From 783d2f872ea256105d6c0a89897cc87aa0a4dde6 Mon Sep 17 00:00:00 2001 From: Ziheng Sun Date: Mon, 16 Sep 2024 03:05:44 -0400 Subject: [PATCH] fix the symlink and bump --- pom.xml | 2 +- .../com/gw/web/ResultBrowserController.java | 22 ++++++++++++++++--- src/main/resources/application.properties | 1 + src/main/resources/static/js/gw.js | 2 +- src/test/resources/application.properties | 1 + 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index a9213cfb..9f9103a1 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ com.gw geoweaver - 1.7.1 + 1.7.3 geoweaver A lightweight workflow management software for organizing data analysis workflows, preserving history of every workflow run, and improving scientist producitvity and workflow FAIRness, diff --git a/src/main/java/com/gw/web/ResultBrowserController.java b/src/main/java/com/gw/web/ResultBrowserController.java index 9416d977..5d0f3dc5 100644 --- a/src/main/java/com/gw/web/ResultBrowserController.java +++ b/src/main/java/com/gw/web/ResultBrowserController.java @@ -23,6 +23,7 @@ import java.time.ZoneId; import java.time.format.DateTimeFormatter; import java.util.stream.Collectors; +import java.util.stream.Stream; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -33,6 +34,9 @@ public class ResultBrowserController { @Autowired BaseTool bt; + @Value("${geoweaver.follow_symlinks:false}") + boolean follow_symlinks; + // Inject the directory path from application.properties // Endpoint to list image files in the directory @@ -43,20 +47,32 @@ public List> listFiles(@RequestParam(defaultValue = "") Stri // Navigate into the subfolder if it's provided Path rootLocation = Paths.get(resultfolder, subfolder); + System.out.println("Received " + subfolder); + + Stream walker = null; + + if(follow_symlinks){ + // 1: look at files in the current folder and subfolders + walker = Files.walk(rootLocation, 1, FileVisitOption.FOLLOW_LINKS); + }else{ + walker = Files.walk(rootLocation, 1); + } - return Files.walk(rootLocation, 1) // 1: look at files in the current folder and subfolders - .map(path -> { + return walker.map(path -> { Map fileDetails = new HashMap<>(); try { + System.out.println(path); Path relativePath = rootLocation.relativize(path); String pathWithSubfolder = subfolder + "/" + relativePath.toString(); pathWithSubfolder = pathWithSubfolder.replaceAll("^/+",""); // Check if pathWithSubfolder contains any attempts to go up the directory Path normalizedSubfolderPath = Paths.get(pathWithSubfolder).normalize(); + System.out.println("normalizedSubfolderPath = " + normalizedSubfolderPath); if (normalizedSubfolderPath.startsWith("..")) { throw new SecurityException("Attempt to access outside of the result folder is not allowed."); } + System.out.println("pathWithSubfolder = " + pathWithSubfolder); fileDetails.put("name", rootLocation.relativize(path).toString()); // Relative path fileDetails.put("path", pathWithSubfolder); // Relative path @@ -79,7 +95,7 @@ public List> listFiles(@RequestParam(defaultValue = "") Stri fileDetails.put("modified", formattedDateTime); } catch (IOException e){ e.printStackTrace(); - }catch (SecurityException e) { + } catch (SecurityException e) { System.out.println("Error: " + (e.getMessage() != null ? e.getMessage() : "Unknown error occurred")); throw e; } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 983d11de..7c8b9111 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -95,5 +95,6 @@ geoweaver.allowed_ssh_hosts=* # list the allowed ssh clients. Input * if allowing all client IPs. Input localhost if only allowing access from local host. geoweaver.allowed_ssh_clients=* geoweaver.secret_properties_path=cc_secret.properties +geoweaver.follow_symlinks=true diff --git a/src/main/resources/static/js/gw.js b/src/main/resources/static/js/gw.js index 808ca7a8..fbc7978d 100644 --- a/src/main/resources/static/js/gw.js +++ b/src/main/resources/static/js/gw.js @@ -9,7 +9,7 @@ edu = { sponsor: "ESIPLab incubator project, NASA ACCESS project, NSF Geoinformatics project, NSF Cybertraining project", - version: "1.7.2", + version: "1.7.3", author: "open source contributors", diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index 4a7ce87c..7fcd83b8 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -74,6 +74,7 @@ geoweaver.upload_file_path=temp geoweaver.temp_file_path=temp geoweaver.workspace=~/gw-workspace geoweaver.result_file_path=results +geoweaver.follow_symlinks=true # list the allowed ssh hosts. Input * if allowing all hosts. Input localhost if only allowing the local host. geoweaver.allowed_ssh_hosts=*