DD-1459 Fix uncontrolled data used in path expression

[aliassheikh]

Fixes DD-1459 Fix Uncontrolled data used in path expression

Description of changes

• Added getSecurePath(Path path) to ImportArea.java
• Checking the trusted base folders of dd-ingest-flow in the classes ImoprtResource and MigrationResource

How to test and follow it in debugger

• Starting vagrant - open terminal and follow the instructions below :
  • start-preprovisioned-box.py -s dev_archaeology
  • deploy.py -m dd-ingest-flow dev_archaeology
  • vagrant ssh
  • cd /var/opt/dans.knaw.nl/tmp
  • tree -L 5 (to oversee the working folders and deposits)
  • Create to test folders inside import and migration folders
  • mkdir import/deposits/test-folder
  • mkdir migration/deposits/test-folder
  • copy one of the deposits into new created test-folders
    • cp -r auto-ingest/outbox/processed/33afaff6-e08a-4bfa-9960-2b48b616d2c9/ import/inbox/test-folder/
    • cp -r auto-ingest/outbox/processed/33afaff6-e08a-4bfa-9960-2b48b616d2c9/ migration/deposits/test-folder/
  • open dd-ingest-flow porject in IntelliJ and run remote-debug with info:
    • remote debug
    • host: dev.sword2.archaeology.datastations.nl
    • port: 20302
  • Commands to import or migrate deposits:
    • ingest-flow start-import -s import/inbox/test-folder/33afaff6-e08a-4bfa-9960-2b48b616d2c9/
    • ingest-flow start-migration -s migration/deposits/test-folder/33afaff6-e08a-4bfa-9960-2b48b616d2c9/

Related PRs

(Add links)

Notify

@DANS-KNAW/core-systems

[jo-pol]

Just some style details

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 9 lines in your changes are missing coverage. Please review.

Project coverage is 54.29%. Comparing base (2b2e7e1) to head (ff0557b).
Report is 7 commits behind head on master.

❗ Current head ff0557b differs from pull request most recent head c6be8c0. Consider uploading reports for the commit c6be8c0 to get more accurate results

Files	Patch %	Lines
...main/java/nl/knaw/dans/ingest/core/ImportArea.java	0.00%	5 Missing ⚠️
...nl/knaw/dans/ingest/resources/ImportsResource.java	0.00%	2 Missing ⚠️
...knaw/dans/ingest/resources/MigrationsResource.java	0.00%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #132      +/-   ##
============================================
- Coverage     54.39%   54.29%   -0.11%     
  Complexity      709      709              
============================================
  Files           126      126              
  Lines          3219     3225       +6     
  Branches        223      224       +1     
============================================
  Hits           1751     1751              
- Misses         1419     1425       +6     
  Partials         49       49              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[janvanmansum]

See inline comments.