operatorfabric-core icon indicating copy to clipboard operation
operatorfabric-core copied to clipboard

Published 20 hours ago verified publisher icon opfab

Json format check when loading business data is not working

Open freddidierRTE opened this issue 1 year ago • 0 comments

It is possible to push a none or invalid json file as businessdata

it should not be possible

In the code (services/businessconfig/src/main/java/org/opfab/businessconfig/services/ProcessesService.java) :

    public synchronized void updateBusinessDataFile(String fileContent, String resourceName)
            throws IOException, ParseException {
        
        resourceName = StringUtils.sanitize(resourceName);
        Path businessDataPath = Paths.get(this.storagePath + "/businessdata").normalize();

        if (!businessDataPath.toFile().exists()) {
            try {
                Files.createDirectories(businessDataPath);
            } catch (IOException e) {
                log.error("Impossible to create the necessary folder", businessDataPath.toString(), e);
            }
        }

        this.isResourceJSON(fileContent);

        // copy file
        PathUtils.copyInputStreamToFile(new ByteArrayInputStream(fileContent.getBytes()),
                businessDataPath.toString() + "/" + resourceName);

        eventBus.sendEvent("process", "BUSINESS_DATA_CHANGE");

    }

Add a karate test to check it

freddidierRTE avatar Jul 18 '24 09:07 freddidierRTE