You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@unomi.apache.org by jk...@apache.org on 2022/01/06 14:31:37 UTC

[unomi] branch master updated: UNOMI-543: add validation on importConfigId for ImportConfigurationServiceEndPoint (#375)

This is an automated email from the ASF dual-hosted git repository.

jkevan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/unomi.git


The following commit(s) were added to refs/heads/master by this push:
     new 855ee91  UNOMI-543: add validation on importConfigId for ImportConfigurationServiceEndPoint (#375)
855ee91 is described below

commit 855ee915fe3fc87742c1801ff1d63f14cd410bc3
Author: kevan Jahanshahi <ke...@jahia.com>
AuthorDate: Thu Jan 6 15:31:30 2022 +0100

    UNOMI-543: add validation on importConfigId for ImportConfigurationServiceEndPoint (#375)
---
 extensions/router/router-rest/pom.xml                               | 5 +++++
 .../unomi/router/rest/ImportConfigurationServiceEndPoint.java       | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/extensions/router/router-rest/pom.xml b/extensions/router/router-rest/pom.xml
index b3fc379..a2a1d65 100644
--- a/extensions/router/router-rest/pom.xml
+++ b/extensions/router/router-rest/pom.xml
@@ -85,6 +85,11 @@
             <artifactId>osgi.cmpn</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>javax.validation</groupId>
+            <artifactId>validation-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file
diff --git a/extensions/router/router-rest/src/main/java/org/apache/unomi/router/rest/ImportConfigurationServiceEndPoint.java b/extensions/router/router-rest/src/main/java/org/apache/unomi/router/rest/ImportConfigurationServiceEndPoint.java
index a21404b..ad943e9 100644
--- a/extensions/router/router-rest/src/main/java/org/apache/unomi/router/rest/ImportConfigurationServiceEndPoint.java
+++ b/extensions/router/router-rest/src/main/java/org/apache/unomi/router/rest/ImportConfigurationServiceEndPoint.java
@@ -20,6 +20,7 @@ import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.apache.cxf.jaxrs.ext.multipart.Multipart;
 import org.apache.cxf.rs.security.cors.CrossOriginResourceSharing;
 import org.apache.unomi.api.services.ConfigSharingService;
+import org.apache.unomi.api.utils.ValidationPattern;
 import org.apache.unomi.router.api.ImportConfiguration;
 import org.apache.unomi.router.api.RouterConstants;
 import org.apache.unomi.router.api.services.ImportExportConfigurationService;
@@ -30,6 +31,8 @@ import org.slf4j.LoggerFactory;
 
 import javax.jws.WebMethod;
 import javax.jws.WebService;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Pattern;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
@@ -106,7 +109,8 @@ public class ImportConfigurationServiceEndPoint extends AbstractConfigurationSer
     @Path("/oneshot")
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
-    public Response processOneshotImportConfigurationCSV(@Multipart(value = "importConfigId") String importConfigId, @Multipart(value = "file") Attachment file) {
+    public Response processOneshotImportConfigurationCSV(@Multipart(value = "importConfigId") @NotNull @Pattern(regexp = "^[a-zA-Z0-9_.\\-]{1,255}$") String importConfigId,
+                                                         @Multipart(value = "file") Attachment file) {
         try {
             java.nio.file.Path path = Paths.get(configSharingService.getProperty(RouterConstants.IMPORT_ONESHOT_UPLOAD_DIR) + importConfigId + ".csv");
             Files.deleteIfExists(path);