Example 1 with BadRequestException
use of com.mercedesbenz.sechub.sharedkernel.error.BadRequestException in project sechub by mercedes-benz.
the class SchedulerBinariesUploadService method startUpload.
private void startUpload(String projectId, UUID jobUUID, HttpServletRequest request) throws FileUploadException, IOException, UnsupportedEncodingException {
/* prepare */
String checksumFromUser = null;
String checksumCalculated = null;
boolean fileDefinedByUser = false;
boolean checkSumDefinedByUser = false;
JobStorage jobStorage = storageService.getJobStorage(projectId, jobUUID);
ServletFileUpload upload = new ServletFileUpload();
long maxUploadSize = configuration.getMaxUploadSizeInBytes();
// we accept 600 bytes more for header, checksum etc.
upload.setSizeMax(maxUploadSize + 600);
upload.setFileSizeMax(maxUploadSize);
/*
* Important: this next call of "upload.getItemIterator(..)" looks very simple,
* but it creates a new <code>FileItemIteratorImpl</code> instances which
* internally does some heavy things on creation: It does create a new input
* stream, checks for max size handling and much more. We want to avoid creating
* the iterator multiple times!
*
* Also any access to the origin request to access the parameter/field names
* does always trigger a multipart resolving which uses again the underlying
* standard Servlet mechanism and the configured max sizes there!
*
* So we could only check parameters with another item iterator when we want to
* handle this specialized, but the item iterator should be created only one
* time (see explained reason before).
*
* This is the reason, why we do not check the user input at the beginning but
* only at the end. This is maybe inconvenient for the user when forgetting to
* define a field, but this normally happens only one time and the benefit of
* avoiding side effects. In addition, the performance (speed) does matter here.
*
* ------------------------- So please do NOT change! -------------------------
*/
FileItemIterator iterStream = upload.getItemIterator(request);
while (iterStream.hasNext()) {
FileItemStream item = iterStream.next();
String fieldName = item.getFieldName();
switch(fieldName) {
case PARAMETER_CHECKSUM:
try (InputStream checkSumInputStream = item.openStream()) {
checksumFromUser = Streams.asString(checkSumInputStream);
assertion.assertIsValidSha256Checksum(checksumFromUser);
jobStorage.store(FILENAME_BINARIES_TAR_CHECKSUM, new StringInputStream(checksumFromUser));
LOG.info("uploaded user defined checksum as file for {}", jobUUID);
}
checkSumDefinedByUser = true;
break;
case PARAMETER_FILE:
try (InputStream fileInputstream = item.openStream()) {
MessageDigest digest = checksumSHA256Service.createSHA256MessageDigest();
MessageDigestCalculatingInputStream messageDigestInputStream = new MessageDigestCalculatingInputStream(fileInputstream, digest);
jobStorage.store(FILENAME_BINARIES_TAR, messageDigestInputStream);
LOG.info("uploaded binaries for {}", jobUUID);
checksumCalculated = checksumSHA256Service.convertMessageDigestToHex(digest);
}
fileDefinedByUser = true;
break;
default:
LOG.warn("Given field '{}' is not supported while uploading binaries to project {}, {}", logSanitizer.sanitize(fieldName, 30), logSanitizer.sanitize(projectId, 30), jobUUID);
}
}
if (!fileDefinedByUser) {
throw new BadRequestException("No file defined by user for binaries upload!");
}
if (!checkSumDefinedByUser) {
throw new BadRequestException("No checksum defined by user for binaries upload!");
}
if (checksumFromUser == null) {
throw new BadRequestException("No user checksum available for binaries upload!");
}
if (checksumCalculated == null) {
throw new BadRequestException("Upload of binaries was not possible!");
}
assertCheckSumCorrect(checksumFromUser, checksumCalculated);
}
Also used :
StringInputStream(com.amazonaws.util.StringInputStream)
ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload)
FileItemStream(org.apache.commons.fileupload.FileItemStream)
StringInputStream(com.amazonaws.util.StringInputStream)
MessageDigestCalculatingInputStream(org.apache.commons.io.input.MessageDigestCalculatingInputStream)
InputStream(java.io.InputStream)
MessageDigestCalculatingInputStream(org.apache.commons.io.input.MessageDigestCalculatingInputStream)
BadRequestException(com.mercedesbenz.sechub.sharedkernel.error.BadRequestException)
JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage)
MessageDigest(java.security.MessageDigest)
FileItemIterator(org.apache.commons.fileupload.FileItemIterator)
Example 2 with BadRequestException
use of com.mercedesbenz.sechub.sharedkernel.error.BadRequestException in project sechub by mercedes-benz.
the class SchedulerBinariesUploadService method assertJobFoundAndStillInitializing.
private void assertJobFoundAndStillInitializing(String projectId, UUID jobUUID) {
ScheduleSecHubJob secHubJob = assertService.assertJob(projectId, jobUUID);
ExecutionState state = secHubJob.getExecutionState();
if (!ExecutionState.INITIALIZING.equals(state)) {
// upload only possible when in initializing state
throw new BadRequestException("Not in correct state");
}
}
Also used :
BadRequestException(com.mercedesbenz.sechub.sharedkernel.error.BadRequestException)
ScheduleSecHubJob(com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJob)
Aggregations
BadRequestException (com.mercedesbenz.sechub.sharedkernel.error.BadRequestException)2
StringInputStream (com.amazonaws.util.StringInputStream)1
ScheduleSecHubJob (com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJob)1
JobStorage (com.mercedesbenz.sechub.storage.core.JobStorage)1
InputStream (java.io.InputStream)1
MessageDigest (java.security.MessageDigest)1
FileItemIterator (org.apache.commons.fileupload.FileItemIterator)1
FileItemStream (org.apache.commons.fileupload.FileItemStream)1
ServletFileUpload (org.apache.commons.fileupload.servlet.ServletFileUpload)1
MessageDigestCalculatingInputStream (org.apache.commons.io.input.MessageDigestCalculatingInputStream)1
