Merge pull request #154 from common-workflow-language/doublegit

Ensure generic git handling of github.com gitlab.com URIs

Author: MarkRobbo

src/main/java/org/commonwl/view/cwl/CWLService.java

@@ -19,13 +19,22 @@
 
 package org.commonwl.view.cwl;
 
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.node.ArrayNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
-import com.fasterxml.jackson.databind.node.TextNode;
+import static org.apache.commons.io.FileUtils.readFileToString;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.FilenameUtils;
+import org.apache.jena.iri.IRI;
+import org.apache.jena.iri.IRIFactory;
 import org.apache.jena.ontology.OntModelSpec;
 import org.apache.jena.query.QuerySolution;
 import org.apache.jena.query.ResultSet;
@@ -47,15 +56,11 @@
 import org.springframework.stereotype.Service;
 import org.yaml.snakeyaml.Yaml;
 
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.StringWriter;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.*;
-
-import static org.apache.commons.io.FileUtils.readFileToString;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.fasterxml.jackson.databind.node.TextNode;
 
 /**
  * Provides CWL parsing for workflows to gather an overview
@@ -65,6 +70,7 @@
 public class CWLService {
 
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
+    private final IRIFactory iriFactory = IRIFactory.iriImplementation();
 
     // Autowired properties/services
     private final RDFService rdfService;
@@ -368,8 +374,10 @@ public Workflow parseWorkflowWithCwltool(Workflow basicModel,
                 // Add new step
                 CWLStep wfStep = new CWLStep();
 
-                Path workflowPath = Paths.get(step.get("wf").toString()).getParent();
-                Path runPath = Paths.get(step.get("run").toString());
+                IRI wfStepUri = iriFactory.construct(step.get("wf").asResource().getURI());
+                IRI workflowPath = wfStepUri.resolve("./");
+
+                IRI runPath = iriFactory.construct(step.get("run").asResource().getURI());
                 wfStep.setRun(workflowPath.relativize(runPath).toString());
                 wfStep.setRunType(rdfService.strToRuntype(step.get("runtype").toString()));
 

src/main/java/org/commonwl/view/workflow/WorkflowController.java

@@ -127,22 +127,24 @@ public ModelAndView createWorkflow(@Valid WorkflowForm workflowForm, BindingResu
                         return new ModelAndView("redirect:" + gitInfo.getInternalUrl());
                     }
                 } catch (TransportException ex) {
+                    logger.warn("git.sshError " + workflowForm , ex);
                     bindingResult.rejectValue("url", "git.sshError");
                     return new ModelAndView("index");
                 } catch (GitAPIException ex) {
+                    logger.error("git.retrievalError " + workflowForm , ex);
                     bindingResult.rejectValue("url", "git.retrievalError");
-                    logger.error("Git API Error", ex);
                     return new ModelAndView("index");
                 } catch (WorkflowNotFoundException ex) {
+                    logger.warn("git.pathTraversal " + workflowForm , ex);
                     bindingResult.rejectValue("url", "git.pathTraversal");
                     return new ModelAndView("index");
                 } catch (Exception ex) {
+                    logger.warn("url.parsingError " + workflowForm , ex);
                     bindingResult.rejectValue("url", "url.parsingError");
                     return new ModelAndView("index");
                 }
             }
             gitInfo = workflow.getRetrievedFrom();
-
             // Redirect to the workflow
             return new ModelAndView("redirect:" + gitInfo.getInternalUrl());
         }
@@ -473,12 +475,16 @@ private ModelAndView getWorkflow(GitDetails gitDetails, RedirectAttributes redir
                             }
                         }
                     } catch (TransportException ex) {
+                        logger.warn("git.sshError " + workflowForm , ex);
                         errors.rejectValue("url", "git.sshError", "SSH URLs are not supported, please provide a HTTPS URL for the repository or submodules");
                     } catch (GitAPIException ex) {
+                        logger.error("git.retrievalError " + workflowForm, ex);
                         errors.rejectValue("url", "git.retrievalError", "The workflow could not be retrieved from the Git repository using the details given");
                     } catch (WorkflowNotFoundException ex) {
+                        logger.warn("git.pathTraversal " + workflowForm, ex);
                         errors.rejectValue("url", "git.pathTraversal", "The path given did not resolve to a location within the repository");
                     } catch (IOException ex) {
+                        logger.warn("git.parsingError " + workflowForm, ex);
                         errors.rejectValue("url", "url.parsingError", "The workflow could not be parsed from the given URL");
                     }
                 }

src/main/java/org/commonwl/view/workflow/WorkflowForm.java

@@ -75,4 +75,11 @@ public void setPath(String path) {
     private String trimTrailingSlashes(String url) {
         return url.replaceAll("\\/+$", "");
     }
+
+    @Override
+    public String toString() {
+        return "WorkflowForm [" + (url != null ? "url=" + url + ", " : "")
+                 + (branch != null ? "branch=" + branch + ", " : "") + (path != null ? "path=" + path : "") + "]";
+    }
+
 }

src/main/java/org/commonwl/view/workflow/WorkflowFormValidator.java

@@ -99,7 +99,7 @@ public GitDetails validateAndParse(WorkflowForm form, Errors e) {
 
