aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/util/ReceptionUtil.java
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/util/ReceptionUtil.java')
-rw-r--r--plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/util/ReceptionUtil.java92
1 files changed, 92 insertions, 0 deletions
diff --git a/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/util/ReceptionUtil.java b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/util/ReceptionUtil.java
new file mode 100644
index 00000000..9c0bab43
--- /dev/null
+++ b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/util/ReceptionUtil.java
@@ -0,0 +1,92 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2022 Nordix Foundation.
+ * Modifications Copyright (C) 2022 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.distribution.reception.util;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
+import org.onap.policy.common.utils.coder.CoderException;
+import org.onap.policy.common.utils.coder.StandardCoder;
+import org.onap.policy.common.utils.coder.StandardYamlCoder;
+import org.onap.policy.distribution.reception.decoding.PolicyDecodingException;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaServiceTemplate;
+
+/**
+ * This class extracts and validates information from a CSAR file.
+ *
+ * @author Sirisha Manchikanti (sirisha.manchikanti@est.tech)
+ */
+public class ReceptionUtil {
+
+ private static StandardCoder coder = new StandardCoder();
+ private static StandardYamlCoder yamlCoder = new StandardYamlCoder();
+ private static final long MAX_FILE_SIZE = 512L * 1024;
+
+ /**
+ * Method to ensure validation of entries in the Zipfile. Attempts to solve path
+ * injection java security issues.
+ *
+ * @param entryName name of the ZipEntry to check
+ * @param csarPath Absolute path to the csar the ZipEntry is in
+ * @param entrySize size of the ZipEntry
+ * @throws PolicyDecodingException if the file size is too large
+ */
+ public static void validateZipEntry(String entryName, String csarPath, long entrySize)
+ throws PolicyDecodingException {
+ //
+ // Check file size
+ //
+ if (entrySize > MAX_FILE_SIZE) {
+ throw new PolicyDecodingException("Zip entry for " + entryName + " is too large " + entrySize);
+ }
+ //
+ // Now ensure that there is no path injection
+ //
+ var path = Path.of(csarPath, entryName).normalize();
+ //
+ // Throw an exception if path is outside the csar
+ //
+ if (! path.startsWith(csarPath)) {
+ throw new PolicyDecodingException("Potential path injection for zip entry " + entryName);
+ }
+ }
+
+ /**
+ * Method to decode either a json or yaml file into an object.
+ *
+ * @param zipFile the zip file
+ * @param entry the entry to read in the zip file.
+ * @return the decoded ToscaServiceTemplate object.
+ * @throws CoderException IOException if the file decoding fails.
+ */
+ public static ToscaServiceTemplate decodeFile(ZipFile zipFile, final ZipEntry entry)
+ throws IOException, CoderException {
+ ToscaServiceTemplate toscaServiceTemplate = null;
+ if (entry.getName().endsWith(".json")) {
+ toscaServiceTemplate = coder.decode(zipFile.getInputStream(entry), ToscaServiceTemplate.class);
+ } else if (entry.getName().endsWith(".yml")) {
+ toscaServiceTemplate = yamlCoder.decode(zipFile.getInputStream(entry), ToscaServiceTemplate.class);
+ }
+ return toscaServiceTemplate;
+ }
+}