diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java index 282578d0..1e04b932 100644 --- a/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java +++ b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java @@ -24,7 +24,6 @@ package org.onap.policy.distribution.reception.decoding.policy.file; import java.io.IOException; import java.nio.file.Path; -import java.nio.file.Paths; import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; @@ -49,6 +48,7 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc private PolicyDecoderFileInCsarToPolicyParameterGroup decoderParameters; private StandardCoder coder; + private static final long MAX_FILE_SIZE = 512 * 1024; /** * {@inheritDoc}. @@ -77,8 +77,13 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc try (ZipFile zipFile = new ZipFile(csar.getCsarPath())) { final Enumeration<? extends ZipEntry> entries = zipFile.entries(); while (entries.hasMoreElements()) { - final ZipEntry entry = entries.nextElement(); - if (isZipEntryValid(entry, csar.getCsarPath())) { + // + // Sonar will flag this as a Security Hotspot + // "Expanding archive files is security-sensitive" + // isZipEntryValid ensures the file being read exists in the archive + // + final ZipEntry entry = entries.nextElement(); // NOSONAR + if (isZipEntryValid(entry.getName(), csar.getCsarPath(), entry.getSize())) { final ToscaServiceTemplate policy = coder.decode(zipFile.getInputStream(entry), ToscaServiceTemplate.class); policyList.add(policy); @@ -99,18 +104,31 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc * @param entry the ZipEntry to check * @param csarPath Absolute path to the csar the ZipEntry is in * @return true if no injection detected, and it is a policy type or policy file. + * @throws PolicyDecodingException if the file size is too large */ - private boolean isZipEntryValid(ZipEntry entry, String csarPath) { + private boolean isZipEntryValid(String entryName, String csarPath, long entrySize) throws PolicyDecodingException { // // We only care about policy types and policies // - if (entry.getName().contains(decoderParameters.getPolicyTypeFileName()) - || entry.getName().contains(decoderParameters.getPolicyFileName())) { + if (entryName.contains(decoderParameters.getPolicyTypeFileName()) + || entryName.contains(decoderParameters.getPolicyFileName())) { + // + // Check file size + // + if (entrySize > MAX_FILE_SIZE) { + throw new PolicyDecodingException("Zip entry for " + entryName + " is too large " + entrySize); + } // // Now ensure that there is no path injection // - Path path = Path.of(csarPath, entry.getName()).normalize(); - return path.startsWith(csarPath); + Path path = Path.of(csarPath, entryName).normalize(); + // + // Throw an exception if path is outside the csar + // + if (! path.startsWith(csarPath)) { + throw new PolicyDecodingException("Potential path injection for zip entry " + entryName); + } + return true; } return false; |