Fix artifact filename validation (#770)
* use validated ArtifactUpload object when creating a new artifact Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * rename method Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * add regular expression classes Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * add filename validation to UI upload button Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * move filename validation to uploadStarted Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * clean up code for UI error handling during artifact upload, assert filename validation Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * update visibilities Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * clean up code Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * clean up code Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * change RegexChar class to enum and use i18n Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * typo, use StringBuilder Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * typo Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * use dedicated class for collections of regular expression characters Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * remove Optional, remove stringBuilder Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * PR findings Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * make regex validation method static Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com> * use WhiteListType.NONE for filename validation via mgmt-api Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com>
This commit is contained in:
committed by
Dominic Schabel
parent
a2c1e5f132
commit
20d84a10eb
@@ -29,6 +29,7 @@ import org.apache.commons.lang3.RandomStringUtils;
|
||||
import org.eclipse.hawkbit.ddi.rest.api.DdiRestConstants;
|
||||
import org.eclipse.hawkbit.repository.model.Action;
|
||||
import org.eclipse.hawkbit.repository.model.Action.Status;
|
||||
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||
import org.eclipse.hawkbit.repository.model.SoftwareModule;
|
||||
import org.eclipse.hawkbit.repository.model.Target;
|
||||
@@ -129,8 +130,10 @@ public class RootControllerDocumentationTest extends AbstractApiRestDocumentatio
|
||||
set.getModules().forEach(module -> {
|
||||
final byte random[] = RandomStringUtils.random(5).getBytes();
|
||||
|
||||
artifactManagement.create(new ByteArrayInputStream(random), module.getId(), "binary.tgz", false, 0);
|
||||
artifactManagement.create(new ByteArrayInputStream(random), module.getId(), "file.signature", false, 0);
|
||||
artifactManagement.create(
|
||||
new ArtifactUpload(new ByteArrayInputStream(random), module.getId(), "binary.tgz", false, 0));
|
||||
artifactManagement.create(
|
||||
new ArtifactUpload(new ByteArrayInputStream(random), module.getId(), "file.signature", false, 0));
|
||||
});
|
||||
|
||||
final Target target = targetManagement.create(entityFactory.target().create().controllerId(CONTROLLER_ID));
|
||||
@@ -250,8 +253,10 @@ public class RootControllerDocumentationTest extends AbstractApiRestDocumentatio
|
||||
set.getModules().forEach(module -> {
|
||||
final byte random[] = RandomStringUtils.random(5).getBytes();
|
||||
|
||||
artifactManagement.create(new ByteArrayInputStream(random), module.getId(), "binary.tgz", false, 0);
|
||||
artifactManagement.create(new ByteArrayInputStream(random), module.getId(), "file.signature", false, 0);
|
||||
artifactManagement.create(
|
||||
new ArtifactUpload(new ByteArrayInputStream(random), module.getId(), "binary.tgz", false, 0));
|
||||
artifactManagement.create(
|
||||
new ArtifactUpload(new ByteArrayInputStream(random), module.getId(), "file.signature", false, 0));
|
||||
});
|
||||
|
||||
softwareModuleManagement.createMetaData(
|
||||
@@ -426,7 +431,8 @@ public class RootControllerDocumentationTest extends AbstractApiRestDocumentatio
|
||||
final SoftwareModule module = (SoftwareModule) set.getModules().toArray()[0];
|
||||
|
||||
final byte random[] = RandomStringUtils.random(5).getBytes();
|
||||
artifactManagement.create(new ByteArrayInputStream(random), module.getId(), "binaryFile", false, 0);
|
||||
artifactManagement
|
||||
.create(new ArtifactUpload(new ByteArrayInputStream(random), module.getId(), "binaryFile", false, 0));
|
||||
|
||||
