aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2021-07-27 11:19:48 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2021-08-06 09:42:46 +0000
commit84aa83e9203d6f890cc5f425a00ac748d47c5c8f (patch)
treec64d6fe5494e52781fdec406f7f521d6ddd082d5
parent36ff777984fbd728737b264d7aa3933794716519 (diff)
Fix Security Hotspot
Fix for https://sonarcloud.io/project/security_hotspots?id=onap_sdc&hotspots=AXrLK9lDm75TRpHZ3DAu Change-Id: I6427d02bb76618a4b7383e427ce9f762adf73e97 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3657
-rw-r--r--common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarPackageReducerConfiguration.java1
-rw-r--r--common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducer.java15
-rw-r--r--common-be/src/main/java/org/openecomp/sdc/be/csar/storage/exception/CsarSizeReducerException.java4
-rw-r--r--common-be/src/test/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducerTest.java1
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/OrchestrationTemplateCandidateImpl.java8
-rw-r--r--openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/configuration.yaml.erb3
6 files changed, 28 insertions, 4 deletions
diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarPackageReducerConfiguration.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarPackageReducerConfiguration.java
index a14222ab17..08049b4215 100644
--- a/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarPackageReducerConfiguration.java
+++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarPackageReducerConfiguration.java
@@ -29,5 +29,6 @@ public class CsarPackageReducerConfiguration implements PackageSizeReducerConfig
private final Set<Path> foldersToStrip;
private final long sizeLimit;
+ private final int thresholdEntries;
}
diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducer.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducer.java
index 1fef373362..822acc0766 100644
--- a/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducer.java
+++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducer.java
@@ -30,6 +30,7 @@ import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
@@ -100,9 +101,16 @@ public class CsarSizeReducer implements PackageSizeReducer {
}
private Consumer<ZipEntry> signedZipProcessingConsumer(final Path csarPackagePath, final ZipFile zf, final ZipOutputStream zos) {
+ final var thresholdEntries = configuration.getThresholdEntries();
+ final var totalEntryArchive = new AtomicInteger(0);
return zipEntry -> {
final var entryName = zipEntry.getName();
try {
+ if (totalEntryArchive.getAndIncrement() > thresholdEntries) {
+ // too much entries in this archive, can lead to inodes exhaustion of the system
+ final var errorMsg = String.format("Failed to extract '%s' from zip '%s'", entryName, csarPackagePath);
+ throw new CsarSizeReducerException(errorMsg);
+ }
zos.putNextEntry(new ZipEntry(entryName));
if (!zipEntry.isDirectory()) {
if (entryName.toLowerCase().endsWith(CSAR_EXTENSION)) {
@@ -123,8 +131,15 @@ public class CsarSizeReducer implements PackageSizeReducer {
}
private Consumer<ZipEntry> unsignedZipProcessingConsumer(final Path csarPackagePath, final ZipFile zf, final ZipOutputStream zos) {
+ final var thresholdEntries = configuration.getThresholdEntries();
+ final var totalEntryArchive = new AtomicInteger(0);
return zipEntry -> {
final var entryName = zipEntry.getName();
+ if (totalEntryArchive.getAndIncrement() > thresholdEntries) {
+ // too much entries in this archive, can lead to inodes exhaustion of the system
+ final var errorMsg = String.format("Failed to extract '%s' from zip '%s'", entryName, csarPackagePath);
+ throw new CsarSizeReducerException(errorMsg);
+ }
try {
zos.putNextEntry(new ZipEntry(entryName));
if (!zipEntry.isDirectory()) {
diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/exception/CsarSizeReducerException.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/exception/CsarSizeReducerException.java
index f57666ac70..806a415ee8 100644
--- a/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/exception/CsarSizeReducerException.java
+++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/storage/exception/CsarSizeReducerException.java
