Fix for https://sonarcloud.io/project/security_hotspots?id=onap_sdc&hotspots=AXrLK9lDm75TRpHZ3DAu
Change-Id: I6427d02bb76618a4b7383e427ce9f762adf73e97
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3657
private final Set<Path> foldersToStrip;
private final long sizeLimit;
+ private final int thresholdEntries;
}
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
}
private Consumer<ZipEntry> signedZipProcessingConsumer(final Path csarPackagePath, final ZipFile zf, final ZipOutputStream zos) {
+ final var thresholdEntries = configuration.getThresholdEntries();
+ final var totalEntryArchive = new AtomicInteger(0);
return zipEntry -> {
final var entryName = zipEntry.getName();
try {
+ if (totalEntryArchive.getAndIncrement() > thresholdEntries) {
+ // too much entries in this archive, can lead to inodes exhaustion of the system
+ final var errorMsg = String.format("Failed to extract '%s' from zip '%s'", entryName, csarPackagePath);
+ throw new CsarSizeReducerException(errorMsg);
+ }
zos.putNextEntry(new ZipEntry(entryName));
if (!zipEntry.isDirectory()) {
if (entryName.toLowerCase().endsWith(CSAR_EXTENSION)) {
}
private Consumer<ZipEntry> unsignedZipProcessingConsumer(final Path csarPackagePath, final ZipFile zf, final ZipOutputStream zos) {
+ final var thresholdEntries = configuration.getThresholdEntries();
+ final var totalEntryArchive = new AtomicInteger(0);
return zipEntry -> {
final var entryName = zipEntry.getName();
+ if (totalEntryArchive.getAndIncrement() > thresholdEntries) {
+ // too much entries in this archive, can lead to inodes exhaustion of the system
+ final var errorMsg = String.format("Failed to extract '%s' from zip '%s'", entryName, csarPackagePath);
+ throw new CsarSizeReducerException(errorMsg);
+ }
try {
zos.putNextEntry(new ZipEntry(entryName));
if (!zipEntry.isDirectory()) {
public CsarSizeReducerException(final String message, final Throwable cause) {
super(message, cause);
}
+
+ public CsarSizeReducerException(final String message) {
+ super(message);
+ }
}
final var sizeLimit = 150000L;
when(csarPackageReducerConfiguration.getSizeLimit()).thenReturn(sizeLimit);
when(csarPackageReducerConfiguration.getFoldersToStrip()).thenReturn(Set.of(pathToReduce1, pathToReduce2));
+ when(csarPackageReducerConfiguration.getThresholdEntries()).thenReturn(10000);
final var csarPath = Path.of("src/test/resources/csarSizeReducer/" + fileName);
final var commonConfigurationManager = CommonConfigurationManager.getInstance();
final List<String> foldersToStrip = commonConfigurationManager.getConfigValue(EXTERNAL_CSAR_STORE, "foldersToStrip", new ArrayList<>());
final int sizeLimit = commonConfigurationManager.getConfigValue(EXTERNAL_CSAR_STORE, "sizeLimit", 1000000);
+ final int thresholdEntries = commonConfigurationManager.getConfigValue(EXTERNAL_CSAR_STORE, "thresholdEntries", 10000);
LOGGER.info("Folders to strip: '{}'", String.join(", ", foldersToStrip));
final Set<Path> foldersToStripPathSet = foldersToStrip.stream().map(Path::of).collect(Collectors.toSet());
- return new CsarPackageReducerConfiguration(foldersToStripPathSet, sizeLimit);
+ return new CsarPackageReducerConfiguration(foldersToStripPathSet, sizeLimit, thresholdEntries);
}
private ArtifactStorageConfig readArtifactStorageConfiguration() {
fileToUploadBytes = packageSizeReducer.reduce(artifactInfo.getPath());
} catch (final BusinessException e) {
return Response.status(INTERNAL_SERVER_ERROR).entity(buildUploadResponseWithError(
- new ErrorMessage(ErrorLevel.ERROR, ERROR_HAS_OCCURRED_WHILE_REDUCING_THE_ARTIFACT_SIZE.formatMessage(artifactInfo.getPath()))))
+ new ErrorMessage(ErrorLevel.ERROR, ERROR_HAS_OCCURRED_WHILE_REDUCING_THE_ARTIFACT_SIZE.formatMessage(artifactInfo.getPath()))))
.build();
}
} else {
if (onboardPackageInfo == null) {
final UploadFileResponseDto uploadFileResponseDto = buildUploadResponseWithError(
new ErrorMessage(ErrorLevel.ERROR, PACKAGE_PROCESS_ERROR.formatMessage(filename)));
- return Response.ok(uploadFileResponseDto).build();
+ return Response.ok(uploadFileResponseDto)
+ .build();
}
final var version = new Version(ValidationUtils.sanitizeInputString(versionId));
final var vspDetails = new VspDetails(ValidationUtils.sanitizeInputString(vspId), version);
fullPath: "/home/onap/temp/"
foldersToStrip:
- Files/images
- sizeLimit: 10000000
\ No newline at end of file
+ sizeLimit: 10000000
+ thresholdEntries: 10000
\ No newline at end of file