final Target target = targetManagement.create(entityFactory.target().create().controllerId(CONTROLLER_ID));
|
||||
deploymentManagement.assignDistributionSet(set.getId(), Arrays.asList(target.getTargetWithActionType()));
|
||||
|
||||
@@ -26,6 +26,7 @@ import org.eclipse.hawkbit.ddi.rest.resource.DdiApiConfiguration;
|
||||
import org.eclipse.hawkbit.mgmt.rest.resource.MgmtApiConfiguration;
|
||||
import org.eclipse.hawkbit.repository.model.Action;
|
||||
import org.eclipse.hawkbit.repository.model.Action.Status;
|
||||
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||
import org.eclipse.hawkbit.repository.model.Target;
|
||||
import org.eclipse.hawkbit.repository.model.TargetUpdateStatus;
|
||||
@@ -178,7 +179,8 @@ public abstract class AbstractApiRestDocumentation extends AbstractRestIntegrati
|
||||
|
||||
distributionSet.getModules().forEach(module -> {
|
||||
final byte[] random = RandomStringUtils.random(5).getBytes();
|
||||
artifactManagement.create(new ByteArrayInputStream(random), module.getId(), "file1", false, 0);
|
||||
artifactManagement
|
||||
.create(new ArtifactUpload(new ByteArrayInputStream(random), module.getId(), "file1", false, 0));
|
||||
softwareModuleManagement.update(entityFactory.softwareModule().update(module.getId())
|
||||
.description("Description of the software module"));
|
||||
});
|
||||
|
||||
@@ -31,6 +31,7 @@ import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
|
||||
import org.eclipse.hawkbit.repository.Constants;
|
||||
import org.eclipse.hawkbit.repository.model.Artifact;
|
||||
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
|
||||
import org.eclipse.hawkbit.repository.model.SoftwareModule;
|
||||
import org.eclipse.hawkbit.rest.documentation.AbstractApiRestDocumentation;
|
||||
import org.eclipse.hawkbit.rest.documentation.ApiModelPropertiesGeneric;
|
||||
@@ -244,7 +245,7 @@ public class SoftwaremodulesDocumentationTest extends AbstractApiRestDocumentati
|
||||
|
||||
final byte random[] = RandomStringUtils.random(5).getBytes();
|
||||
|
||||
artifactManagement.create(new ByteArrayInputStream(random), sm.getId(), "file1", false, 0);
|
||||
artifactManagement.create(new ArtifactUpload(new ByteArrayInputStream(random), sm.getId(), "file1", false, 0));
|
||||
|
||||
mockMvc.perform(
|
||||
get(MgmtRestConstants.SOFTWAREMODULE_V1_REQUEST_MAPPING + "/{softwareModuleId}/artifacts", sm.getId()))
|
||||
@@ -333,8 +334,8 @@ public class SoftwaremodulesDocumentationTest extends AbstractApiRestDocumentati
|
||||
|
||||
final byte random[] = RandomStringUtils.random(5).getBytes();
|
||||
|
||||
final Artifact artifact = artifactManagement.create(new ByteArrayInputStream(random), sm.getId(), "file1",
|
||||
false, 0);
|
||||
final Artifact artifact = artifactManagement
|
||||
.create(new ArtifactUpload(new ByteArrayInputStream(random), sm.getId(), "file1", false, 0));
|
||||
|
||||
mockMvc.perform(delete(
|
||||
MgmtRestConstants.SOFTWAREMODULE_V1_REQUEST_MAPPING + "/{softwareModuleId}/artifacts/{artifactId}",
|
||||
@@ -352,8 +353,8 @@ public class SoftwaremodulesDocumentationTest extends AbstractApiRestDocumentati
|
||||
|
||||
final byte random[] = RandomStringUtils.random(5).getBytes();
|
||||
|
||||
final Artifact artifact = artifactManagement.create(new ByteArrayInputStream(random), sm.getId(), "file1",
|
||||
false, 0);
|
||||
final Artifact artifact = artifactManagement
|
||||
.create(new ArtifactUpload(new ByteArrayInputStream(random), sm.getId(), "file1", false, 0));
|
||||
|
||||
mockMvc.perform(
|
||||
get(MgmtRestConstants.SOFTWAREMODULE_V1_REQUEST_MAPPING + "/{softwareModuleId}/artifacts/{artifactId}",
|
||||
@@ -387,8 +388,8 @@ public class SoftwaremodulesDocumentationTest extends AbstractApiRestDocumentati
|
||||
|
||||
final byte random[] = RandomStringUtils.random(5).getBytes();
|
||||
|
||||
final Artifact artifact = artifactManagement.create(new ByteArrayInputStream(random), sm.getId(), "file1",
|
||||
false, 0);
|
||||
final Artifact artifact = artifactManagement
|
||||
.create(new ArtifactUpload(new ByteArrayInputStream(random), sm.getId(), "file1", false, 0));
|
||||
|
||||
mockMvc.perform(get(MgmtRestConstants.SOFTWAREMODULE_V1_REQUEST_MAPPING
|
||||
+ "/{softwareModuleId}/artifacts/{artifactId}/download", sm.getId(), artifact.getId())
|
||||
|
||||
Reference in New Issue
Block a user