Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix(文件管理): 增加上传文件名的校验
增加上传文件名的校验
  • Loading branch information
Jianguo-Genius committed Dec 27, 2022
1 parent ae1ac5a commit 3a890ee
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
Expand Up @@ -32,6 +32,11 @@ public class FileUtils {
public static final String ATTACHMENT_DIR = "/opt/metersphere/data/attachment";
public static final String ATTACHMENT_TMP_DIR = "/opt/metersphere/data/attachment/tmp";

public static void validateFileName(String fileName) {
if (StringUtils.isNotEmpty(fileName) && fileName.contains(File.separator)) {
MSException.throwException(Translator.get("invalid_parameter"));
}
}

public static byte[] listBytesToZip(Map<String, byte[]> mapReport) {
try {
Expand All @@ -55,6 +60,7 @@ public static byte[] listBytesToZip(Map<String, byte[]> mapReport) {
}

public static void createFile(String filePath, byte[] fileBytes) {
validateFileName(filePath);
File file = new File(filePath);
if (file.exists()) {
file.delete();
Expand Down Expand Up @@ -93,6 +99,7 @@ private static void create(List<String> bodyUploadIds, List<MultipartFile> bodyF
}
for (int i = 0; i < bodyUploadIds.size(); i++) {
MultipartFile item = bodyFiles.get(i);
validateFileName(item.getOriginalFilename());
File file = new File(filePath + File.separator + bodyUploadIds.get(i) + "_" + item.getOriginalFilename());
try (InputStream in = item.getInputStream(); OutputStream out = new FileOutputStream(file)) {
file.createNewFile();
Expand All @@ -112,6 +119,7 @@ private static void create(List<String> bodyUploadIds, List<MultipartFile> bodyF
public static String create(String id, MultipartFile item) {
String filePath = BODY_FILE_DIR + "/plugin";
if (item != null) {
validateFileName(item.getOriginalFilename());
File testDir = new File(filePath);
if (!testDir.exists()) {
testDir.mkdirs();
Expand Down Expand Up @@ -141,6 +149,7 @@ public static void createBodyFiles(String requestId, List<MultipartFile> bodyFil
testDir.mkdirs();
}
bodyFiles.forEach(item -> {
validateFileName(item.getOriginalFilename());
File file = new File(path + File.separator + item.getOriginalFilename());
try (InputStream in = item.getInputStream(); OutputStream out = new FileOutputStream(file)) {
file.createNewFile();
Expand Down Expand Up @@ -259,6 +268,7 @@ public static void createFiles(List<String> bodyUploadIds, List<MultipartFile> b
}

public static String createFile(MultipartFile bodyFile) {
validateFileName(bodyFile.getOriginalFilename());
String dir = "/opt/metersphere/data/body/tmp/";
File fileDir = new File(dir);
if (!fileDir.exists()) {
Expand Down Expand Up @@ -290,6 +300,7 @@ public static void deleteBodyFiles(String requestId) {
}

public static String uploadFile(MultipartFile uploadFile, String path, String name) {
validateFileName(name);
if (uploadFile == null) {
return null;
}
Expand Down
Expand Up @@ -127,12 +127,13 @@ public List<FileInfoDTO> getFileBatch(List<FileRequest> requestList) throws Exce


private File createFile(FileRequest request) {
String path = StringUtils.join(FileUtils.BODY_FILE_DIR, "/", request.getProjectId());
FileUtils.validateFileName(request.getFileName());
String path = StringUtils.join(FileUtils.BODY_FILE_DIR, File.separator, request.getProjectId());
File fileDir = new File(path);
if (!fileDir.exists()) {
fileDir.mkdirs();
}
File file = new File(StringUtils.join(path, "/", request.getFileName()));
File file = new File(StringUtils.join(path, File.separator, request.getFileName()));
return file;
}
}

0 comments on commit 3a890ee

Please sign in to comment.