lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Fix user controlled input sonar finding - add content type (#2013)

Browse Source 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-11-12 09:57:18 +02:00
committed by GitHub
parent 32acb44e31
commit 1e6c9d5efe
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hawkbit-ddi/hawkbit-ddi-resource/src/main/java/org/eclipse/hawkbit/ddi/rest/resource/DdiRootController.java
View File

@@ -782,18 +782,16 @@ public class DdiRootController implements DdiRootControllerRestApi {
* @return the response * @return the response
* @throws IOException cannot write output stream * @throws IOException cannot write output stream
*/ */
private static ResponseEntity<Void> writeMD5FileResponse( private static void writeMD5FileResponse(
final HttpServletResponse response, final String md5Hash, final String filename) throws IOException { final HttpServletResponse response, final String md5Hash, final String filename) throws IOException {
if (md5Hash == null) { if (md5Hash == null) {
return ResponseEntity.notFound().build(); throw new IllegalArgumentException("MD5 hash must not be null");
} }
final byte[] content = (md5Hash + " " + filename).getBytes(StandardCharsets.US_ASCII); final byte[] content = (md5Hash + " " + filename).getBytes(StandardCharsets.US_ASCII);
response.setContentType("text/plain");
response.setContentLength(content.length); response.setContentLength(content.length);
response.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment;filename=" + filename + ARTIFACT_MD5_DWNL_SUFFIX); response.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment;filename=" + filename + ARTIFACT_MD5_DWNL_SUFFIX);
response.getOutputStream().write(content); response.getOutputStream().write(content);
return ResponseEntity.ok().build();
} }
} }