summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2018-01-16 20:57:41 +0000
committerGerrit Code Review <gerrit@onap.org>2018-01-16 20:57:41 +0000
commit528605fe8efa3631291de0b9bf8e498bdbd0c23f (patch)
treee104ccafdcd7e7fd2dff86f0b4d7ac7beeb1ef19
parent49c6b1bf604c3450b729dc348af36ee3af79589b (diff)
parent7f94862a50f552f840cbb2a84ee1c3e20fc3c708 (diff)
Merge "Restrict file upload size in policy editor"
-rw-r--r--ONAP-SDK-APP/xacml.admin.properties5
-rw-r--r--POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java20
-rw-r--r--POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java18
-rw-r--r--packages/base/src/files/install/servers/console/bin/xacml.admin.properties5
4 files changed, 36 insertions, 12 deletions
diff --git a/ONAP-SDK-APP/xacml.admin.properties b/ONAP-SDK-APP/xacml.admin.properties
index 333da49a5..5628d8dd0 100644
--- a/ONAP-SDK-APP/xacml.admin.properties
+++ b/ONAP-SDK-APP/xacml.admin.properties
@@ -200,4 +200,7 @@ policyAdapter.impl.className = org.onap.policy.admin.PolicyAdapter
#Micro Service Model Properties
xacml.policy.msOnapName=http://org.onap
-xacml.policy.msPolicyName=http://org.onap.policy \ No newline at end of file
+xacml.policy.msPolicyName=http://org.onap.policy
+
+#Size limit (in bytes) for file uploads
+file.size.limit=30000000 \ No newline at end of file
diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java
index 151d36a33..2c67b451e 100644
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java
@@ -227,24 +227,24 @@ public class PolicyManagerServlet extends HttpServlet {
if (!item.isFormField()) {
// Process form file field (input type="file").
files.put(item.getName(), item.getInputStream());
- if(item.getName().endsWith(".xls")){
- OutputStream outputStream = null;
- try{
- File file = new File(item.getName());
- outputStream = new FileOutputStream(file);
+ if(item.getName().endsWith(".xls") && item.getSize() <= PolicyController.getFileSizeLimit()){
+ File file = new File(item.getName());
+ try (OutputStream outputStream = new FileOutputStream(file);)
+ {
IOUtils.copy(item.getInputStream(), outputStream);
- outputStream.close();
newFile = file.toString();
PolicyExportAndImportController importController = new PolicyExportAndImportController();
importController.importRepositoryFile(newFile, request);
}catch(Exception e){
LOGGER.error("Upload error : " + e);
- }finally{
- if(outputStream != null){
- outputStream.close();
- }
}
}
+ else if (!item.getName().endsWith(".xls")) {
+ LOGGER.error("Non .xls filetype uploaded: " + item.getName());
+ }
+ else { //uploaded file size is greater than allowed
+ LOGGER.error("Upload file size limit exceeded! File size (Bytes) is: " + item.getSize());
+ }
}
}
diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
index d244cf528..bd8c8287c 100644
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
@@ -144,6 +144,9 @@ public class PolicyController extends RestrictedBaseController {
private static String configHome;
private static String actionHome;
+ //File upload size
+ private static long fileSizeLimit;
+
private static boolean jUnit = false;
@@ -176,6 +179,8 @@ public class PolicyController extends RestrictedBaseController {
}
// load a properties file
prop.load(input);
+ //file upload size limit property
+ setFileSizeLimit(prop.getProperty("file.size.limit"));
//pap url
setPapUrl(prop.getProperty("xacml.rest.pap.url"));
// get the property values
@@ -716,6 +721,19 @@ public class PolicyController extends RestrictedBaseController {
return file;
}
+ public static void setFileSizeLimit(String uploadSize) {
+ //Default size limit is 30MB
+ if (uploadSize == null || uploadSize.isEmpty()) {
+ fileSizeLimit = 30000000;
+ }
+ else {
+ fileSizeLimit = Long.parseLong(uploadSize);
+ }
+ }
+
+ public static long getFileSizeLimit() {
+ return fileSizeLimit;
+ }
public String convertDate(String dateTTL) {
String formateDate = null;
if(dateTTL.contains("-")){
diff --git a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
index 755d0f28b..e0f760b77 100644
--- a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
+++ b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
@@ -207,4 +207,7 @@ onap.dialect = org.hibernate.dialect.MySQLDialect
#Micro Service Model Properties
xacml.policy.msOnapName=${{policy_msOnapName}}
-xacml.policy.msPolicyName=${{policy_msPolicyName}} \ No newline at end of file
+xacml.policy.msPolicyName=${{policy_msPolicyName}}
+
+#Size limit (in bytes) for file uploads
+file.size.limit=30000000 \ No newline at end of file