Search in sources :

Example 1 with PDSBadRequestException

use of com.mercedesbenz.sechub.pds.PDSBadRequestException in project sechub by mercedes-benz.

the class PDSFileUploadJobService method startUpload.

private void startUpload(UUID jobUUID, HttpServletRequest request, String fileName) throws FileUploadException, IOException, UnsupportedEncodingException {
    /* prepare */
    LOG.debug("Start upload file: {} for PDS job: {}", fileName, jobUUID);
    String checksumFromUser = null;
    String checksumCalculated = null;
    boolean fileDefinedByUser = false;
    boolean checkSumDefinedByUser = false;
    JobStorage jobStorage = storageService.getJobStorage(jobUUID);
    ServletFileUpload upload = new ServletFileUpload();
    long maxUploadSize = configuration.getMaxUploadSizeInBytes();
    // we accept 600 bytes more for header, checksum etc.
    upload.setSizeMax(maxUploadSize + 600);
    upload.setFileSizeMax(maxUploadSize);
    /*
         * Important: this next call of "upload.getItemIterator(..)" looks very simple,
         * but it creates a new <code>FileItemIteratorImpl</code> instances which
         * internally does some heavy things on creation: It does create a new input
         * stream, checks for max size handling and much more. We want to avoid creating
         * the iterator multiple times!
         *
         * Also any access to the origin request to access the parameter/field names
         * does always trigger a multipart resolving which uses again the underlying
         * standard Servlet mechanism and the configured max sizes there!
         *
         * So we could only check parameters with another item iterator when we want to
         * handle this specialized, but the item iterator should be created only one
         * time (see explained reason before).
         *
         * This is the reason, why we do not check the user input at the beginning but
         * only at the end. This is maybe inconvenient for the user when forgetting to
         * define a field, but this normally happens only one time and the benefit of
         * avoiding side effects. In addition, the performance (speed) does matter here.
         *
         * ------------------------- So please do NOT change! -------------------------
         */
    FileItemIterator iterStream = upload.getItemIterator(request);
    while (iterStream.hasNext()) {
        FileItemStream item = iterStream.next();
        String fieldName = item.getFieldName();
        switch(fieldName) {
            case MULTIPART_CHECKSUM:
                try (InputStream checkSumInputStream = item.openStream()) {
                    checksumFromUser = Streams.asString(checkSumInputStream);
                    checksumSHA256Service.assertValidSha256Checksum(checksumFromUser);
                    jobStorage.store(fileName + DOT_CHECKSUM, new StringInputStream(checksumFromUser));
                    LOG.info("uploaded user defined checksum as file for file: {} in PDS job: {}", fileName, jobUUID);
                }
                checkSumDefinedByUser = true;
                break;
            case MULTIPART_FILE:
                try (InputStream fileInputstream = item.openStream()) {
                    MessageDigest digest = checksumSHA256Service.createSHA256MessageDigest();
                    MessageDigestCalculatingInputStream messageDigestInputStream = new MessageDigestCalculatingInputStream(fileInputstream, digest);
                    jobStorage.store(fileName, messageDigestInputStream);
                    LOG.info("uploaded file:{} for job:{}", fileName, jobUUID);
                    checksumCalculated = checksumSHA256Service.convertMessageDigestToHex(digest);
                }
                fileDefinedByUser = true;
                break;
            default:
                LOG.warn("Given field '{}' is not supported while uploading job data to project {}, {}", logSanitizer.sanitize(fieldName, 30), jobUUID);
        }
    }
    if (!fileDefinedByUser) {
        throw new PDSBadRequestException("No file defined by user for job data upload!");
    }
    if (!checkSumDefinedByUser) {
        throw new PDSBadRequestException("No checksum defined by user for job data upload!");
    }
    if (checksumFromUser == null) {
        throw new PDSBadRequestException("No user checksum available for job data upload!");
    }
    if (checksumCalculated == null) {
        throw new PDSBadRequestException("Upload of binaries was not possible!");
    }
    assertCheckSumCorrect(checksumFromUser, checksumCalculated);
}
Also used : StringInputStream(com.amazonaws.util.StringInputStream) ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload) FileItemStream(org.apache.commons.fileupload.FileItemStream) StringInputStream(com.amazonaws.util.StringInputStream) MessageDigestCalculatingInputStream(org.apache.commons.io.input.MessageDigestCalculatingInputStream) InputStream(java.io.InputStream) MessageDigestCalculatingInputStream(org.apache.commons.io.input.MessageDigestCalculatingInputStream) PDSBadRequestException(com.mercedesbenz.sechub.pds.PDSBadRequestException) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage) MessageDigest(java.security.MessageDigest) FileItemIterator(org.apache.commons.fileupload.FileItemIterator)

Aggregations

StringInputStream (com.amazonaws.util.StringInputStream)1 PDSBadRequestException (com.mercedesbenz.sechub.pds.PDSBadRequestException)1 JobStorage (com.mercedesbenz.sechub.storage.core.JobStorage)1 InputStream (java.io.InputStream)1 MessageDigest (java.security.MessageDigest)1 FileItemIterator (org.apache.commons.fileupload.FileItemIterator)1 FileItemStream (org.apache.commons.fileupload.FileItemStream)1 ServletFileUpload (org.apache.commons.fileupload.servlet.ServletFileUpload)1 MessageDigestCalculatingInputStream (org.apache.commons.io.input.MessageDigestCalculatingInputStream)1