@@ -27,4 +27,8 @@ public class CsarSizeReducerException extends BusinessException {
public CsarSizeReducerException(final String message, final Throwable cause) {
super(message, cause);
}
+
+ public CsarSizeReducerException(final String message) {
+ super(message);
+ }
}
diff --git a/common-be/src/test/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducerTest.java b/common-be/src/test/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducerTest.java
index eaa5ffeda2..e9748f0a16 100644
--- a/common-be/src/test/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducerTest.java
+++ b/common-be/src/test/java/org/openecomp/sdc/be/csar/storage/CsarSizeReducerTest.java
@@ -62,6 +62,7 @@ class CsarSizeReducerTest {
final var sizeLimit = 150000L;
when(csarPackageReducerConfiguration.getSizeLimit()).thenReturn(sizeLimit);
when(csarPackageReducerConfiguration.getFoldersToStrip()).thenReturn(Set.of(pathToReduce1, pathToReduce2));
+ when(csarPackageReducerConfiguration.getThresholdEntries()).thenReturn(10000);
final var csarPath = Path.of("src/test/resources/csarSizeReducer/" + fileName);
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/OrchestrationTemplateCandidateImpl.java b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/OrchestrationTemplateCandidateImpl.java
index 19f2c5df87..eb78bf0059 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/OrchestrationTemplateCandidateImpl.java
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/OrchestrationTemplateCandidateImpl.java
@@ -132,9 +132,10 @@ public class OrchestrationTemplateCandidateImpl implements OrchestrationTemplate
final var commonConfigurationManager = CommonConfigurationManager.getInstance();
final List<String> foldersToStrip = commonConfigurationManager.getConfigValue(EXTERNAL_CSAR_STORE, "foldersToStrip", new ArrayList<>());
final int sizeLimit = commonConfigurationManager.getConfigValue(EXTERNAL_CSAR_STORE, "sizeLimit", 1000000);
+ final int thresholdEntries = commonConfigurationManager.getConfigValue(EXTERNAL_CSAR_STORE, "thresholdEntries", 10000);
LOGGER.info("Folders to strip: '{}'", String.join(", ", foldersToStrip));
final Set<Path> foldersToStripPathSet = foldersToStrip.stream().map(Path::of).collect(Collectors.toSet());
- return new CsarPackageReducerConfiguration(foldersToStripPathSet, sizeLimit);
+ return new CsarPackageReducerConfiguration(foldersToStripPathSet, sizeLimit, thresholdEntries);
}
private ArtifactStorageConfig readArtifactStorageConfiguration() {
@@ -173,7 +174,7 @@ public class OrchestrationTemplateCandidateImpl implements OrchestrationTemplate
fileToUploadBytes = packageSizeReducer.reduce(artifactInfo.getPath());
} catch (final BusinessException e) {
return Response.status(INTERNAL_SERVER_ERROR).entity(buildUploadResponseWithError(
- new ErrorMessage(ErrorLevel.ERROR, ERROR_HAS_OCCURRED_WHILE_REDUCING_THE_ARTIFACT_SIZE.formatMessage(artifactInfo.getPath()))))
+ new ErrorMessage(ErrorLevel.ERROR, ERROR_HAS_OCCURRED_WHILE_REDUCING_THE_ARTIFACT_SIZE.formatMessage(artifactInfo.getPath()))))
.build();
}
} else {
@@ -189,7 +190,8 @@ public class OrchestrationTemplateCandidateImpl implements OrchestrationTemplate
if (onboardPackageInfo == null) {
final UploadFileResponseDto uploadFileResponseDto = buildUploadResponseWithError(
new ErrorMessage(ErrorLevel.ERROR, PACKAGE_PROCESS_ERROR.formatMessage(filename)));
- return Response.ok(uploadFileResponseDto).build();
+ return Response.ok(uploadFileResponseDto)
+ .build();
}
final var version = new Version(ValidationUtils.sanitizeInputString(versionId));
final var vspDetails = new VspDetails(ValidationUtils.sanitizeInputString(vspId), version);
diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/configuration.yaml.erb b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/configuration.yaml.erb
index 56951377ec..d2c3d10805 100644
--- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/configuration.yaml.erb
+++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/configuration.yaml.erb
@@ -59,4 +59,5 @@ externalCsarStore:
fullPath: "/home/onap/temp/"
foldersToStrip:
- Files/images
- sizeLimit: 10000000 \ No newline at end of file
+ sizeLimit: 10000000
+ thresholdEntries: 10000 \ No newline at end of file