From cd2d97616df7fcb17a54feae2c59b3f3d5ab9a16 Mon Sep 17 00:00:00 2001 From: Kilian Schuettler Date: Wed, 11 Oct 2023 10:01:43 +0200 Subject: [PATCH] RED-7631: unescaped rule files --- .../service/DossierTemplateImportService.java | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DossierTemplateImportService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DossierTemplateImportService.java index 4cfb620f9..861b248ed 100644 --- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DossierTemplateImportService.java +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DossierTemplateImportService.java @@ -25,7 +25,6 @@ import java.util.stream.Collectors; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.compress.archivers.zip.ZipArchiveEntry; import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; -import org.apache.commons.compress.compressors.FileNameUtil; import org.apache.commons.compress.utils.FileNameUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeanUtils; @@ -217,18 +216,25 @@ public class DossierTemplateImportService { FileAttributesGeneralConfiguration fileAttributesGeneralConfiguration = objectMapper.readValue(bytes, FileAttributesGeneralConfiguration.class); importTemplateResult.setFileAttributesGeneralConfiguration(fileAttributesGeneralConfiguration); } else if (ze.getName().contains(ExportFilename.RULES.getFilename())) { - if(ze.getName().endsWith(".txt")) { + if (ze.getName().endsWith(".txt")) { String rules = objectMapper.readValue(new String(bytes), String.class); importTemplateResult.setRuleSet(rules); - }else if(ze.getName().endsWith(".drl")) { + } else if (ze.getName().endsWith(".drl")) { String rules = new String(bytes); importTemplateResult.setRuleSet(rules); } else { - throw new BadRequestException("File is not in TXT or DRL format. "+ FileNameUtils.getExtension(ze.getName()) +" format is not supported."); + throw new BadRequestException("Rule file is not in TXT or DRL format. " + FileNameUtils.getExtension(ze.getName()) + " format is not supported."); } } else if (ze.getName().contains(ExportFilename.COMPONENT_RULES.getFilename())) { - String rules = objectMapper.readValue(new String(bytes), String.class); - importTemplateResult.setComponentRuleSet(rules); + if (ze.getName().endsWith(".txt")) { + String rules = objectMapper.readValue(new String(bytes), String.class); + importTemplateResult.setComponentRuleSet(rules); + } else if (ze.getName().endsWith(".drl")) { + String rules = new String(bytes); + importTemplateResult.setComponentRuleSet(rules); + } else { + throw new BadRequestException("Component rule file is not in TXT or DRL format. " + FileNameUtils.getExtension(ze.getName()) + " format is not supported."); + } } else if (ze.getName().contains(ExportFilename.DOSSIER_TYPE.getFilename())) { Type type = objectMapper.readValue(bytes, Type.class); importTemplateResult.getTypes().add(type); @@ -280,7 +286,7 @@ public class DossierTemplateImportService { } } - if(importTemplateResult.getDossierTemplate() == null) { + if (importTemplateResult.getDossierTemplate() == null) { throw new BadRequestException("Provided archive is faulty"); } return importTemplateResult;