From cb872d0f9bf02546955cb713a8fbe7520f6d16d3 Mon Sep 17 00:00:00 2001 From: KrupaNagabhushan Date: Wed, 4 Aug 2021 08:50:25 +0100 Subject: Validate model exists when associating types Issue-ID: SDC-3665 Signed-off-by: KrupaNagabhushan Change-Id: I44de1c5bbd8854d02ae512f65833507aa3cbed6d --- .../be/components/impl/CapabilityTypeImportManager.java | 14 ++++++++++++-- .../sdc/be/components/impl/DataTypeImportManager.java | 12 +++++++++++- .../sdc/be/components/impl/GroupTypeImportManager.java | 14 ++++++++++++-- .../impl/InterfaceLifecycleTypeImportManager.java | 12 +++++++++++- .../sdc/be/components/impl/PolicyTypeImportManager.java | 14 ++++++++++++-- .../components/impl/RelationshipTypeImportManager.java | 17 ++++++++++++++--- .../openecomp/sdc/be/servlets/TypesFetchServlet.java | 3 +++ .../openecomp/sdc/be/servlets/TypesUploadServlet.java | 13 ++++++++++--- 8 files changed, 85 insertions(+), 14 deletions(-) (limited to 'catalog-be/src/main/java') diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/CapabilityTypeImportManager.java b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/CapabilityTypeImportManager.java index 4ce08ea74a..04a8fc88db 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/CapabilityTypeImportManager.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/CapabilityTypeImportManager.java @@ -22,12 +22,15 @@ package org.openecomp.sdc.be.components.impl; import fj.data.Either; import java.util.List; import java.util.Map; +import java.util.Optional; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.ImmutablePair; import org.openecomp.sdc.be.dao.api.ActionStatus; import org.openecomp.sdc.be.model.CapabilityTypeDefinition; +import org.openecomp.sdc.be.model.Model; import org.openecomp.sdc.be.model.operations.api.StorageOperationStatus; import org.openecomp.sdc.be.model.operations.impl.CapabilityTypeOperation; +import org.openecomp.sdc.be.model.operations.impl.ModelOperation; import org.openecomp.sdc.be.model.operations.impl.UniqueIdBuilder; import org.openecomp.sdc.be.model.utils.TypeCompareUtils; import org.openecomp.sdc.be.utils.TypeUtils; @@ -42,11 +45,13 @@ public class CapabilityTypeImportManager { private static final Logger log = Logger.getLogger(CapabilityTypeImportManager.class.getName()); private final CapabilityTypeOperation capabilityTypeOperation; private final CommonImportManager commonImportManager; + private final ModelOperation modelOperation; @Autowired - public CapabilityTypeImportManager(CapabilityTypeOperation capabilityTypeOperation, CommonImportManager commonImportManager) { + public CapabilityTypeImportManager(CapabilityTypeOperation capabilityTypeOperation, CommonImportManager commonImportManager, ModelOperation modelOperation) { this.capabilityTypeOperation = capabilityTypeOperation; this.commonImportManager = commonImportManager; + this.modelOperation = modelOperation; } public Either>, ResponseFormat> createCapabilityTypes(final String capabilityTypesYml, final String modelName) { @@ -57,7 +62,12 @@ public class CapabilityTypeImportManager { private Either, ActionStatus> createCapabilityTypesFromYml(final String capabilityTypesYml, final String modelName) { final Either, ActionStatus> capabilityTypes = commonImportManager.createElementTypesFromYml(capabilityTypesYml, this::createCapabilityType); if (capabilityTypes.isLeft() && StringUtils.isNotEmpty(modelName)){ - capabilityTypes.left().value().forEach(capabilityType -> capabilityType.setModel(modelName)); + final Optional modelOptional = modelOperation.findModelByName(modelName); + if (modelOptional.isPresent()) { + capabilityTypes.left().value().forEach(capabilityType -> capabilityType.setModel(modelName)); + return capabilityTypes; + } + return Either.right(ActionStatus.INVALID_MODEL); } return capabilityTypes; } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/DataTypeImportManager.java b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/DataTypeImportManager.java index 6343eb9b3d..95ef74e93c 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/DataTypeImportManager.