package org.onap.ccsdk.sli.core.sli;
+
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
public class CheckSumHelper {
public static String md5SumFromFile(String pathToFile) throws NoSuchAlgorithmException, IOException {
+ if (!PathValidator.isValidXmlPath(pathToFile)) {
+ throw new IOException("Invalid XML file name");
+ }
byte[] b = Files.readAllBytes(Paths.get(pathToFile));
return md5SumFromByteArray(b);
}
--- /dev/null
+package org.onap.ccsdk.sli.core.sli;
+
+import java.util.regex.Pattern;
+
+public class PathValidator {
+ public static boolean isValidXmlPath(String path) {
+ Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.xml$");
+ return (allowList.matcher(path).matches());
+ }
+ public static boolean isValidPropertiesPath(String path) {
+ Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.properties$");
+ return (allowList.matcher(path).matches());
+ }
+ public static boolean isValidFilePath(String path) {
+ Pattern allowList = Pattern.compile("[-\\w/\\/]+");
+ return (allowList.matcher(path).matches());
+ }
+}
import javax.xml.validation.SchemaFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.xml.sax.Attributes;
-import org.xml.sax.Locator;
-import org.xml.sax.SAXException;
-import org.xml.sax.SAXParseException;
+import org.xml.sax.*;
import org.xml.sax.helpers.DefaultHandler;
/**
private static final String SVCLOGIC_XSD = "/svclogic.xsd";
private SAXParser saxParser;
- private class SvcLogicHandler extends DefaultHandler {
+ private class SvcLogicHandler extends DefaultHandler {
private Locator locator = null;
private String module = null;
private String version = null;
this.curNodeId = 1;
this.outcomeValue = null;
}
-
+
@Override
public void setDocumentLocator(Locator locator) {
this.locator = locator;
public static void load(String xmlfile, SvcLogicStore store) throws SvcLogicException {
+ if (!PathValidator.isValidXmlPath(xmlfile)) {
+ throw new ConfigurationException("Invalid xml file name ("+ xmlfile + ")");
+ }
File xmlFile = new File(xmlfile);
if (!xmlFile.canRead()) {
throw new ConfigurationException("Cannot read xml file (" + xmlfile + ")");
}
public static void validate(String xmlfile, SvcLogicStore store) throws SvcLogicException {
+ if (!PathValidator.isValidXmlPath(xmlfile)) {
+ throw new ConfigurationException("Invalid xml file name ("+ xmlfile + ")");
+ }
File xmlFile = new File(xmlfile);
if (!xmlFile.canRead()) {
throw new ConfigurationException("Cannot read xml file (" + xmlfile + ")");
}
SAXParser saxParser = factory.newSAXParser();
- if (saxParser.isValidating()) {
+ if (saxParser.isValidating()) {
LOGGER.info("Parser configured to validate XML {}", (xsdUrl != null ? xsdUrl.getPath() : null));
}
return saxParser;
import java.util.TimeZone;
import org.onap.ccsdk.sli.core.sli.ConfigurationException;
+import org.onap.ccsdk.sli.core.sli.PathValidator;
import org.onap.ccsdk.sli.core.sli.SvcLogicException;
import org.onap.ccsdk.sli.core.sli.SvcLogicRecorder;
{
throw new ConfigurationException("No file parameter specified");
}
+
+ if (!PathValidator.isValidFilePath(fileName)) {
+ throw new ConfigurationException("Invalid file name ("+fileName+")");
+ }
String record = parmMap.get("record");
if (record == null)