody, "pomFile" ) );
+ }
+ catch ( IllegalArgumentException ex )
+ {
+ ArchivaRestServiceException e = new ArchivaRestServiceException("Bad value for boolean pomFile field.", null);
+ e.setHttpErrorCode(422);
+ e.setFieldName( "pomFile" );
+ e.setErrorKey("fileupload.malformed.pomFile");
+ throw e;
+ }
Attachment file = multipartBody.getAttachment( "files[]" );
@@ -141,7 +160,7 @@ public class DefaultFileUploadService
ArchivaRestServiceException e = new ArchivaRestServiceException("Bad filename in upload content: " + fileName + " - File traversal chars (..|/) are not allowed"
, null);
e.setHttpErrorCode(422);
- e.setErrorKey("error.upload.malformed.filename");
+ e.setErrorKey("fileupload.malformed.filename");
throw e;
}
@@ -249,7 +268,7 @@ public class DefaultFileUploadService
if (!hasValidChars(value)) {
ArchivaRestServiceException e = new ArchivaRestServiceException("Bad characters in " + param, null);
e.setHttpErrorCode(422);
- e.setErrorKey("error.upload.malformed.param." + param);
+ e.setErrorKey("fileupload.malformed.param");
e.setFieldName(param);
throw e;
}
@@ -269,8 +288,10 @@ public class DefaultFileUploadService
checkParamChars("repositoryId", repositoryId);
checkParamChars("groupId", groupId);
checkParamChars("artifactId", artifactId);
+ checkParamChars( "version", version);
checkParamChars("packaging", packaging);
+
List<FileMetadata> fileMetadatas = getSessionFilesList();
if ( fileMetadatas == null || fileMetadatas.isEmpty() )
{