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/DataTypeImportManager.java @@ -24,6 +24,7 @@ import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; import javax.annotation.Resource; @@ -34,9 +35,11 @@ import org.openecomp.sdc.be.dao.api.ActionStatus; import org.openecomp.sdc.be.datatypes.elements.PropertyDataDefinition; import org.openecomp.sdc.be.impl.ComponentsUtils; import org.openecomp.sdc.be.model.DataTypeDefinition; +import org.openecomp.sdc.be.model.Model; import org.openecomp.sdc.be.model.PropertyDefinition; import org.openecomp.sdc.be.model.RelationshipTypeDefinition; import org.openecomp.sdc.be.model.operations.api.StorageOperationStatus; +import org.openecomp.sdc.be.model.operations.impl.ModelOperation; import org.openecomp.sdc.be.model.operations.impl.PropertyOperation; import org.openecomp.sdc.be.model.operations.impl.UniqueIdBuilder; import org.openecomp.sdc.be.model.tosca.ToscaPropertyType; @@ -55,6 +58,8 @@ public class DataTypeImportManager { private ComponentsUtils componentsUtils; @Resource private CommonImportManager commonImportManager; + @Resource + private ModelOperation modelOperation; public Either>, ResponseFormat> createDataTypes(final String dataTypeYml, final String modelName) { return commonImportManager @@ -64,7 +69,12 @@ public class DataTypeImportManager { private Either, ActionStatus> createDataTypesFromYml(final String dataTypesYml, final String modelName) { final Either, ActionStatus> dataTypes = commonImportManager.createElementTypesFromYml(dataTypesYml, this::createDataType); if (dataTypes.isLeft() && StringUtils.isNotEmpty(modelName)){ - dataTypes.left().value().forEach(dataType -> dataType.setModel(modelName)); + final Optional modelOptional = modelOperation.findModelByName(modelName); + if (modelOptional.isPresent()) { + dataTypes.left().value().forEach(dataType -> dataType.setModel(modelName)); + return dataTypes; + } + return Either.right(ActionStatus.INVALID_MODEL); } return dataTypes; } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GroupTypeImportManager.java b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GroupTypeImportManager.java index 321ed99ae7..e57c46bbe6 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GroupTypeImportManager.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GroupTypeImportManager.java @@ -23,6 +23,7 @@ import fj.data.Either; import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.ImmutablePair; @@ -35,10 +36,12 @@ import org.openecomp.sdc.be.impl.ComponentsUtils; import org.openecomp.sdc.be.model.CapabilityDefinition; import org.openecomp.sdc.be.model.ComponentInstanceProperty; import org.openecomp.sdc.be.model.GroupTypeDefinition; +import org.openecomp.sdc.be.model.Model; import org.openecomp.sdc.be.model.PropertyDefinition; import org.openecomp.sdc.be.model.jsonjanusgraph.operations.ToscaOperationFacade; import org.openecomp.sdc.be.model.operations.api.StorageOperationStatus; import org.openecomp.sdc.be.model.operations.impl.GroupTypeOperation; +import org.openecomp.sdc.be.model.operations.impl.ModelOperation; import org.openecomp.sdc.be.model.operations.impl.UniqueIdBuilder; import org.openecomp.sdc.be.model.utils.TypeCompareUtils; import org.openecomp.sdc.be.utils.TypeUtils; @@ -55,13 +58,15 @@ public class GroupTypeImportManager { private final ComponentsUtils componentsUtils; private final ToscaOperationFacade toscaOperationFacade; private final CommonImportManager commonImportManager; + private final ModelOperation modelOperation; public GroupTypeImportManager(GroupTypeOperation groupTypeOperation, ComponentsUtils componentsUtils, ToscaOperationFacade toscaOperationFacade, - CommonImportManager commonImportManager) { + CommonImportManager commonImportManager, ModelOperation modelOperation) { this.groupTypeOperation = groupTypeOperation; this.componentsUtils = componentsUtils; this.toscaOperationFacade = toscaOperationFacade; this.commonImportManager = commonImportManager; + this.modelOperation = modelOperation; } public Either>, ResponseFormat> createGroupTypes(ToscaTypeImportData toscaTypeImportData, String modelName) { @@ -71,7 +76,12 @@ public class GroupTypeImportManager { private Either, ActionStatus> createGroupTypesFromYml(String groupTypesYml, String modelName) { Either, ActionStatus> groupTypes = commonImportManager.createElementTypesFromYml(groupTypesYml, this::createGroupType); if (groupTypes.isLeft() && StringUtils.isNotEmpty(modelName)){ - groupTypes.left().value().forEach(groupType -> groupType.setModel(modelName)); + final Optional modelOptional = modelOperation.findModelByName(modelName); + if (modelOptional.isPresent()) { + groupTypes.left().value().forEach(groupType -> groupType.setModel(modelName)); + return groupTypes; + } + return Either.right(ActionStatus.INVALID_MODEL); } return groupTypes; } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/InterfaceLifecycleTypeImportManager.java b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/InterfaceLifecycleTypeImportManager.java index eb8df50d70..ef00d9a92d 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/InterfaceLifecycleTypeImportManager.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/InterfaceLifecycleTypeImportManager.java @@ -26,6 +26,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; +import java.util.Optional; import java.util.stream.Collectors; import javax.annotation.Resource; @@ -36,9 +37,11 @@ import org.openecomp.sdc.be.dao.api.ActionStatus; import org.openecomp.sdc.be.datatypes.enums.JsonPresentationFields; import org.openecomp.sdc.be.impl.ComponentsUtils; import org.openecomp.sdc.be.model.InterfaceDefinition; +import org.openecomp.sdc.be.model.Model; import org.openecomp.sdc.be.model.Operation; import org.openecomp.sdc.be.model.operations.api.IInterfaceLifecycleOperation; import org.openecomp.sdc.be.model.operations.api.StorageOperationStatus; +import org.openecomp.sdc.be.model.operations.impl.ModelOperation; import org.openecomp.sdc.be.model.operations.impl.UniqueIdBuilder; import org.openecomp.sdc.be.utils.TypeUtils.ToscaTagNamesEnum; import org.openecomp.sdc.common.log.wrappers.Logger; @@ -57,6 +60,8 @@ public class InterfaceLifecycleTypeImportManager { private ComponentsUtils componentsUtils; @Resource private CommonImportManager commonImportManager; + @Resource + private ModelOperation modelOperation; public Either, ResponseFormat> createLifecycleTypes(String interfaceLifecycleTypesYml, final String modelName) { Either, ActionStatus> interfaces = createInterfaceTypeFromYml(interfaceLifecycleTypesYml, modelName); @@ -71,7 +76,12 @@ public class InterfaceLifecycleTypeImportManager { private Either, ActionStatus> createInterfaceTypeFromYml(final String interfaceTypesYml, final String modelName) { final Either, ActionStatus> interfaceTypes = commonImportManager.createElementTypesFromYml(interfaceTypesYml, this::createInterfaceDefinition); if (interfaceTypes.isLeft() && StringUtils.isNotEmpty(modelName)){ - interfaceTypes.left().value().forEach(interfaceType -> interfaceType.setModel(modelName)); + final Optional modelOptional = modelOperation.findModelByName(modelName); + if (modelOptional.isPresent()) { + interfaceTypes.left().value().forEach(interfaceType -> interfaceType.setModel(modelName)); + return interfaceTypes; + } + return Either.right(ActionStatus.INVALID_MODEL); } return interfaceTypes; } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/PolicyTypeImportManager.java b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/PolicyTypeImportManager.java index 9fa8e303ac..a3a2c013eb 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/PolicyTypeImportManager.