Commit 67e3f93f authored by Frédéric Praca's avatar Frédéric Praca
Browse files

- Fixed #WEBLAB-404 : added a subclass to FileContentManager that takes care...

- Fixed #WEBLAB-404 : added a subclass to FileContentManager that takes care about the location of the file in the content manager repository.
- SecureFileContentManager is now the default implementation
parent 33e33ba3
...@@ -45,13 +45,13 @@ public class ContentManager { ...@@ -45,13 +45,13 @@ public class ContentManager {
public static final String READER_IMPLEMENTATION = "reader.implementation"; public static final String READER_IMPLEMENTATION = "reader.implementation";
public static final String READER_DEFAULT_IMPLEMENTATION = "org.ow2.weblab.content.impl.FileContentManager"; public static final String READER_DEFAULT_IMPLEMENTATION = "org.ow2.weblab.content.impl.SecureFileContentManager";
public static final String WRITER_IMPLEMENTATION = "writer.implementation"; public static final String WRITER_IMPLEMENTATION = "writer.implementation";
public static final String WRITER_DEFAULT_IMPLEMENTATION = "org.ow2.weblab.content.impl.FileContentManager"; public static final String WRITER_DEFAULT_IMPLEMENTATION = "org.ow2.weblab.content.impl.SecureFileContentManager";
protected static ContentManager instance; protected static ContentManager instance;
......
...@@ -184,4 +184,12 @@ public class FileContentManager implements ContentReader, ContentWriter { ...@@ -184,4 +184,12 @@ public class FileContentManager implements ContentReader, ContentWriter {
this.logger.info(FileContentManager.FOLDER_CONTENT_PATH + "=" + this.contentFolderPath); this.logger.info(FileContentManager.FOLDER_CONTENT_PATH + "=" + this.contentFolderPath);
this.contentFolder = folder; this.contentFolder = folder;
} }
protected File getContentFolder() {
return contentFolder;
}
protected Log getLogger() {
return logger;
}
} }
package org.ow2.weblab.content.impl;
import java.io.File;
import java.net.URI;
import org.ow2.weblab.core.extended.exception.WebLabCheckedException;
import org.ow2.weblab.core.extended.exception.WebLabUncheckedException;
public final class SecureFileContentManager extends FileContentManager {
public SecureFileContentManager() {
//Nothing special to do
}
/**
* This method overrides the unsecure one by verifying if the generated path for
* files is a child of the file content manager path
*/
@Override
public File readContent(URI destUri) throws WebLabCheckedException {
File fileToSecure_l = super.readContent(destUri);
//Check that the file returned by the parent function is inside our path
URI contentFolderURI_l = getContentFolder().toURI();
URI fileToSecureURI_l = fileToSecure_l.toURI();
URI resultingURI_l = contentFolderURI_l.relativize(fileToSecureURI_l);
getLogger().debug("URI relativized : " + resultingURI_l);
if ((resultingURI_l.compareTo(fileToSecureURI_l) == 0) || (resultingURI_l.isAbsolute())) {
throw new WebLabUncheckedException("File " + fileToSecure_l.getPath() + " is not within Content Manager repository");
}
return fileToSecure_l;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment