diff options
author | Nils Schwabe | 2014-07-14 14:06:22 +0200 |
---|---|---|
committer | Nils Schwabe | 2014-07-14 14:06:22 +0200 |
commit | fcce38a82a0df39cddb95b1e987669cdc5073f2a (patch) | |
tree | 2ffe89b249e257ab078e7d4ea04e37d1df7efe5c /src/main/java/org/openslx/imagemaster/serverconnection | |
parent | Fix some todos (diff) | |
download | masterserver-fcce38a82a0df39cddb95b1e987669cdc5073f2a.tar.gz masterserver-fcce38a82a0df39cddb95b1e987669cdc5073f2a.tar.xz masterserver-fcce38a82a0df39cddb95b1e987669cdc5073f2a.zip |
Add security checks for image upload
Fix typo
Diffstat (limited to 'src/main/java/org/openslx/imagemaster/serverconnection')
-rw-r--r-- | src/main/java/org/openslx/imagemaster/serverconnection/ImageProcessor.java | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/main/java/org/openslx/imagemaster/serverconnection/ImageProcessor.java b/src/main/java/org/openslx/imagemaster/serverconnection/ImageProcessor.java index b86c8b5..f40aece 100644 --- a/src/main/java/org/openslx/imagemaster/serverconnection/ImageProcessor.java +++ b/src/main/java/org/openslx/imagemaster/serverconnection/ImageProcessor.java @@ -14,8 +14,11 @@ import org.apache.log4j.Logger; import org.openslx.imagemaster.Globals; import org.openslx.imagemaster.crcchecker.CRCFile; import org.openslx.imagemaster.db.DbImage; +import org.openslx.imagemaster.db.DbUser; import org.openslx.imagemaster.thrift.iface.DownloadInfos; import org.openslx.imagemaster.thrift.iface.ImageData; +import org.openslx.imagemaster.thrift.iface.ImageDataError; +import org.openslx.imagemaster.thrift.iface.ImageDataException; import org.openslx.imagemaster.thrift.iface.UploadError; import org.openslx.imagemaster.thrift.iface.UploadException; import org.openslx.imagemaster.thrift.iface.UploadInfos; @@ -60,12 +63,25 @@ public class ImageProcessor * @param serverSessionId The uploading server * @param imageData The data of the image * @return - * @throws UploadException If some error occured during the process + * @throws UploadException If some error occurred during the process */ - public static UploadInfos getUploadInfos( String serverSessionId, ImageData imageData, List<Integer> crcSums ) throws UploadException + public static UploadInfos getUploadInfos( String serverSessionId, ImageData imageData, List<Integer> crcSums ) + throws UploadException, ImageDataException { // check image data - // TODO: do security checks + if ( DbImage.exists( imageData.uuid ) ) { + throw new ImageDataException( ImageDataError.INVALID_DATA, "UUID already existing."); + } else if ( imageData.imageName == null || imageData.imageName.isEmpty() ) { + throw new ImageDataException( ImageDataError.INVALID_DATA, "Image name not set."); + } else if ( imageData.imageName == null || imageData.imageOwner.isEmpty() ) { + throw new ImageDataException( ImageDataError.INVALID_DATA, "Image owner not set."); + } else if ( imageData.contentOperatingSystem == null || imageData.contentOperatingSystem.isEmpty() ) { + throw new ImageDataException( ImageDataError.INVALID_DATA, "Content operating system not set."); + } else if ( imageData.fileSize <= 0 ) { + throw new ImageDataException( ImageDataError.INVALID_DATA, "File size is too small."); + } else if ( !DbUser.exists( imageData.imageOwner ) ) { + throw new ImageDataException( ImageDataError.INVALID_DATA, "User is not known." ); + } String uuid = imageData.uuid; String token; |