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/PolicyTypeImportManager.java @@ -22,6 +22,7 @@ package org.openecomp.sdc.be.components.impl; import fj.data.Either; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.function.Consumer; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.ImmutablePair; @@ -32,12 +33,14 @@ import org.openecomp.sdc.be.dao.api.ActionStatus; import org.openecomp.sdc.be.datatypes.enums.NodeTypeEnum; import org.openecomp.sdc.be.impl.ComponentsUtils; import org.openecomp.sdc.be.model.GroupTypeDefinition; +import org.openecomp.sdc.be.model.Model; import org.openecomp.sdc.be.model.PolicyTypeDefinition; import org.openecomp.sdc.be.model.jsonjanusgraph.operations.ToscaOperationFacade; import org.openecomp.sdc.be.model.operations.api.IPolicyTypeOperation; import org.openecomp.sdc.be.model.operations.api.StorageOperationStatus; import org.openecomp.sdc.be.model.operations.impl.GroupOperation; import org.openecomp.sdc.be.model.operations.impl.GroupTypeOperation; +import org.openecomp.sdc.be.model.operations.impl.ModelOperation; import org.openecomp.sdc.be.model.operations.impl.UniqueIdBuilder; import org.openecomp.sdc.be.utils.TypeUtils; import org.openecomp.sdc.exception.ResponseFormat; @@ -52,16 +55,18 @@ public class PolicyTypeImportManager { private final ToscaOperationFacade toscaOperationFacade; private final CommonImportManager commonImportManager; private final GroupTypeOperation groupTypeOperation; + private final ModelOperation modelOperation; public PolicyTypeImportManager(IPolicyTypeOperation policyTypeOperation, ComponentsUtils componentsUtils, GroupOperation groupOperation, ToscaOperationFacade toscaOperationFacade, CommonImportManager commonImportManager, - GroupTypeOperation groupTypeOperation) { + GroupTypeOperation groupTypeOperation, ModelOperation modelOperation) { this.policyTypeOperation = policyTypeOperation; this.componentsUtils = componentsUtils; this.groupOperation = groupOperation; this.toscaOperationFacade = toscaOperationFacade; this.commonImportManager = commonImportManager; this.groupTypeOperation = groupTypeOperation; + this.modelOperation = modelOperation; } public Either>, ResponseFormat> createPolicyTypes(ToscaTypeImportData toscaTypeImportData, String modelName) { @@ -71,7 +76,12 @@ public class PolicyTypeImportManager { private Either, ActionStatus> createPolicyTypesFromYml(String policyTypesYml, String modelName) { Either, ActionStatus> policyTypes = commonImportManager.createElementTypesFromYml(policyTypesYml, this::createPolicyType); if (policyTypes.isLeft() && StringUtils.isNotEmpty(modelName)){ - policyTypes.left().value().forEach(policyType -> policyType.setModel(modelName)); + final Optional modelOptional = modelOperation.findModelByName(modelName); + if (modelOptional.isPresent()) { + policyTypes.left().value().forEach(policyType -> policyType.setModel(modelName)); + return policyTypes; + } + return Either.right(ActionStatus.INVALID_MODEL); } return policyTypes; } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/RelationshipTypeImportManager.java b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/RelationshipTypeImportManager.java index dafd7919c1..2165b9f7d1 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/RelationshipTypeImportManager.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/RelationshipTypeImportManager.java @@ -18,12 +18,16 @@ package org.openecomp.sdc.be.components.impl; import fj.data.Either; import java.util.List; import java.util.Map; +import java.util.Optional; +import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.ImmutablePair; import org.openecomp.sdc.be.components.impl.CommonImportManager.ElementTypeEnum; import org.openecomp.sdc.be.dao.api.ActionStatus; import org.openecomp.sdc.be.impl.ComponentsUtils; +import org.openecomp.sdc.be.model.Model; import org.openecomp.sdc.be.model.RelationshipTypeDefinition; import org.openecomp.sdc.be.model.operations.impl.DaoStatusConverter; +import org.openecomp.sdc.be.model.operations.impl.ModelOperation; import org.openecomp.sdc.be.model.operations.impl.RelationshipTypeOperation; import org.openecomp.sdc.be.model.operations.impl.UniqueIdBuilder; import org.openecomp.sdc.be.utils.TypeUtils; @@ -37,13 +41,15 @@ public class RelationshipTypeImportManager { private final RelationshipTypeOperation relationshipTypeOperation; private final CommonImportManager