From 62d2ab909d7809c1a2942fb3d471f9427c38bd4d Mon Sep 17 00:00:00 2001 From: Wim Jongman Date: Mon, 28 Nov 2022 20:48:26 +0100 Subject: [PATCH] Fix document output file #1118 (#1119) Fixed validity of the document parameter. --- .../context/ViewerAttributeBeanTest.java | 67 +++++++++++++++++-- .../report/context/ViewerAttributeBean.java | 22 +++++- 2 files changed, 79 insertions(+), 10 deletions(-) diff --git a/viewer/org.eclipse.birt.report.viewer.tests/test/org/eclipse/birt/report/context/ViewerAttributeBeanTest.java b/viewer/org.eclipse.birt.report.viewer.tests/test/org/eclipse/birt/report/context/ViewerAttributeBeanTest.java index 518e6b6affe..5fa450873ae 100644 --- a/viewer/org.eclipse.birt.report.viewer.tests/test/org/eclipse/birt/report/context/ViewerAttributeBeanTest.java +++ b/viewer/org.eclipse.birt.report.viewer.tests/test/org/eclipse/birt/report/context/ViewerAttributeBeanTest.java @@ -12,9 +12,8 @@ ************************************************************************************/ package org.eclipse.birt.report.context; -import static org.junit.Assert.fail; - import org.eclipse.birt.report.exception.ViewerException; +import org.eclipse.birt.report.viewer.util.BaseTestCase; import org.junit.Test; /** @@ -22,8 +21,7 @@ * Test the VBA. * */ -public class ViewerAttributeBeanTest { - +public class ViewerAttributeBeanTest extends BaseTestCase { /** * Extensions with invalid characters are not allowed. @@ -32,16 +30,71 @@ public class ViewerAttributeBeanTest { */ @Test public void testCheckExtensionAllowedForRPTDocument() throws ViewerException { - ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report"); ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report.pdf"); - ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report."); + } + + /** + * Extensions with invalid characters are not allowed. + * + * @throws ViewerException + */ + @Test + public void testDisallowEmptyExtension() throws ViewerException { + + try { + ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report."); + } catch (Exception e) { + return; + } + + fail("invalid extension accepted"); + } + + /** + * Extensions with invalid characters are not allowed. + * + * @throws ViewerException + */ + @Test + public void testCheckExtensionAllowedForRPTDocument3() throws ViewerException { + try { - ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report.pdf/"); + ViewerAttributeBean.checkExtensionAllowedForRPTDocument("./file.jsp/."); } catch (Exception e) { return; } fail("invalid extension accepted"); } + + /** + * Extensions with invalid characters are not allowed. + * + * @throws ViewerException + */ + @Test + public void testDocumentIsDirectory() throws ViewerException { + + try { + ViewerAttributeBean.checkExtensionAllowedForRPTDocument("./file.jsp/"); + } catch (Exception e) { + return; + } + fail("invalid extension accepted"); + } + + /** + * Extensions with invalid characters are not allowed. + * + * @throws ViewerException + */ + @Test + public void testValidDirectoryAndFile() throws ViewerException { + try { + ViewerAttributeBean.checkExtensionAllowedForRPTDocument("./file/hello.jsp/.test/blok.pdf"); + } catch (Exception e) { + fail("valid extension not accepted"); + } + } } diff --git a/viewer/org.eclipse.birt.report.viewer/birt/WEB-INF/classes/org/eclipse/birt/report/context/ViewerAttributeBean.java b/viewer/org.eclipse.birt.report.viewer/birt/WEB-INF/classes/org/eclipse/birt/report/context/ViewerAttributeBean.java index a1e181bd312..c55095d4cf8 100644 --- a/viewer/org.eclipse.birt.report.viewer/birt/WEB-INF/classes/org/eclipse/birt/report/context/ViewerAttributeBean.java +++ b/viewer/org.eclipse.birt.report.viewer/birt/WEB-INF/classes/org/eclipse/birt/report/context/ViewerAttributeBean.java @@ -1086,12 +1086,28 @@ public boolean isReportRtl() { * @throws ViewerException */ protected static void checkExtensionAllowedForRPTDocument(String rptDocumentName) throws ViewerException { - int extIndex = rptDocumentName.lastIndexOf("."); + + // Parse the filename + String report = rptDocumentName; + try { + report = new File(rptDocumentName).getName(); + } catch (Exception e) { + throw new ViewerException(BirtResources.getMessage(ResourceConstants.GENERAL_EXCEPTION_DOCUMENT_FILE_ERROR, + new String[] { report })); + } + + // Catch invalid document names + if (report == null || report.trim().isEmpty() || report.trim().endsWith(".")) { + throw new ViewerException(BirtResources.getMessage(ResourceConstants.GENERAL_EXCEPTION_DOCUMENT_FILE_ERROR, + new String[] { report })); + } + + int extIndex = report.lastIndexOf("."); String extension = null; boolean validExtension = true; - if (extIndex > -1 && (extIndex + 1) < rptDocumentName.length()) { - extension = rptDocumentName.substring(extIndex + 1); + if (extIndex > -1 && (extIndex + 1) < report.length()) { + extension = report.substring(extIndex + 1); if (!extension.matches("^[A-Za-z0-9]+$")) { validExtension = false; }