Changed code to not construct the path from user-controlled data.

author sharath reddy <bs.reddy@huawei.com>

Thu, 26 May 2022 13:37:03 +0000 (19:07 +0530)

committer sharath reddy <bs.reddy@huawei.com>

Wed, 1 Jun 2022 08:56:44 +0000 (14:26 +0530)
author sharath reddy <bs.reddy@huawei.com>
Thu, 26 May 2022 13:37:03 +0000 (19:07 +0530)
committer sharath reddy <bs.reddy@huawei.com>
Wed, 1 Jun 2022 08:56:44 +0000 (14:26 +0530)
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java

index 915cd14..1a8de34 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java
@@ -431,8 +431,12 @@ public class VTPScenarioResource extends VTPResource{
          }
  
          try {
-            FileUtils.deleteQuietly(new File(VTP_YAML_STORE, scenarioName));
-            FileUtils.deleteDirectory(scenarioDir);
+            if(FileUtils.directoryContains(new File(VTP_YAML_STORE), new File(scenarioName))) {
+                FileUtils.deleteQuietly(new File(VTP_YAML_STORE, scenarioName));
+            }
+            if(FileUtils.directoryContains(new File(VTP_YAML_STORE), scenarioDir)) {
+                FileUtils.deleteDirectory(scenarioDir);
+            }
          } catch (IOException e) {
              LOG.error("Delete scenario yaml {} failed", scenarioName, e);
              throw new VTPException(
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vtp/VTPScenarioResourceTest.java b/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vtp/VTPScenarioResourceTest.java

index 5545779..b743615 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vtp/VTPScenarioResourceTest.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vtp/VTPScenarioResourceTest.java
@@ -108,9 +108,11 @@ public class VTPScenarioResourceTest {
      @Test
      public void testDeleteScenario() throws Exception
      {
+        String yamlStore = vtpScenarioResource.VTP_YAML_STORE;
+        vtpScenarioResource.VTP_YAML_STORE = "/tmp";
          vtpScenarioResource.deleteScenario("demo-registry.yaml");
+        vtpScenarioResource.VTP_YAML_STORE = yamlStore;
      }
-
      @Test(expected = NullPointerException.class)
      public void testStorageTestcases() throws Exception
      {
author	sharath reddy <bs.reddy@huawei.com>
	Thu, 26 May 2022 13:37:03 +0000 (19:07 +0530)
committer	sharath reddy <bs.reddy@huawei.com>
	Wed, 1 Jun 2022 08:56:44 +0000 (14:26 +0530)
vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java		patch \| blob \| history
vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vtp/VTPScenarioResourceTest.java		patch \| blob \| history