From 9b67e6e6b704d441d7c93e5426c0c553f61d5a0c Mon Sep 17 00:00:00 2001 From: Pascal Grimaud Date: Wed, 30 Mar 2022 19:12:10 +0200 Subject: [PATCH] Fix security hotpost about file --- .../jhipster/lite/common/domain/FileUtils.java | 4 ++-- .../project/domain/ProjectRepository.java | 2 +- .../secondary/ProjectLocalRepository.java | 14 ++++++++------ .../lite/common/domain/FileUtilsTest.java | 10 +++++----- .../secondary/ProjectLocalRepositoryTest.java | 15 +++++++++------ 5 files changed, 25 insertions(+), 20 deletions(-) diff --git a/src/main/java/tech/jhipster/lite/common/domain/FileUtils.java b/src/main/java/tech/jhipster/lite/common/domain/FileUtils.java index 45f7ff036e5..3f64807e26b 100644 --- a/src/main/java/tech/jhipster/lite/common/domain/FileUtils.java +++ b/src/main/java/tech/jhipster/lite/common/domain/FileUtils.java @@ -227,8 +227,8 @@ public static void rename(String source, String sourceFilename, String destinati Files.move(getPathOf(source, sourceFilename), getPathOf(source, destinationFilename)); } - public static byte[] convertFileToByte(String path) throws IOException { - try (InputStream inputStream = new FileInputStream(path);) { + public static byte[] convertFileInTmpToByte(String path) throws IOException { + try (InputStream inputStream = new FileInputStream(getPath(tmpDir(), path))) { return inputStream.readAllBytes(); } } diff --git a/src/main/java/tech/jhipster/lite/generator/project/domain/ProjectRepository.java b/src/main/java/tech/jhipster/lite/generator/project/domain/ProjectRepository.java index de05caff7c3..d48d2297b30 100644 --- a/src/main/java/tech/jhipster/lite/generator/project/domain/ProjectRepository.java +++ b/src/main/java/tech/jhipster/lite/generator/project/domain/ProjectRepository.java @@ -26,7 +26,7 @@ public interface ProjectRepository { void gitAddAndCommit(Project project, String message); void gitApplyPatch(Project project, String patchFilename); - void zip(Project project); + String zip(Project project); byte[] download(Project project); } diff --git a/src/main/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepository.java b/src/main/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepository.java index aeb98917cd7..601fa332edc 100644 --- a/src/main/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepository.java +++ b/src/main/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepository.java @@ -1,10 +1,10 @@ package tech.jhipster.lite.generator.project.infrastructure.secondary; -import static tech.jhipster.lite.common.domain.FileUtils.getPath; -import static tech.jhipster.lite.common.domain.FileUtils.read; +import static tech.jhipster.lite.common.domain.FileUtils.*; import static tech.jhipster.lite.generator.project.domain.Constants.TEMPLATE_FOLDER; import java.io.*; +import java.nio.file.FileSystems; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.StandardCopyOption; @@ -202,10 +202,12 @@ public void gitApplyPatch(Project project, String patchFilename) { } @Override - public void zip(Project project) { + public String zip(Project project) { File workingDir = new File(project.getFolder()); + String filename = workingDir.getName() + ".zip"; try { - ZipUtil.pack(workingDir, new File(workingDir + ".zip")); + ZipUtil.pack(workingDir, new File(tmpDir() + FileSystems.getDefault().getSeparator() + filename)); + return filename; } catch (ZipException e) { throw new GeneratorException("Error when zipping " + project.getFolder(), e); } @@ -213,9 +215,9 @@ public void zip(Project project) { @Override public byte[] download(Project project) { - zip(project); + String filename = zip(project); try { - return FileUtils.convertFileToByte(project.getFolder() + ".zip"); + return FileUtils.convertFileInTmpToByte(filename); } catch (IOException ioe) { throw new GeneratorException("Error when creating ", ioe); } diff --git a/src/test/java/tech/jhipster/lite/common/domain/FileUtilsTest.java b/src/test/java/tech/jhipster/lite/common/domain/FileUtilsTest.java index a9af141a8ce..9b700b7774c 100644 --- a/src/test/java/tech/jhipster/lite/common/domain/FileUtilsTest.java +++ b/src/test/java/tech/jhipster/lite/common/domain/FileUtilsTest.java @@ -13,6 +13,7 @@ import java.io.InputStream; import java.nio.file.*; import java.util.List; +import java.util.UUID; import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.condition.DisabledOnOs; @@ -753,11 +754,10 @@ void shouldNotRename() { } @Test - void shouldConvertFileToByte() throws IOException { - String folder = tmpDirForTest(); - createFolder(folder); - Files.createFile(Paths.get(folder, "hello.world")); + void shouldConvertFileInTmpToByte() throws IOException { + String filename = UUID.randomUUID().toString(); + Files.createFile(Paths.get(tmpDir(), filename)); - assertThat(FileUtils.convertFileToByte(folder + "/hello.world")).isNotNull(); + assertThat(FileUtils.convertFileInTmpToByte(filename)).isNotNull(); } } diff --git a/src/test/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepositoryTest.java b/src/test/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepositoryTest.java index c26f3a2c8bf..54c086461e6 100644 --- a/src/test/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepositoryTest.java +++ b/src/test/java/tech/jhipster/lite/generator/project/infrastructure/secondary/ProjectLocalRepositoryTest.java @@ -2,8 +2,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.*; import static org.mockito.Mockito.never; import static tech.jhipster.lite.TestUtils.*; import static tech.jhipster.lite.common.domain.FileUtils.*; @@ -22,10 +21,11 @@ import java.util.UUID; import java.util.stream.Collectors; import org.eclipse.jgit.api.errors.InvalidConfigurationException; +import org.hamcrest.Matchers; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.ArgumentMatchers; import org.mockito.InjectMocks; -import org.mockito.Mock; import org.mockito.MockedStatic; import org.mockito.Mockito; import org.springframework.test.context.junit.jupiter.SpringExtension; @@ -396,8 +396,10 @@ void shouldNotRename() { @Test void shouldZip() { Project project = tmpProjectWithPomXml(); - repository.zip(project); - assertFileExist(project.getFolder() + ".zip"); + + String result = repository.zip(project); + + assertFileExist(getPath(tmpDir(), result)); } @Test @@ -416,7 +418,8 @@ void shouldDownload() { void shouldNotDownload() { Project project = tmpProjectWithPomXml(); try (MockedStatic fileUtils = Mockito.mockStatic(FileUtils.class)) { - fileUtils.when(() -> FileUtils.convertFileToByte(anyString())).thenThrow(new IOException()); + fileUtils.when(FileUtils::tmpDir).thenCallRealMethod(); + fileUtils.when(() -> FileUtils.convertFileInTmpToByte(anyString())).thenThrow(new IOException()); assertThatThrownBy(() -> repository.download(project)).isExactlyInstanceOf(GeneratorException.class); }