diff options
author | Magnusen, Drew (dm741q) <dm741q@att.com> | 2018-01-10 14:41:24 -0600 |
---|---|---|
committer | Magnusen, Drew (dm741q) <dm741q@att.com> | 2018-01-16 09:48:51 -0600 |
commit | 7f94862a50f552f840cbb2a84ee1c3e20fc3c708 (patch) | |
tree | 2c386b622f5c7a6e2e3cd451aeb7cd216b820397 /POLICY-SDK-APP/src/main | |
parent | c7ebb39ee23233b0104d3a0f9b1f8fdd66911d18 (diff) |
Restrict file upload size in policy editor
Restrict file upload size in Policy Editory using a configurable value (in
bytes) set in xacml.admin.properties. Default value is 30MB.
Issue-ID: POLICY-538
Change-Id: I4d8539ab33320446aed250ea4fdc51de585d5f2a
Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
Diffstat (limited to 'POLICY-SDK-APP/src/main')
-rw-r--r-- | POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java | 20 | ||||
-rw-r--r-- | POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java | 18 |
2 files changed, 28 insertions, 10 deletions
diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java index 151d36a33..2c67b451e 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java @@ -227,24 +227,24 @@ public class PolicyManagerServlet extends HttpServlet { if (!item.isFormField()) { // Process form file field (input type="file"). files.put(item.getName(), item.getInputStream()); - if(item.getName().endsWith(".xls")){ - OutputStream outputStream = null; - try{ - File file = new File(item.getName()); - outputStream = new FileOutputStream(file); + if(item.getName().endsWith(".xls") && item.getSize() <= PolicyController.getFileSizeLimit()){ + File file = new File(item.getName()); + try (OutputStream outputStream = new FileOutputStream(file);) + { IOUtils.copy(item.getInputStream(), outputStream); - outputStream.close(); newFile = file.toString(); PolicyExportAndImportController importController = new PolicyExportAndImportController(); importController.importRepositoryFile(newFile, request); }catch(Exception e){ LOGGER.error("Upload error : " + e); - }finally{ - if(outputStream != null){ - outputStream.close(); - } } } + else if (!item.getName().endsWith(".xls")) { + LOGGER.error("Non .xls filetype uploaded: " + item.getName()); + } + else { //uploaded file size is greater than allowed + LOGGER.error("Upload file size limit exceeded! File size (Bytes) is: " + item.getSize()); + } } } diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java index d244cf528..bd8c8287c 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java @@ -144,6 +144,9 @@ public class PolicyController extends RestrictedBaseController { private static String configHome; private static String actionHome; + //File upload size + private static long fileSizeLimit; + private static boolean jUnit = false; @@ -176,6 +179,8 @@ public class PolicyController extends RestrictedBaseController { } // load a properties file prop.load(input); + //file upload size limit property + setFileSizeLimit(prop.getProperty("file.size.limit")); //pap url setPapUrl(prop.getProperty("xacml.rest.pap.url")); // get the property values @@ -716,6 +721,19 @@ public class PolicyController extends RestrictedBaseController { return file; } + public static void setFileSizeLimit(String uploadSize) { + //Default size limit is 30MB + if (uploadSize == null || uploadSize.isEmpty()) { + fileSizeLimit = 30000000; + } + else { + fileSizeLimit = Long.parseLong(uploadSize); + } + } + + public static long getFileSizeLimit() { + return fileSizeLimit; + } public String convertDate(String dateTTL) { String formateDate = null; if(dateTTL.contains("-")){ |