             // Github Dir URL
             m = githubDirPattern.matcher(form.getUrl());
-            if (m.find()) {
+            if (m.find() && ! m.group(2).endsWith(".git")) {
                 String repoUrl = "https://github.com/" + m.group(1) + "/" + m.group(2) + ".git";
                 if (branch == null) branch = m.group(3);
                 if (path == null) path = m.group(4);
@@ -108,7 +108,7 @@ public GitDetails validateAndParse(WorkflowForm form, Errors e) {
 
             // Gitlab Dir URL
             m = gitlabDirPattern.matcher(form.getUrl());
-            if (m.find()) {
+            if (m.find() && ! m.group(2).endsWith(".git")) {
                 String repoUrl = "https://gitlab.com/" + m.group(1) + "/" + m.group(2) + ".git";
                 if (branch == null) branch = m.group(3);
                 if (path == null) path = m.group(4);

src/main/java/org/commonwl/view/workflow/WorkflowService.java

@@ -41,7 +41,9 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
@@ -212,7 +214,8 @@ public List<WorkflowOverview> getWorkflowsFromDirectory(GitDetails gitInfo) thro
 
             Path localPath = repo.getRepository().getWorkTree().toPath();
             Path pathToDirectory = localPath.resolve(gitInfo.getPath()).normalize().toAbsolutePath();
-            if (pathToDirectory.toString().equals("/")) {
+            Path root = Paths.get("/").toAbsolutePath();
+            if (pathToDirectory.equals(root)) {
                 pathToDirectory = localPath;
             } else if (!pathToDirectory.startsWith(localPath.normalize().toAbsolutePath())) {
                 // Prevent path traversal attacks
@@ -307,6 +310,9 @@ public QueuedWorkflow createQueuedWorkflow(GitDetails gitInfo)
             }
 
             File workflowFile = new File(pathToWorkflowFile.toString());
+            if (! Files.isReadable(workflowFile.toPath())) {
+                throw new WorkflowNotFoundException();
+            }
             Workflow basicModel = cwlService.parseWorkflowNative(workflowFile);
 
             // Set origin details

src/main/resources/application.properties

@@ -6,14 +6,14 @@
 applicationName = Common Workflow Language Viewer
 applicationURL = https://view.commonwl.org
 
-# Path to a directory in which the RO Bundles will be stored
-bundleStorage = /tmp
+# Path to a directory in which the RO Bundles will be stored, e.g. /tmp
+bundleStorage = ${java.io.tmpdir}
 
-# Path to a directory in which graphviz images will be stored
-graphvizStorage = /tmp
+# Path to a directory in which graphviz images will be stored, e.g. /tmp
+graphvizStorage = ${java.io.tmpdir}
 
-# Path to a directory in which git repositories will be checked out into
-gitStorage = /tmp
+# Path to a directory in which git repositories will be checked out into, e.g. /tmp
+gitStorage = ${java.io.tmpdir}
 
 # How long to cache workflows in days before checking for changes via Github
 cacheDays = 1

src/test/java/org/commonwl/view/cwl/CWLServiceTest.java

@@ -197,7 +197,8 @@ public void workflowOverviewOverSingleFileSizeLimitThrowsIOException() throws Ex
 
         // Should throw IOException due to oversized file
         thrown.expect(IOException.class);
-        thrown.expectMessage("File 'hello.cwl' is over singleFileSizeLimit - 672 bytes/0 bytes");
+        thrown.expectMessage(String.format("File 'hello.cwl' is over singleFileSizeLimit - %s bytes/0 bytes", 
+                helloWorkflow.length()));
         cwlService.getWorkflowOverview(helloWorkflow);
 
     }

src/test/java/org/commonwl/view/researchobject/ROBundleFactoryTest.java

@@ -65,7 +65,8 @@ public void bundleForValidWorkflow() throws Exception {
         // Attempt to add RO to workflow
         factory.createWorkflowRO(validWorkflow);
 
-        assertEquals("test/path/to/check/for.zip", validWorkflow.getRoBundlePath());
+        assertEquals(Paths.get("test/path/to/check/for.zip"), 
+                Paths.get(validWorkflow.getRoBundlePath()));
 
     }
 

src/test/java/org/commonwl/view/workflow/WorkflowServiceTest.java

@@ -107,7 +107,8 @@ public void getWorkflowsFromDirectory() throws Exception {
     @Test
     public void getWorkflowCacheHasExpired() throws Exception {
 
-        GitDetails githubInfo = new GitDetails("https://github.com/owner/repoName.git", "sha", "path");
+        GitDetails githubInfo = new GitDetails("https://github.com/common-workflow-language/workflows.git",
+                "master", "dna.cwl");
 
         Workflow oldWorkflow = new Workflow("old", "This is the expired workflow",
                 new HashMap<>(), new HashMap<>(), new HashMap<>(), null);
@@ -128,7 +129,7 @@ public void getWorkflowCacheHasExpired() throws Exception {
         when(mockCWLService.parseWorkflowNative(anyObject())).thenReturn(updatedWorkflow);
 
         Repository mockRepo = Mockito.mock(Repository.class);
-        when(mockRepo.getWorkTree()).thenReturn(new File("src/test/resources/cwl/make_to_cwl/dna.cwl"));
+        when(mockRepo.getWorkTree()).thenReturn(new File("src/test/resources/cwl/make_to_cwl"));
 
         Git mockGitRepo = Mockito.mock(Git.class);
         when(mockGitRepo.getRepository()).thenReturn(mockRepo);