From 7f94862a50f552f840cbb2a84ee1c3e20fc3c708 Mon Sep 17 00:00:00 2001 From: "Magnusen, Drew (dm741q)" Date: Wed, 10 Jan 2018 14:41:24 -0600 Subject: Restrict file upload size in policy editor Restrict file upload size in Policy Editory using a configurable value (in bytes) set in xacml.admin.properties. Default value is 30MB. Issue-ID: POLICY-538 Change-Id: I4d8539ab33320446aed250ea4fdc51de585d5f2a Signed-off-by: Magnusen, Drew (dm741q) --- .../org/onap/policy/admin/PolicyManagerServlet.java | 20 ++++++++++---------- .../org/onap/policy/controller/PolicyController.java | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+), 10 deletions(-) (limited to 'POLICY-SDK-APP/src/main/java') diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java index 151d36a33..2c67b451e 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java @@ -227,24 +227,24 @@ public class PolicyManagerServlet extends HttpServlet { if (!item.isFormField()) { // Process form file field (input type="file"). files.put(item.getName(), item.getInputStream()); - if(item.getName().endsWith(".xls")){ - OutputStream outputStream = null; - try{ - File file = new File(item.getName()); - outputStream = new FileOutputStream(file); + if(item.getName().endsWith(".xls") && item.getSize() <= PolicyController.getFileSizeLimit()){ + File file = new File(item.getName()); + try (OutputStream outputStream = new FileOutputStream(file);) + { IOUtils.copy(item.getInputStream(), outputStream); - outputStream.close(); newFile = file.toString(); PolicyExportAndImportController importController = new PolicyExportAndImportController(); importController.importRepositoryFile(newFile, request); }catch(Exception e){ LOGGER.error("Upload error : " + e); - }finally{ - if(outputStream != null){ - outputStream.close(); - } } } + else if (!item.getName().endsWith(".xls")) { + LOGGER.error("Non .xls filetype uploaded: " + item.getName()); + } + else { //uploaded file size is greater than allowed + LOGGER.error("Upload file size limit exceeded! File size (Bytes) is: " + item.getSize()); + } } } diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java index d244cf528..bd8c8287c 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java @@ -144,6 +144,9 @@ public class PolicyController extends RestrictedBaseController { private static String configHome; private static String actionHome; + //File upload size + private static long fileSizeLimit; + private static boolean jUnit = false; @@ -176,6 +179,8 @@ public class PolicyController extends RestrictedBaseController { } // load a properties file prop.load(input); + //file upload size limit property + setFileSizeLimit(prop.getProperty("file.size.limit")); //pap url setPapUrl(prop.getProperty("xacml.rest.pap.url")); // get the property values @@ -716,6 +721,19 @@ public class PolicyController extends RestrictedBaseController { return file; } + public static void setFileSizeLimit(String uploadSize) { + //Default size limit is 30MB + if (uploadSize == null || uploadSize.isEmpty()) { + fileSizeLimit = 30000000; + } + else { + fileSizeLimit = Long.parseLong(uploadSize); + } + } + + public static long getFileSizeLimit() { + return fileSizeLimit; + } public String convertDate(String dateTTL) { String formateDate = null; if(dateTTL.contains("-")){ -- cgit 1.2.3-korg