summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMagnusen, Drew (dm741q) <dm741q@att.com>2018-01-10 14:41:24 -0600
committerMagnusen, Drew (dm741q) <dm741q@att.com>2018-01-16 09:48:51 -0600
commit7f94862a50f552f840cbb2a84ee1c3e20fc3c708 (patch)
tree2c386b622f5c7a6e2e3cd451aeb7cd216b820397
parentc7ebb39ee23233b0104d3a0f9b1f8fdd66911d18 (diff)
Restrict file upload size in policy editor
Restrict file upload size in Policy Editory using a configurable value (in bytes) set in xacml.admin.properties. Default value is 30MB. Issue-ID: POLICY-538 Change-Id: I4d8539ab33320446aed250ea4fdc51de585d5f2a Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
-rw-r--r--ONAP-SDK-APP/xacml.admin.properties5
-rw-r--r--POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java20
-rw-r--r--POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java18
-rw-r--r--packages/base/src/files/install/servers/console/bin/xacml.admin.properties5
4 files changed, 36 insertions, 12 deletions
diff --git a/ONAP-SDK-APP/xacml.admin.properties b/ONAP-SDK-APP/xacml.admin.properties
index 333da49a5..5628d8dd0 100644
--- a/ONAP-SDK-APP/xacml.admin.properties
+++ b/ONAP-SDK-APP/xacml.admin.properties
@@ -200,4 +200,7 @@ policyAdapter.impl.className = org.onap.policy.admin.PolicyAdapter
#Micro Service Model Properties
xacml.policy.msOnapName=http://org.onap
-xacml.policy.msPolicyName=http://org.onap.policy \ No newline at end of file
+xacml.policy.msPolicyName=http://org.onap.policy
+
+#Size limit (in bytes) for file uploads
+file.size.limit=30000000 \ No newline at end of file
diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java
index 151d36a33..2c67b451e 100644
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java
@@ -227,24 +227,24 @@ public class PolicyManagerServlet extends HttpServlet {
if (!item.isFormField()) {
// Process form file field (input type="file").
files.put(item.getName(), item.getInputStream());
- if(item.getName().endsWith(".xls")){
- OutputStream outputStream = null;
- try{
- File file = new File(item.getName());
- outputStream = new FileOutputStream(file);
+ if(item.getName().endsWith(".xls") && item.getSize() <= PolicyController.getFileSizeLimit()){
+ File file = new File(item.getName());
+ try (OutputStream outputStream = new FileOutputStream(file);)
+ {
IOUtils.copy(item.getInputStream(), outputStream);
- outputStream.close();
newFile = file.toString();
PolicyExportAndImportController importController = new PolicyExportAndImportController();
importController.importRepositoryFile(newFile, request);
}catch(Exception e){
LOGGER.error("Upload error : " + e);
- }finally{
- if(outputStream != null){
- outputStream.close();
- }
}
}
+ else if (!item.getName().endsWith(".xls")) {
+ LOGGER.error("Non .xls filetype uploaded: " + item.getName());
+ }
+ else { //uploaded file size is greater than allowed
+ LOGGER.error("Upload file size limit exceeded! File size (Bytes) is: " + item.getSize());
+ }
}
}
diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
index d244cf528..bd8c8287c 100644
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
@@ -144,6 +144,9 @@ public class PolicyController extends RestrictedBaseController {
private static String configHome;
private static String actionHome;
+ //File upload size
+ private static long fileSizeLimit;
+
private static boolean jUnit = false;
@@ -176,6 +179,8 @@ public class PolicyController extends RestrictedBaseController {
}
// load a properties file
prop.load(input);
+ //file upload size limit property
+ setFileSizeLimit(prop.getProperty("file.size.limit"));
//pap url
setPapUrl(prop.getProperty("xacml.rest.pap.url"));
// get the property values
@@ -716,6 +721,19 @@ public class PolicyController extends RestrictedBaseController {
return file;
}
+ public static void setFileSizeLimit(String uploadSize) {
+ //Default size limit is 30MB
+ if (uploadSize == null || uploadSize.isEmpty()) {
+ fileSizeLimit = 30000000;
+ }
+ else {
+ fileSizeLimit = Long.parseLong(uploadSize);
+ }
+ }
+
+ public static long getFileSizeLimit() {
+ return fileSizeLimit;
+ }
public String convertDate(String dateTTL) {
String formateDate = null;
if(dateTTL.contains("-")){
diff --git a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
index 755d0f28b..e0f760b77 100644
--- a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
+++ b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
@@ -207,4 +207,7 @@ onap.dialect = org.hibernate.dialect.MySQLDialect
#Micro Service Model Properties
xacml.policy.msOnapName=${{policy_msOnapName}}
-xacml.policy.msPolicyName=${{policy_msPolicyName}} \ No newline at end of file
+xacml.policy.msPolicyName=${{policy_msPolicyName}}
+
+#Size limit (in bytes) for file uploads
+file.size.limit=30000000 \ No newline at end of file