Skip to content

Commit

Permalink
[P4ADEV-1830] fix
Browse files Browse the repository at this point in the history
  • Loading branch information
mscarsel committed Jan 14, 2025
1 parent 395fc33 commit ebf1477
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
14 changes: 10 additions & 4 deletions src/main/java/it/gov/pagopa/pu/fileshare/service/FileStorerService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import it.gov.pagopa.pu.fileshare.config.FoldersPathsConfig;
import it.gov.pagopa.pu.fileshare.exception.custom.FileUploadException;
import it.gov.pagopa.pu.fileshare.exception.custom.InvalidFileException;
import it.gov.pagopa.pu.fileshare.util.AESUtils;
import java.io.IOException;
import java.io.InputStream;
Expand Down Expand Up @@ -36,8 +37,8 @@ public String saveToSharedFolder(MultipartFile file, String relativePath){
String filename = org.springframework.util.StringUtils.cleanPath(
StringUtils.defaultString(file.getOriginalFilename()));
FileService.validateFilename(filename);
Path fileLocation = Paths.get(relativePath,filename).normalize();
Path absolutePath = getAbsolutePath(foldersPathsConfig.getShared(), fileLocation.toString());
Path fileLocation = concatenatePaths(relativePath,filename);
Path absolutePath = concatenatePaths(foldersPathsConfig.getShared(), fileLocation.toString());
//create missing parent folder, if any
try {
if (!Files.exists(absolutePath.getParent())){
Expand All @@ -56,8 +57,13 @@ public String saveToSharedFolder(MultipartFile file, String relativePath){
return fileLocation.toString();
}

private Path getAbsolutePath(String sharedFolder, String fileLocation) {
return Paths.get(sharedFolder,fileLocation).normalize();
private Path concatenatePaths(String firstPath, String secondPath) {
Path concatenatedPath = Paths.get(firstPath, secondPath).normalize();
if(!concatenatedPath.startsWith(firstPath)){
log.debug("Invalid file path");
throw new InvalidFileException("Invalid file path");
}
return concatenatedPath;
}

private void encryptAndSaveFile(MultipartFile file, Path fileLocation)
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/it/gov/pagopa/pu/fileshare/service/FileStorerServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ void givenErrorWhenSaveToSharedFolderThenFileUploadException() {
.thenThrow(new RuntimeException());

try {
fileStorerService.saveToSharedFolder(file, "");
fileStorerService.saveToSharedFolder(file, "/relative");
Assertions.fail("Expected FileUploadException");
} catch (FileUploadException e) {
Mockito.verify(foldersPathsConfig).getShared();
Expand Down

0 comments on commit ebf1477

Please sign in to comment.