Examples with MaliciousPathException gov.loc.repository.bagit.exceptions.MaliciousPathException used on opensource projects

Example 1 with MaliciousPathException

use of gov.loc.repository.bagit.exceptions.MaliciousPathException in project bagit-java by LibraryOfCongress.

the class BagitSuiteComplanceTest method testInvalidOperatingSystemSpecificBags.

@Test
public void testInvalidOperatingSystemSpecificBags() {
    int errorCount = 0;
    Bag bag;
    List<Path> osSpecificInvalidPaths = visitor.getLinuxOnlyTestCases();
    ConcurrentMap<Class<? extends Exception>, AtomicLong> map = new ConcurrentHashMap<>();
    if (TestUtils.isExecutingOnWindows()) {
        osSpecificInvalidPaths = visitor.getWindowsOnlyTestCases();
    }
    for (Path invalidBagDir : osSpecificInvalidPaths) {
        try {
            bag = reader.read(invalidBagDir);
            verifier.isValid(bag, true);
        } catch (InvalidBagitFileFormatException | IOException | UnparsableVersionException | MissingPayloadManifestException | MissingBagitFileException | MissingPayloadDirectoryException | FileNotInPayloadDirectoryException | InterruptedException | MaliciousPathException | CorruptChecksumException | VerificationException | UnsupportedAlgorithmException e) {
            logger.info("Found invalid os specific bag with message: {}", e.getMessage());
            map.putIfAbsent(e.getClass(), new AtomicLong(0));
            map.get(e.getClass()).incrementAndGet();
            errorCount++;
        }
    }
    assertEquals("every test case should throw an error", osSpecificInvalidPaths.size(), errorCount);
    logger.debug("Count of all errors found in os specific invalid cases: {}", map);
}

Example 2 with MaliciousPathException

use of gov.loc.repository.bagit.exceptions.MaliciousPathException in project bagit-java by LibraryOfCongress.

the class FetchReaderTest method testReadFileUrlMaliciousFetchThrowsException.

@Test(expected = MaliciousPathException.class)
public void testReadFileUrlMaliciousFetchThrowsException() throws Exception {
    if (!TestUtils.isExecutingOnWindows()) {
        Path fetchFile = Paths.get(getClass().getClassLoader().getResource("maliciousFetchFile/fileUrl.txt").toURI());
        FetchReader.readFetch(fetchFile, StandardCharsets.UTF_8, Paths.get("/bar"));
    }
    throw new MaliciousPathException("Skipping for windows cause it isn't valid");
}

Example 3 with MaliciousPathException

use of gov.loc.repository.bagit.exceptions.MaliciousPathException in project bagit-java by LibraryOfCongress.

the class TagFileReader method createFileFromManifest.

/*
   * Create the file and check it for various things, like starting with a *, or trying to access a file outside the bag
   */
static Path createFileFromManifest(final Path bagRootDir, final String path) throws MaliciousPathException, InvalidBagitFileFormatException {
    String fixedPath = path;
    if (path.charAt(0) == '*') {
        logger.warn(messages.getString("removing_asterisk"));
        // remove the * from the path
        fixedPath = path.substring(1);
    }
    if (path.contains("\\")) {
        final String formattedMessage = messages.getString("blackslash_used_as_path_separator_error");
        throw new InvalidBagitFileFormatException(MessageFormatter.format(formattedMessage, path).getMessage());
    }
    if (path.contains("~/")) {
        final String formattedMessage = messages.getString("malicious_path_error");
        throw new MaliciousPathException(MessageFormatter.format(formattedMessage, path).getMessage());
    }
    fixedPath = PathUtils.decodeFilname(fixedPath);
    Path file;
    if (fixedPath.startsWith("file://")) {
        try {
            file = Paths.get(new URI(fixedPath));
        } catch (URISyntaxException e) {
            final String formattedMessage = messages.getString("invalid_url_format_error");
            throw new InvalidBagitFileFormatException(MessageFormatter.format(formattedMessage, path).getMessage(), e);
        }
    } else {
        file = bagRootDir.resolve(fixedPath).normalize();
    }
    if (!file.normalize().startsWith(bagRootDir)) {
        final String formattedMessage = messages.getString("malicious_path_error");
        throw new MaliciousPathException(MessageFormatter.format(formattedMessage, file).getMessage());
    }
    return file;
}

Example 4 with MaliciousPathException

use of gov.loc.repository.bagit.exceptions.MaliciousPathException in project bagit-java by LibraryOfCongress.

the class ManifestReaderTest method testReadFileUrlMaliciousManifestThrowsException.

@Test(expected = MaliciousPathException.class)
public void testReadFileUrlMaliciousManifestThrowsException() throws Exception {
    if (!TestUtils.isExecutingOnWindows()) {
        Path manifestFile = Paths.get(getClass().getClassLoader().getResource("maliciousManifestFile/fileUrl.txt").toURI());
        ManifestReader.readChecksumFileMap(manifestFile, Paths.get("/bar"), StandardCharsets.UTF_8);
    }
    throw new MaliciousPathException("Skipping for windows cause it isn't valid");
}

Example 5 with MaliciousPathException

use of gov.loc.repository.bagit.exceptions.MaliciousPathException in project bagit-java by LibraryOfCongress.

the class BagitSuiteComplanceTest method testInvalidBags.

@Test
public void testInvalidBags() {
    int errorCount = 0;
    Bag bag;
    ConcurrentMap<Class<? extends Exception>, AtomicLong> map = new ConcurrentHashMap<>();
    for (Path invalidBagDir : visitor.getInvalidTestCases()) {
        try {
            bag = reader.read(invalidBagDir);
            verifier.isValid(bag, true);
            System.err.println(bag.getRootDir() + " should have failed but didn't!");
        } catch (InvalidBagitFileFormatException | IOException | UnparsableVersionException | MissingPayloadManifestException | MissingBagitFileException | MissingPayloadDirectoryException | FileNotInPayloadDirectoryException | InterruptedException | MaliciousPathException | CorruptChecksumException | VerificationException | UnsupportedAlgorithmException e) {
            logger.info("Found invalid os specific bag with message: {}", e.getMessage());
            map.putIfAbsent(e.getClass(), new AtomicLong(0));
            map.get(e.getClass()).incrementAndGet();
            errorCount++;
        }
    }
    assertEquals("every test case should throw an error", visitor.getInvalidTestCases().size(), errorCount);
    logger.debug("Count of all errors found in generic invalid cases: {}", map);
}