commonImportManager; private final ComponentsUtils componentsUtils; + private final ModelOperation modelOperation; @Autowired public RelationshipTypeImportManager(RelationshipTypeOperation relationshipTypeOperation, CommonImportManager commonImportManager, - ComponentsUtils componentsUtils) { + ComponentsUtils componentsUtils, ModelOperation modelOperation) { this.relationshipTypeOperation = relationshipTypeOperation; this.commonImportManager = commonImportManager; this.componentsUtils = componentsUtils; + this.modelOperation = modelOperation; } public Either>, ResponseFormat> createRelationshipTypes(final String relationshipYml, final String modelName) { @@ -60,8 +66,13 @@ public class RelationshipTypeImportManager { private Either, ActionStatus> createRelationshipTypesFromYml(final String relationshipTypeYml, final String modelName) { final Either, ActionStatus> relationshipTypes = commonImportManager.createElementTypesFromYml(relationshipTypeYml, this::createRelationshipType); - if (relationshipTypes.isLeft()){ - relationshipTypes.left().value().forEach(relationshipType -> relationshipType.setModel(modelName)); + if (relationshipTypes.isLeft() && StringUtils.isNotEmpty(modelName)){ + final Optional modelOptional = modelOperation.findModelByName(modelName); + if (modelOptional.isPresent()) { + relationshipTypes.left().value().forEach(relationshipType -> relationshipType.setModel(modelName)); + return relationshipTypes; + } + return Either.right(ActionStatus.INVALID_MODEL); } return relationshipTypes; } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesFetchServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesFetchServlet.java index 9d3817431f..1c7fe2d470 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesFetchServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesFetchServlet.java @@ -65,6 +65,7 @@ import org.openecomp.sdc.be.user.UserBusinessLogic; import org.openecomp.sdc.common.api.Constants; import org.openecomp.sdc.common.datastructure.Wrapper; import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.common.util.ValidationUtils; import org.openecomp.sdc.exception.ResponseFormat; import org.springframework.stereotype.Controller; @@ -197,6 +198,7 @@ public class TypesFetchServlet extends AbstractValidationsServlet { try { init(); validateUserExist(responseWrapper, userWrapper, userId); + modelName = ValidationUtils.sanitizeInputString(modelName); if (responseWrapper.isEmpty()) { String url = request.getMethod() + " " + request.getRequestURI(); log.debug("Start handle request of {} | modifier id is {}", url, userId); @@ -240,6 +242,7 @@ public class TypesFetchServlet extends AbstractValidationsServlet { try { init(); validateUserExist(responseWrapper, userWrapper, userId); + modelName = ValidationUtils.sanitizeInputString(modelName); if (responseWrapper.isEmpty()) { String url = request.getMethod() + " " + request.getRequestURI(); log.debug("Start handle request of {} | modifier id is {}", url, userId); diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesUploadServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesUploadServlet.java index 0fd4206cd6..79982eaa3a 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesUploadServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesUploadServlet.java @@ -80,6 +80,7 @@ import org.openecomp.sdc.common.datastructure.FunctionalInterfaces.ConsumerThree import org.openecomp.sdc.common.datastructure.FunctionalInterfaces.ConsumerTwoParam; import org.openecomp.sdc.common.datastructure.Wrapper; import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.common.util.ValidationUtils; import org.openecomp.sdc.exception.ResponseFormat; import org.springframework.stereotype.Controller; @@ -132,9 +133,10 @@ public class TypesUploadServlet extends AbstractValidationsServlet { public Response uploadCapabilityType(@Parameter(description = "FileInputStream") @FormDataParam("capabilityTypeZip") File file, @Context final HttpServletRequest request, @HeaderParam("USER_ID") String