gerrit.onap Code Review - sdc.git/commit

author	andre.schmid <andre.schmid@est.tech>
	Fri, 27 Sep 2019 12:27:11 +0000 (13:27 +0100)
committer	Ofir Sonsino <ofir.sonsino@intl.att.com>
	Wed, 30 Oct 2019 09:47:54 +0000 (09:47 +0000)
commit	bf5eeb23a769a2e2b75f432b74f10fdbcfd2f161
tree	fa27998ee6efef6f7651315cbf71271130fca025	tree \| snapshot
parent	19773b769c6762a12876064c70a34cc31d2b12da	commit \| diff

Fix zip slip security flaw

Apply zip slip checking in zip operations throughout the system.
Centralizes most of the zip logic in one class. Create tests to zip
functionalities and zip slip problem.

Change-Id: I721f3d44b34fe6d242c9537f5a515ce1bb534c9a
Issue-ID: SDC-1401
Signed-off-by: andre.schmid <andre.schmid@est.tech>

44 files changed:

catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java		diff \| blob \| history
catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourceUploadServlet.java		diff \| blob \| history
catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java		diff \| blob \| history
catalog-be/src/main/java/org/openecomp/sdc/be/servlets/TypesUploadEndpoint.java		diff \| blob \| history
catalog-be/src/main/java/org/openecomp/sdc/be/tosca/CsarUtils.java		diff \| blob \| history
catalog-be/src/test/java/org/openecomp/sdc/ZipUtil.java	[deleted file]	blob \| history
catalog-be/src/test/java/org/openecomp/sdc/be/components/csar/CsarBusinessLogicTest.java		diff \| blob \| history
catalog-be/src/test/java/org/openecomp/sdc/be/components/csar/CsarInfoTest.java		diff \| blob \| history
catalog-be/src/test/java/org/openecomp/sdc/be/components/impl/utils/YamlTemplateParsingHandlerTest.java		diff \| blob \| history
catalog-model/src/main/java/org/openecomp/sdc/be/model/operations/impl/CsarOperation.java		diff \| blob \| history
catalog-model/src/main/java/org/openecomp/sdc/be/model/operations/impl/OnboardingClient.java		diff \| blob \| history
common-app-api/pom.xml		diff \| blob \| history
common-app-api/src/main/java/org/openecomp/sdc/common/util/ZipUtil.java	[deleted file]	blob \| history
common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java	[new file with mode: 0644]	blob
common-app-api/src/main/java/org/openecomp/sdc/common/zip/exception/ZipException.java	[new file with mode: 0644]	blob
common-app-api/src/main/java/org/openecomp/sdc/common/zip/exception/ZipSlipException.java	[new file with mode: 0644]	blob
common-app-api/src/test/java/org/openecomp/sdc/common/util/ZipUtilTest.java	[deleted file]	blob \| history
common-app-api/src/test/java/org/openecomp/sdc/common/zip/ZipUtilsTest.java	[new file with mode: 0644]	blob
common-app-api/src/test/resources/zip-slip/zip-slip-linux.zip	[new file with mode: 0644]	blob
common-app-api/src/test/resources/zip-slip/zip-slip-windows.zip	[new file with mode: 0644]	blob
common-app-api/src/test/resources/zip/extract-test.zip	[new file with mode: 0644]	blob
common-be/pom.xml		diff \| blob \| history
common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/CommonUtil.java		diff \| blob \| history
openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java		diff \| blob \| history
openecomp-be/backend/openecomp-sdc-validation-manager/src/main/java/org/openecomp/sdc/validation/impl/UploadValidationManagerImpl.java		diff \| blob \| history
openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java		diff \| blob \| history
openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/upload/csar/UploadCSARFileTest.java		diff \| blob \| history
openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/utils/CommonUtil.java		diff \| blob \| history
openecomp-be/lib/openecomp-common-lib/src/test/java/org/openecomp/sdc/common/utils/CommonUtilTest.java		diff \| blob \| history
openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml		diff \| blob \| history
openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/src/main/java/org/openecomp/core/utilities/file/FileUtils.java		diff \| blob \| history
openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/src/test/java/org/openecomp/core/utilities/file/FileUtilsTest.java		diff \| blob \| history
openecomp-be/lib/openecomp-sdc-enrichment-lib/openecomp-sdc-enrichment-impl/src/main/java/org/openecomp/sdc/enrichment/impl/external/artifact/MonitoringMibEnricher.java		diff \| blob \| history
openecomp-be/lib/openecomp-sdc-externaltesting-lib/openecomp-sdc-externaltesting-impl/src/main/java/org/openecomp/core/externaltesting/impl/ExternalTestingManagerImpl.java		diff \| blob \| history
openecomp-be/lib/openecomp-sdc-externaltesting-lib/openecomp-sdc-externaltesting-impl/src/test/java/org/openecomp/core/externaltesting/impl/ExternalTestingManagerImplTest.java		diff \| blob \| history
openecomp-be/lib/openecomp-sdc-vendor-software-product-lib/openecomp-sdc-vendor-software-product-core/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/services/impl/filedatastructuremodule/CandidateServiceImpl.java		diff \| blob \| history
openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/services/impl/ToscaAnalyzerServiceImpl.java		diff \| blob \| history
openecomp-be/tools/zusammen-tools/src/main/java/org/openecomp/core/tools/exportinfo/ExportDataCommand.java		diff \| blob \| history
openecomp-be/tools/zusammen-tools/src/main/java/org/openecomp/core/tools/importinfo/ImportDataCommand.java		diff \| blob \| history
openecomp-be/tools/zusammen-tools/src/main/java/org/openecomp/core/tools/util/ZipUtils.java	[deleted file]	blob \| history
test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/ToscaParserUtils.java		diff \| blob \| history
test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/general/FileHandling.java		diff \| blob \| history
test-apis-ci/src/main/java/org/openecomp/sdc/externalApis/DeploymentValiditaion.java		diff \| blob \| history
ui-ci/src/main/java/org/openecomp/sdc/ci/tests/utilities/FileHandling.java		diff \| blob \| history

SDC Parent Project Catalog FE and BE

RSS Atom