From 92c83fe593132a522cb26a872d94612373e46315 Mon Sep 17 00:00:00 2001 From: Tomasz Wrobel Date: Thu, 18 Mar 2021 15:03:51 +0100 Subject: Fix sonar issues -Fix thread interrupt bug -Fix security vulnerabilities Issue-ID: SDC-3185 Signed-off-by: Tomasz Wrobel Change-Id: I0e32215a6de9e04a26acfad580701b36278270b0 --- .../helmvalidator/helm/validation/BashExecutor.java | 7 +++++-- .../helmvalidator/helm/validation/FileManager.java | 13 ++++++++++++- .../helm/validation/ValidationService.java | 20 +++++--------------- .../helm/validation/exception/SaveFileException.java | 4 ++++ 4 files changed, 26 insertions(+), 18 deletions(-) (limited to 'src/main/java/org') diff --git a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/BashExecutor.java b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/BashExecutor.java index 066e731..e30659b 100644 --- a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/BashExecutor.java +++ b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/BashExecutor.java @@ -41,15 +41,18 @@ public class BashExecutor { BashOutput execute(String helmCommand) { try { - ProcessBuilder pb = new ProcessBuilder("bash", "-c", helmCommand); + ProcessBuilder pb = new ProcessBuilder("/bin/bash", "-c", helmCommand); pb.redirectErrorStream(true); LOGGER.debug("Start process"); Process process = pb.start(); List processOutput = readOutputAndCloseProcess(process); return new BashOutput(process.exitValue(), processOutput); - } catch (IOException | InterruptedException e) { + } catch (IOException e) { throw new BashExecutionException("Error during bash execution: ", e); + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + throw new BashExecutionException("Bash execution interrupted, error: ", e); } } diff --git a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/FileManager.java b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/FileManager.java index 3617df7..4bc8ea6 100644 --- a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/FileManager.java +++ b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/FileManager.java @@ -47,6 +47,7 @@ public class FileManager { String saveFile(MultipartFile file) { LOGGER.debug("Base PATH: {}", basePath); + try { String filePath = basePath + File.separator + generateFileName(file.getOriginalFilename()); LOGGER.info("Attempt to save file : {}", filePath); @@ -67,6 +68,16 @@ public class FileManager { } private String generateFileName(String fileName) { - return Instant.now().toEpochMilli() + "_" + fileName; + if (isValidFileName(fileName)) { + return Instant.now().toEpochMilli() + "_" + fileName.replaceAll("\\s+", ""); + } + throw new SaveFileException("Not allowed file name"); + } + + private boolean isValidFileName(String fileName) { + if (fileName == null){ + return false; + } + return !fileName.contains("/"); } } diff --git a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/ValidationService.java b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/ValidationService.java index 02f28a3..53689c2 100644 --- a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/ValidationService.java +++ b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/ValidationService.java @@ -99,16 +99,6 @@ public class ValidationService { } private String getSupportedHelmVersion(String desiredVersion, String chartPath) { - String helmVersion = getHelmVersion(desiredVersion, chartPath); - - if (isNotSupportedVersion(helmVersion)) { - throw new NotSupportedVersionException(helmVersion); - } - - return helmVersion; - } - - private String getHelmVersion(String desiredVersion, String chartPath) { if (desiredVersion == null) { return chartBasedVersionProvider.getVersion(chartPath); } @@ -118,7 +108,11 @@ public class ValidationService { return supportedVersionsProvider.getLatestVersion(helmMajorVersion); } - return desiredVersion; + return supportedVersionsProvider.getVersions() + .stream() + .filter(s -> s.equals(desiredVersion)) + .findFirst() + .orElseThrow(() -> new NotSupportedVersionException(desiredVersion)); } private ValidationResult validateChart(String version, MultipartFile file, boolean isLinted, boolean isStrictLinted, @@ -141,10 +135,6 @@ public class ValidationService { return new ValidationResult(templateValidationResult, version); } - private boolean isNotSupportedVersion(String version) { - return !supportedVersionsProvider.getVersions().contains(version); - } - private String buildHelmTemplateCommand(String version, String chartPath) { return "helm-v" + version + " " + TEMPLATE_OPTION + " " + chartPath; diff --git a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/exception/SaveFileException.java b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/exception/SaveFileException.java index cdb9079..59e5b10 100644 --- a/src/main/java/org/onap/sdc/helmvalidator/helm/validation/exception/SaveFileException.java +++ b/src/main/java/org/onap/sdc/helmvalidator/helm/validation/exception/SaveFileException.java @@ -25,4 +25,8 @@ public class SaveFileException extends RuntimeException { public SaveFileException(String message, Throwable cause) { super(message, cause); } + + public SaveFileException(String message) { + super(message); + } } -- cgit 1.2.3-korg