creator, @Parameter(description = "model") @FormDataParam("model") String modelName) { + final String sanitizedModelName = ValidationUtils.sanitizeInputString(modelName); ConsumerThreeParam, String, String> createElementsMethod = (responseWrapper, ymlPayload, model) -> createElementsType(responseWrapper, - () -> capabilityTypeImportManager.createCapabilityTypes(ymlPayload, modelName)); - return uploadElementTypeServletLogic(createElementsMethod, file, request, creator, NodeTypeEnum.CapabilityType.name(), modelName); + () -> capabilityTypeImportManager.createCapabilityTypes(ymlPayload, sanitizedModelName)); + return uploadElementTypeServletLogic(createElementsMethod, file, request, creator, NodeTypeEnum.CapabilityType.name(), sanitizedModelName); } @POST @@ -149,6 +151,7 @@ public class TypesUploadServlet extends AbstractValidationsServlet { public Response uploadRelationshipType(@Parameter(description = "FileInputStream") @FormDataParam("relationshipTypeZip") File file, @Context final HttpServletRequest request, @HeaderParam("USER_ID") String creator, @Parameter(description = "model") @FormDataParam("model") String modelName) { + modelName = ValidationUtils.sanitizeInputString(modelName); return uploadElementTypeServletLogic(this::createRelationshipTypes, file, request, creator, NodeTypeEnum.RelationshipType.getName(), modelName); } @@ -164,8 +167,9 @@ public class TypesUploadServlet extends AbstractValidationsServlet { public Response uploadInterfaceLifecycleType(@Parameter(description = "FileInputStream") @FormDataParam("interfaceLifecycleTypeZip") File file, @Context final HttpServletRequest request, @HeaderParam("USER_ID") String creator, @Parameter(description = "model") @FormDataParam("model") String modelName) { + final String sanitizedModelName = ValidationUtils.sanitizeInputString(modelName); ConsumerTwoParam, String> createElementsMethod = (responseWrapper, ymlPayload) -> createElementsType(responseWrapper, - () -> interfaceLifecycleTypeImportManager.createLifecycleTypes(ymlPayload, modelName)); + () -> interfaceLifecycleTypeImportManager.createLifecycleTypes(ymlPayload, sanitizedModelName)); return uploadElementTypeServletLogic(createElementsMethod, file, request, creator, "Interface Types"); } @@ -197,6 +201,7 @@ public class TypesUploadServlet extends AbstractValidationsServlet { public Response uploadDataTypes(@Parameter(description = "FileInputStream") @FormDataParam("dataTypesZip") File file, @Context final HttpServletRequest request, @HeaderParam("USER_ID") String creator, @Parameter(description = "model") @FormDataParam("model") String modelName) { + modelName = ValidationUtils.sanitizeInputString(modelName); return uploadElementTypeServletLogic(this::createDataTypes, file, request, creator, NodeTypeEnum.DataType.getName(), modelName); } @@ -213,6 +218,7 @@ public class TypesUploadServlet extends AbstractValidationsServlet { @Parameter(description = "model") @FormDataParam("model") String modelName, @Parameter(description = "FileInputStream") @FormDataParam("groupTypesZip") File file, @Context final HttpServletRequest request, @HeaderParam("USER_ID") String creator) { + modelName = ValidationUtils.sanitizeInputString(modelName); Map typesMetadata = getTypesMetadata(toscaTypesMetaData); return uploadTypesWithMetaData(this::createGroupTypes, typesMetadata, file, request, creator, NodeTypeEnum.GroupType.getName(), modelName); } @@ -230,6 +236,7 @@ public class TypesUploadServlet extends AbstractValidationsServlet { @Parameter(description = "model") @FormDataParam("model") String modelName, @Parameter(description = "FileInputStream") @FormDataParam("policyTypesZip") File file, @Context final HttpServletRequest request, @HeaderParam("USER_ID") String creator) { + modelName = ValidationUtils.sanitizeInputString(modelName); Map typesMetadata = getTypesMetadata(toscaTypesMetaData); return uploadTypesWithMetaData(this::createPolicyTypes, typesMetadata, file, request, creator, NodeTypeEnum.PolicyType.getName(), modelName); } -- cgit 1.2.3-korg