Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AutoFix PR #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

AutoFix PR #8

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 19 additions & 15 deletions src/main/java/io/shiftleft/controller/CustomerController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,52 +216,55 @@ public void loadSettings(HttpServletResponse httpResponse, WebRequest request) t
* @param request
* @throws Exception
*/
@RequestMapping(value = "/saveSettings", method = RequestMethod.GET)
public void saveSettings(HttpServletResponse httpResponse, WebRequest request) throws Exception {
@RequestMapping(value = "/saveSettings", method = RequestMethod.GET)
public void saveSettings(HttpServletResponse httpResponse, WebRequest request) throws Exception {
// "Settings" will be stored in a cookie
// schema: base64(filename,value1,value2...), md5sum(base64(filename,value1,value2...))

if (!checkCookie(request)){
httpResponse.getOutputStream().println("Error");
throw new Exception("cookie is incorrect");
httpResponse.getOutputStream().println("Error");
throw new Exception("cookie is incorrect");
}

String settingsCookie = request.getHeader("Cookie");
String[] cookie = settingsCookie.split(",");
if(cookie.length<2) {
httpResponse.getOutputStream().println("Malformed cookie");
throw new Exception("cookie is incorrect");
if(cookie.length<2) {
httpResponse.getOutputStream().println("Malformed cookie");
throw new Exception("cookie is incorrect");
}

String base64txt = cookie[0].replace("settings=","");

// Check md5sum
String cookieMD5sum = cookie[1];
String calcMD5Sum = DigestUtils.md5Hex(base64txt);
if(!cookieMD5sum.equals(calcMD5Sum))
if(!cookieMD5sum.equals(calcMD5Sum))
{
httpResponse.getOutputStream().println("Wrong md5");
throw new Exception("Invalid MD5");
httpResponse.getOutputStream().println("Wrong md5");
throw new Exception("Invalid MD5");
}

// Now we can store on filesystem
String[] settings = new String(Base64.getDecoder().decode(base64txt)).split(",");
// storage will have ClassPathResource as basepath
// storage will have ClassPathResource as basepath
ClassPathResource cpr = new ClassPathResource("./static/");
File file = new File(cpr.getPath()+settings[0]);
// Sanitize filename to prevent directory traversal
String filename = FilenameUtils.getName(settings[0]);
File file = new File(cpr.getPath() + filename);
if(!file.exists()) {
file.getParentFile().mkdirs();
file.getParentFile().mkdirs();
}

FileOutputStream fos = new FileOutputStream(file, true);
// First entry is the filename -> remove it
String[] settingsArr = Arrays.copyOfRange(settings, 1, settings.length);
// on setting at a linez
// on setting at a line
fos.write(String.join("\n",settingsArr).getBytes());
fos.write(("\n"+cookie[cookie.length-1]).getBytes());
fos.close();
httpResponse.getOutputStream().println("Settings Saved");
}
}


/**
* Debug test for saving and reading a customer
Expand Down Expand Up @@ -388,3 +391,4 @@ public void removeCustomer(@PathVariable("customerId") Long customerId, HttpServ
}

}

Loading