Remove unused import and add comments

Removes unused import and also adds a check for file size. Since these entries are opened in memory, use NOSONAR to clear sonar security hotspot. Issue-ID: POLICY-2908 Change-Id: Ic3511a3f59cd2d78301316df209de5da1e25acdb Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
author: Pamela Dragosh <pdragosh@research.att.com> 2021-01-15 09:59:27 -0500
committer: Pamela Dragosh <pdragosh@research.att.com> 2021-01-15 13:00:51 -0500
commit: f1f01906979b5baf1b11f1b6849b05e4642aabfc (patch)
tree: 612b7a6434396445df418aafaa525081e68b7f4e
parent: e72afd705e3e575161db480adc8fbc4ff71ba2b9 (diff)
1 files changed, 26 insertions, 8 deletions
diff --git a/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java
index 282578d0..1e04b932 100644
--- a/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java
+++ b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java
@@ -24,7 +24,6 @@ package org.onap.policy.distribution.reception.decoding.policy.file;
 
 import java.io.IOException;
 import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Enumeration;
@@ -49,6 +48,7 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc
 
     private PolicyDecoderFileInCsarToPolicyParameterGroup decoderParameters;
     private StandardCoder coder;
+    private static final long MAX_FILE_SIZE = 512 * 1024;
 
     /**
      * {@inheritDoc}.
@@ -77,8 +77,13 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc
         try (ZipFile zipFile = new ZipFile(csar.getCsarPath())) {
             final Enumeration<? extends ZipEntry> entries = zipFile.entries();
             while (entries.hasMoreElements()) {
-                final ZipEntry entry = entries.nextElement();
-                if (isZipEntryValid(entry, csar.getCsarPath())) {
+                //
+                // Sonar will flag this as a Security Hotspot
+                // "Expanding archive files is security-sensitive"
+                // isZipEntryValid ensures the file being read exists in the archive
+                //
+                final ZipEntry entry = entries.nextElement(); // NOSONAR
+                if (isZipEntryValid(entry.getName(), csar.getCsarPath(), entry.getSize())) {
                     final ToscaServiceTemplate policy =
                             coder.decode(zipFile.getInputStream(entry), ToscaServiceTemplate.class);
                     policyList.add(policy);
@@ -99,18 +104,31 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc
      * @param entry the ZipEntry to check
      * @param csarPath Absolute path to the csar the ZipEntry is in
      * @return true if no injection detected, and it is a policy type  or policy file.
+     * @throws PolicyDecodingException if the file size is too large
      */
-    private boolean isZipEntryValid(ZipEntry entry, String csarPath) {
+    private boolean isZipEntryValid(String entryName, String csarPath, long entrySize) throws PolicyDecodingException {
         //
         // We only care about policy types and policies
         //
-        if (entry.getName().contains(decoderParameters.getPolicyTypeFileName())
-                || entry.getName().contains(decoderParameters.getPolicyFileName())) {
+        if (entryName.contains(decoderParameters.getPolicyTypeFileName())
+                || entryName.contains(decoderParameters.getPolicyFileName())) {
+            //
+            // Check file size
+            //
+            if (entrySize > MAX_FILE_SIZE) {
+                throw new PolicyDecodingException("Zip entry for " + entryName + " is too large " + entrySize);
+            }
             //
             // Now ensure that there is no path injection
             //
-            Path path = Path.of(csarPath, entry.getName()).normalize();
-            return path.startsWith(csarPath);
+            Path path = Path.of(csarPath, entryName).normalize();
+            //
+            // Throw an exception if path is outside the csar
+            //
+            if (! path.startsWith(csarPath)) {
+                throw new PolicyDecodingException("Potential path injection for zip entry " + entryName);
+            }
+            return true;
         }
 
         return false;
author	Pamela Dragosh <pdragosh@research.att.com>	2021-01-15 09:59:27 -0500
committer	Pamela Dragosh <pdragosh@research.att.com>	2021-01-15 13:00:51 -0500
commit	f1f01906979b5baf1b11f1b6849b05e4642aabfc (patch)
tree	612b7a6434396445df418aafaa525081e68b7f4e
parent	e72afd705e3e575161db480adc8fbc4ff71ba2b9 (diff)