Merge pull request #1191 from pascalgrimaud/sonar-fix-security-hotspo…

…t-about-file Fix security hotspot about file
jhipster · Mar 30, 2022 · 0f20601 · 0f20601
2 parents 0da1948 + 98e1299
commit 0f20601
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 18 deletions.
diff --git a/src/main/java/tech/jhipster/lite/common/domain/FileUtils.java b/src/main/java/tech/jhipster/lite/common/domain/FileUtils.java
@@ -227,8 +227,8 @@ public static void rename(String source, String sourceFilename, String destinati
     Files.move(getPathOf(source, sourceFilename), getPathOf(source, destinationFilename));
   }
 
-  public static byte[] convertFileToByte(String path) throws IOException {
-    try (InputStream inputStream = new FileInputStream(path);) {
+  public static byte[] convertFileInTmpToByte(String path) throws IOException {
+    try (InputStream inputStream = new FileInputStream(getPath(tmpDir(), path))) {
       return inputStream.readAllBytes();
     }
   }

diff --git a/src/main/java/tech/jhipster/lite/generator/project/domain/ProjectRepository.java b/src/main/java/tech/jhipster/lite/generator/project/domain/ProjectRepository.java
@@ -26,7 +26,7 @@ public interface ProjectRepository {
   void gitAddAndCommit(Project project, String message);
   void gitApplyPatch(Project project, String patchFilename);
 
-  void zip(Project project);
+  String zip(Project project);
 
   byte[] download(Project project);
 }
diff --git a/...tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepository.java b/...tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepository.java
@@ -1,10 +1,10 @@
 package tech.jhipster.lite.generator.project.infrastructure.secondary;
 
-import static tech.jhipster.lite.common.domain.FileUtils.getPath;
-import static tech.jhipster.lite.common.domain.FileUtils.read;
+import static tech.jhipster.lite.common.domain.FileUtils.*;
 import static tech.jhipster.lite.generator.project.domain.Constants.TEMPLATE_FOLDER;
 
 import java.io.*;
+import java.nio.file.FileSystems;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
@@ -202,20 +202,22 @@ public void gitApplyPatch(Project project, String patchFilename) {
   }
 
   @Override
-  public void zip(Project project) {
+  public String zip(Project project) {
     File workingDir = new File(project.getFolder());
+    String filename = workingDir.getName() + ".zip";
     try {
-      ZipUtil.pack(workingDir, new File(workingDir + ".zip"));
+      ZipUtil.pack(workingDir, new File(tmpDir() + FileSystems.getDefault().getSeparator() + filename));
+      return filename;
     } catch (ZipException e) {
       throw new GeneratorException("Error when zipping " + project.getFolder(), e);
     }
   }
 
   @Override
   public byte[] download(Project project) {
-    zip(project);
+    String filename = zip(project);
     try {
-      return FileUtils.convertFileToByte(project.getFolder() + ".zip");
+      return FileUtils.convertFileInTmpToByte(filename);
     } catch (IOException ioe) {
       throw new GeneratorException("Error when creating ", ioe);
     }

diff --git a/src/test/java/tech/jhipster/lite/common/domain/FileUtilsTest.java b/src/test/java/tech/jhipster/lite/common/domain/FileUtilsTest.java
@@ -13,6 +13,7 @@
 import java.io.InputStream;
 import java.nio.file.*;
 import java.util.List;
+import java.util.UUID;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.condition.DisabledOnOs;
@@ -753,11 +754,10 @@ void shouldNotRename() {
   }
 
   @Test
-  void shouldConvertFileToByte() throws IOException {
-    String folder = tmpDirForTest();
-    createFolder(folder);
-    Files.createFile(Paths.get(folder, "hello.world"));
+  void shouldConvertFileInTmpToByte() throws IOException {
+    String filename = UUID.randomUUID().toString();
+    Files.createFile(Paths.get(tmpDir(), filename));
 
-    assertThat(FileUtils.convertFileToByte(folder + "/hello.world")).isNotNull();
+    assertThat(FileUtils.convertFileInTmpToByte(filename)).isNotNull();
   }
 }
diff --git a/.../jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepositoryTest.java b/.../jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepositoryTest.java
@@ -25,7 +25,6 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
-import org.mockito.Mock;
 import org.mockito.MockedStatic;
 import org.mockito.Mockito;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
@@ -396,8 +395,10 @@ void shouldNotRename() {
   @Test
   void shouldZip() {
     Project project = tmpProjectWithPomXml();
-    repository.zip(project);
-    assertFileExist(project.getFolder() + ".zip");
+
+    String result = repository.zip(project);
+
+    assertFileExist(getPath(tmpDir(), result));
   }
 
   @Test
@@ -416,7 +417,8 @@ void shouldDownload() {
   void shouldNotDownload() {
     Project project = tmpProjectWithPomXml();
     try (MockedStatic<FileUtils> fileUtils = Mockito.mockStatic(FileUtils.class)) {
-      fileUtils.when(() -> FileUtils.convertFileToByte(anyString())).thenThrow(new IOException());
+      fileUtils.when(FileUtils::tmpDir).thenCallRealMethod();
+      fileUtils.when(() -> FileUtils.convertFileInTmpToByte(anyString())).thenThrow(new IOException());
 
       assertThatThrownBy(() -> repository.download(project)).isExactlyInstanceOf(GeneratorException.class);
     }