Update jsoup (#1276)
* upgraded jsoup to 1.15.3 * removed deprecated safe html annotation * added own valid string jsoup validator, disabled hibernate parallel method declaration constraint * adapted valid string validator * static method * return invalid value in case of processing exception Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
/**
|
||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
|
||||
*
|
||||
* All rights reserved. This program and the accompanying materials
|
||||
* are made available under the terms of the Eclipse Public License v1.0
|
||||
* which accompanies this distribution, and is available at
|
||||
* http://www.eclipse.org/legal/epl-v10.html
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
import javax.validation.Constraint;
|
||||
import javax.validation.Payload;
|
||||
|
||||
/**
|
||||
* Constraint for strings submitted into the repository.
|
||||
*
|
||||
*/
|
||||
@Constraint(validatedBy = ValidStringValidator.class)
|
||||
@Target({ ElementType.METHOD, ElementType.FIELD, ElementType.ANNOTATION_TYPE, ElementType.CONSTRUCTOR,
|
||||
ElementType.PARAMETER, ElementType.TYPE_USE })
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface ValidString {
|
||||
|
||||
String message() default "Invalid characters in string";
|
||||
|
||||
Class<?>[] groups() default {};
|
||||
|
||||
Class<? extends Payload>[] payload() default {};
|
||||
|
||||
}
|
||||
@@ -0,0 +1,56 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others.
|
||||
*
|
||||
* All rights reserved. This program and the accompanying materials
|
||||
* are made available under the terms of the Eclipse Public License v1.0
|
||||
* which accompanies this distribution, and is available at
|
||||
* http://www.eclipse.org/legal/epl-v10.html
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository;
|
||||
|
||||
import javax.validation.ConstraintValidator;
|
||||
import javax.validation.ConstraintValidatorContext;
|
||||
|
||||
import org.jsoup.Jsoup;
|
||||
import org.jsoup.nodes.Document;
|
||||
import org.jsoup.parser.Parser;
|
||||
import org.jsoup.safety.Cleaner;
|
||||
import org.jsoup.safety.Safelist;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.cronutils.utils.StringUtils;
|
||||
|
||||
/**
|
||||
* Safe html constraint validator for strings submitted into the repository.
|
||||
*
|
||||
*/
|
||||
public class ValidStringValidator implements ConstraintValidator<ValidString, String> {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ValidStringValidator.class);
|
||||
|
||||
private final Cleaner cleaner = new Cleaner(Safelist.none());
|
||||
|
||||
@Override
|
||||
public boolean isValid(final String value, final ConstraintValidatorContext context) {
|
||||
return StringUtils.isEmpty(value) || isValidString(value);
|
||||
}
|
||||
|
||||
private boolean isValidString(final String value) {
|
||||
try {
|
||||
return cleaner.isValid(stringToDocument(value));
|
||||
} catch (final Exception ex) {
|
||||
LOG.error(String.format("There was an exception during bean field value (%s) validation", value), ex);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
private static Document stringToDocument(final String value) {
|
||||
final Document xmlFragment = Jsoup.parse(value, "", Parser.xmlParser());
|
||||
final Document resultingDocument = Document.createShell("");
|
||||
|
||||
xmlFragment.childNodes().forEach(xmlNode -> resultingDocument.body().appendChild(xmlNode.clone()));
|
||||
|
||||
return resultingDocument;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -13,8 +13,7 @@ import java.io.InputStream;
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
|
||||
import org.hibernate.validator.constraints.SafeHtml;
|
||||
import org.hibernate.validator.constraints.SafeHtml.WhiteListType;
|
||||
import org.eclipse.hawkbit.repository.ValidString;
|
||||
|
||||
/**
|
||||
* Use to create a new artifact.
|
||||
@@ -28,7 +27,7 @@ public class ArtifactUpload {
|
||||
private final long moduleId;
|
||||
|
||||
@NotEmpty
|
||||
@SafeHtml(whitelistType = WhiteListType.NONE, message = "Invalid characters in string")
|
||||
@ValidString
|
||||
private final String filename;
|
||||
|
||||
private final String providedMd5Sum;
|
||||
|
||||
Reference in New Issue
Block a user