Pull request #604: RED-6105 - Cannot import exported specific Dossier Template

Merge in RED/persistence-service from bugfix/RED-6105 to master

* commit 'c3477d78e1b98a9b71dede489c3898f73528d9e1':
  RED-6105 - Cannot import exported specific Dossier Template

persistence-service-v1/persistence-service-server-v1/src/main/java/com/iqser/red/service/peristence/v1/server/service/DossierTemplateImportService.java

@@ -24,6 +24,7 @@ import java.util.stream.Collectors;
 
 import javax.transaction.Transactional;
 
+import com.iqser.red.service.peristence.v1.server.settings.FileManagementServiceSettings;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
@@ -89,7 +90,6 @@ public class DossierTemplateImportService {
 
     private static final int THRESHOLD_ENTRIES = 10000;
     private static final int THRESHOLD_SIZE = 1000000000; // 1 GB
-    private static final double THRESHOLD_RATIO = 10;
 
     private final DossierTemplateRepository dossierTemplateRepository;
     private final LegalBasisMappingPersistenceService legalBasisMappingPersistenceService;
@@ -107,6 +107,7 @@ public class DossierTemplateImportService {
     private final ReportTemplatePersistenceService reportTemplatePersistenceService;
     private final StorageService storageService;
     private final ObjectMapper objectMapper = new ObjectMapper();
+    private final FileManagementServiceSettings settings;
 
 
     public String importDossierTemplate(@RequestBody ImportDossierTemplateRequest request) {
@@ -566,19 +567,23 @@ public class DossierTemplateImportService {
                             totalSizeArchive += nBytes;
 
                             double compressionRatio = (float) totalSizeEntry / ze.getCompressedSize();
-                            if (compressionRatio > THRESHOLD_RATIO) {
+                            if (compressionRatio > settings.getCompressionTresholdRatio()) {
+                                log.debug("zip entry: " + ze.getName() + " - totalSizeEntry: " + totalSizeEntry + " ze.getCompressedSize(): " + ze.getCompressedSize()  + " compressionRatio: " + compressionRatio);
                                 // ratio between compressed and uncompressed data is highly suspicious, looks like a Zip Bomb Attack
-                                throw new BadRequestException("ZIP-Bomb detected.");
+                                throw new BadRequestException("ZIP-Bomb detected (compressionRatio).");
                             }
                         }
                         if (totalSizeArchive > THRESHOLD_SIZE) {
+                            log.debug("zip entry: " + ze.getName() + " totalSizeEntry: " + totalSizeArchive);
+
                             // the uncompressed data size is too much for the application resource capacity
-                            throw new BadRequestException("ZIP-Bomb detected.");
+                            throw new BadRequestException("ZIP-Bomb detected. (threshold size)");
                         }
 
                         if (totalEntryArchive > THRESHOLD_ENTRIES) {
+                            log.debug("zip entry: " + ze.getName() + " totalEntryArchive: " + totalEntryArchive);
                             // too much entries in this archive, can lead to inodes exhaustion of the system
-                            throw new BadRequestException("ZIP-Bomb detected.");
+                            throw new BadRequestException("ZIP-Bomb detected (threshold entries).");
                         }
 
                         var bytes = bos.toByteArray();

persistence-service-v1/persistence-service-server-v1/src/main/java/com/iqser/red/service/peristence/v1/server/settings/FileManagementServiceSettings.java

@@ -38,4 +38,6 @@ public class FileManagementServiceSettings {
 
     private boolean ocrByDefault;
 
+    private double compressionTresholdRatio = 10;
+
 }

persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DossierTemplateTest.java

@@ -3,6 +3,7 @@ package com.iqser.red.service.peristence.v1.server.integration.tests;
 import static com.iqser.red.service.persistence.management.v1.processor.utils.MagicConverter.convert;
 import static org.assertj.core.api.Assertions.assertThat;
 
+import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 import java.time.OffsetDateTime;
 import java.util.Collections;
@@ -598,6 +599,29 @@ public class DossierTemplateTest extends AbstractPersistenceServerServiceTest {
 
     }
 
+    @Test
+    @SneakyThrows
+    public void testImportDossierTemplateNewTemplatewithCompressionRatioThresholdSurpassed() {
+
+        String fileZip = "EFSA_sanitisation_GFL_v1_adress_parts.zip";
+        InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream(fileZip);
+
+
+        ImportDossierTemplateRequest request1 = ImportDossierTemplateRequest.builder()
+                .dossierTemplateId("sds")
+                .updateExistingDossierTemplate(false)
+                .userId("1")
+                .archive(inputStream.readAllBytes())
+                .build();
+
+        try {
+            var newDossierTemplate = dossierTemplateClient.importDossierTemplate(request1);
+        } catch (FeignException.FeignClientException e){
+            assertThat(e.status()).isEqualTo(400);
+        }
+    }
+
+
 
     private void setupDossierTemplate(DossierTemplate dossierTemplate) {