diff options
author | Jorge Hernandez <jh1730@att.com> | 2018-01-16 20:57:41 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-01-16 20:57:41 +0000 |
commit | 528605fe8efa3631291de0b9bf8e498bdbd0c23f (patch) | |
tree | e104ccafdcd7e7fd2dff86f0b4d7ac7beeb1ef19 | |
parent | 49c6b1bf604c3450b729dc348af36ee3af79589b (diff) | |
parent | 7f94862a50f552f840cbb2a84ee1c3e20fc3c708 (diff) |
Merge "Restrict file upload size in policy editor"
4 files changed, 36 insertions, 12 deletions
diff --git a/ONAP-SDK-APP/xacml.admin.properties b/ONAP-SDK-APP/xacml.admin.properties index 333da49a5..5628d8dd0 100644 --- a/ONAP-SDK-APP/xacml.admin.properties +++ b/ONAP-SDK-APP/xacml.admin.properties @@ -200,4 +200,7 @@ policyAdapter.impl.className = org.onap.policy.admin.PolicyAdapter #Micro Service Model Properties xacml.policy.msOnapName=http://org.onap -xacml.policy.msPolicyName=http://org.onap.policy
\ No newline at end of file +xacml.policy.msPolicyName=http://org.onap.policy + +#Size limit (in bytes) for file uploads +file.size.limit=30000000
\ No newline at end of file diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java index 151d36a33..2c67b451e 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java @@ -227,24 +227,24 @@ public class PolicyManagerServlet extends HttpServlet { if (!item.isFormField()) { // Process form file field (input type="file"). files.put(item.getName(), item.getInputStream()); - if(item.getName().endsWith(".xls")){ - OutputStream outputStream = null; - try{ - File file = new File(item.getName()); - outputStream = new FileOutputStream(file); + if(item.getName().endsWith(".xls") && item.getSize() <= PolicyController.getFileSizeLimit()){ + File file = new File(item.getName()); + try (OutputStream outputStream = new FileOutputStream(file);) + { IOUtils.copy(item.getInputStream(), outputStream); - outputStream.close(); newFile = file.toString(); PolicyExportAndImportController importController = new PolicyExportAndImportController(); importController.importRepositoryFile(newFile, request); }catch(Exception e){ LOGGER.error("Upload error : " + e); - }finally{ - if(outputStream != null){ - outputStream.close(); - } } } + else if (!item.getName().endsWith(".xls")) { + LOGGER.error("Non .xls filetype uploaded: " + item.getName()); + } + else { //uploaded file size is greater than allowed + LOGGER.error("Upload file size limit exceeded! File size (Bytes) is: " + item.getSize()); + } } } diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java index d244cf528..bd8c8287c 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java @@ -144,6 +144,9 @@ public class PolicyController extends RestrictedBaseController { private static String configHome; private static String actionHome; + //File upload size + private static long fileSizeLimit; + private static boolean jUnit = false; @@ -176,6 +179,8 @@ public class PolicyController extends RestrictedBaseController { } // load a properties file prop.load(input); + //file upload size limit property + setFileSizeLimit(prop.getProperty("file.size.limit")); //pap url setPapUrl(prop.getProperty("xacml.rest.pap.url")); // get the property values @@ -716,6 +721,19 @@ public class PolicyController extends RestrictedBaseController { return file; } + public static void setFileSizeLimit(String uploadSize) { + //Default size limit is 30MB + if (uploadSize == null || uploadSize.isEmpty()) { + fileSizeLimit = 30000000; + } + else { + fileSizeLimit = Long.parseLong(uploadSize); + } + } + + public static long getFileSizeLimit() { + return fileSizeLimit; + } public String convertDate(String dateTTL) { String formateDate = null; if(dateTTL.contains("-")){ diff --git a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties index 755d0f28b..e0f760b77 100644 --- a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties +++ b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties @@ -207,4 +207,7 @@ onap.dialect = org.hibernate.dialect.MySQLDialect #Micro Service Model Properties xacml.policy.msOnapName=${{policy_msOnapName}} -xacml.policy.msPolicyName=${{policy_msPolicyName}}
\ No newline at end of file +xacml.policy.msPolicyName=${{policy_msPolicyName}} + +#Size limit (in bytes) for file uploads +file.size.limit=30000000
\ No newline at end of file |