Skip to content

Commit

Permalink
Add banner about which folder the table is showing
Browse files Browse the repository at this point in the history
  • Loading branch information
ZihengSun committed Sep 15, 2024
1 parent c008a11 commit 4d1e14a
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
22 changes: 21 additions & 1 deletion src/main/java/com/gw/web/ResultBrowserController.java
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,12 @@ public List<Map<String, Object>> listFiles(@RequestParam(defaultValue = "") Stri
Path relativePath = rootLocation.relativize(path);
String pathWithSubfolder = subfolder + "/" + relativePath.toString();
pathWithSubfolder = pathWithSubfolder.replaceAll("^/+","");

// Check if pathWithSubfolder contains any attempts to go up the directory
Path normalizedSubfolderPath = Paths.get(pathWithSubfolder).normalize();
if (normalizedSubfolderPath.startsWith("..")) {
throw new SecurityException("Attempt to access outside of the result folder is not allowed.");
}

fileDetails.put("name", rootLocation.relativize(path).toString()); // Relative path
fileDetails.put("path", pathWithSubfolder); // Relative path
Expand All @@ -71,8 +77,11 @@ public List<Map<String, Object>> listFiles(@RequestParam(defaultValue = "") Stri

// Add formatted last modified time to file details
fileDetails.put("modified", formattedDateTime);
} catch (IOException e) {
} catch (IOException e){
e.printStackTrace();
}catch (SecurityException e) {
System.out.println("Error: " + (e.getMessage() != null ? e.getMessage() : "Unknown error occurred"));
throw e;
}
return fileDetails;
})
Expand All @@ -87,6 +96,10 @@ public ResponseEntity<Resource> downloadFile(@RequestParam String path) {
Path filePath = Paths.get(resultfolder).resolve(path).normalize();
System.out.println("File path: " + filePath.toAbsolutePath());

if (!filePath.startsWith(resultfolder)) {
throw new SecurityException("Attempt to access outside of the result folder is not allowed.");
}

// Create a FileSystemResource instead of UrlResource
Resource resource = new FileSystemResource(filePath.toFile());
if (resource.exists() || resource.isReadable()) {
Expand All @@ -99,6 +112,9 @@ public ResponseEntity<Resource> downloadFile(@RequestParam String path) {
} else {
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
}
}catch (SecurityException e) {
System.out.println("Error: " + (e.getMessage() != null ? e.getMessage() : "Unknown error occurred"));
throw e;
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
Expand All @@ -112,6 +128,10 @@ public ResponseEntity<Resource> serveFile(@PathVariable String filename) {
Path filePath = Paths.get(resultfolder).resolve(filename).normalize();
System.out.println("File path: " + filePath.toAbsolutePath());

if (!filePath.startsWith(resultfolder)) {
throw new SecurityException("Attempt to access outside of the result folder is not allowed.");
}

// Create a FileSystemResource instead of UrlResource
Resource resource = new FileSystemResource(filePath.toFile());
if (resource.exists() || resource.isReadable()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
<div class="card" style="padding:5px;">
<div class="card-body">
<button id="result-refresh-button" class="btn btn-link"><i class="fas fa-sync-alt"></i></button>
<span id="refresh-text"> Files in $HOME/gw-workflow/results</span>
<table id="file-list-table" class="display" style="width:100%;">
<thead>
<tr>
Expand Down

0 comments on commit 4d1e14a

Please sign in to comment.