Fixed vulnerabilities

car031 · car031 · commit 93aa6f77332f · 2024-09-23T07:44:59.000+02:00
diff --git a/logicaldoc-core/src/main/java/com/logicaldoc/core/store/AbstractStore.java b/logicaldoc-core/src/main/java/com/logicaldoc/core/store/AbstractStore.java
@@ -254,9 +254,9 @@ public String getResourceName(Document doc, String fileVersion, String suffix) {
 		/*
 		 * All versions of a document are stored in the same directory as the
 		 * current version, but the filename is the version number without
-		 * extension, e.g. "docId/2.1"
+		 * extension, e.g. "doc/2.1"
 		 */
-		String filename;
+		String resourceName;
 		if (doc.getDocRef() != null) {
 			// The shortcut document doesn't have the 'fileversion' and the
 			// 'version'
@@ -268,20 +268,20 @@ public String getResourceName(Document doc, String fileVersion, String suffix) {
 		}
 
 		if (StringUtils.isEmpty(fileVersion))
-			filename = document.getFileVersion();
+			resourceName = document.getFileVersion();
 		else
-			filename = fileVersion;
-		if (StringUtils.isEmpty(filename))
-			filename = document.getVersion();
+			resourceName = fileVersion;
+		if (StringUtils.isEmpty(resourceName))
+			resourceName = document.getVersion();
 
 		/*
 		 * Document's related resources are stored with a suffix, e.g.
 		 * "doc/2.1-thumb.png"
 		 */
 		if (StringUtils.isNotEmpty(suffix))
-			filename += "-" + suffix;
+			resourceName += "-" + suffix;
 
-		return filename;
+		return sanitizeResourceName(resourceName);
 	}
 
 	@Override
@@ -296,6 +296,10 @@ public String getResourceName(long docId, String fileVersion, String suffix) {
 		}
 	}
 
+	protected String sanitizeResourceName(String resourceName) {
+		return resourceName.replace("..", "").replace("/", "").replace("\\", "");
+	}
+
 	@Override
 	public Map<String, String> getParameters() {
 		return parameters;
diff --git a/logicaldoc-core/src/main/java/com/logicaldoc/core/store/FSStore.java b/logicaldoc-core/src/main/java/com/logicaldoc/core/store/FSStore.java
@@ -82,7 +82,8 @@ public void store(File file, long docId, String resource) throws IOException {
 
 		File dir = getContainer(docId);
 		FileUtils.forceMkdir(dir);
-		File dest = new File(new StringBuilder(dir.getPath()).append("/").append(resource).toString());
+		File dest = new File(
+				new StringBuilder(dir.getPath()).append("/").append(sanitizeResourceName(resource)).toString());
 		FileUtil.copyFile(file, dest);
 
 		checkWriteAfterStore(docId, resource, file.length());
@@ -97,7 +98,7 @@ public void store(InputStream stream, long docId, String resource) throws IOExce
 
 			File dir = getContainer(docId);
 			FileUtils.forceMkdir(dir);
-			file = new File(new StringBuilder(dir.getPath()).append("/").append(resource).toString());
+			file = new File(new StringBuilder(dir.getPath()).append("/").append(sanitizeResourceName(resource)).toString());
 			FileUtil.writeFile(stream, file.getPath());
 		} catch (IOException e) {
 			throw e;
@@ -111,14 +112,14 @@ public void store(InputStream stream, long docId, String resource) throws IOExce
 	@Override
 	public void writeToFile(long docId, String resource, File out) throws IOException {
 		File container = getContainer(docId);
-		File file = new File(container, resource);
+		File file = new File(container, sanitizeResourceName(resource));
 		FileUtil.copyFile(file, out);
 	}
 
 	@Override
 	public InputStream getStream(long docId, String resource) throws IOException {
 		File container = getContainer(docId);
-		File file = new File(container, resource);
+		File file = new File(container, sanitizeResourceName(resource));
 
 		try {
 			return new BufferedInputStream(new FileInputStream(file), DEFAULT_BUFFER_SIZE);
@@ -142,7 +143,7 @@ public long getTotalSize() {
 	@Override
 	public byte[] getBytes(long docId, String resource, long start, long length) throws IOException {
 		File container = getContainer(docId);
-		File file = new File(container, resource);
+		File file = new File(container, sanitizeResourceName(resource));
 		return FileUtil.toByteArray(file, start, length);
 	}
 
@@ -168,14 +169,14 @@ else if (StringUtils.isNotEmpty(fileVersion)) {
 	@Override
 	public long size(long docId, String resource) {
 		File file = getContainer(docId);
-		file = new File(file, resource);
+		file = new File(file, sanitizeResourceName(resource));
 		return file.length();
 	}
 
 	@Override
 	public boolean exists(long docId, String resource) {
 		File file = getContainer(docId);
-		file = new File(file, resource);
+		file = new File(file, sanitizeResourceName(resource));
 		return file.exists();
 	}
 
diff --git a/logicaldoc-core/src/test/java/com/logicaldoc/core/CoreWorkbench.java b/logicaldoc-core/src/test/java/com/logicaldoc/core/CoreWorkbench.java
@@ -44,31 +44,11 @@ public class CoreWorkbench {
 	 * @throws IOException
 	 */
 	public static void main(String[] args) throws IOException {
-		String expression = """
-#set( $javalang = "java.lang" )
-#set( $runtime = "Runtime" )
-#set( $full = "$javalang.$runtime" )
-$context.getClass().forName($full)
-  	.   	
-   getRuntime()	.exec("/bin/bash -c id${IFS}>/tmp/rce");
-$context.getClass().forName("poll)o"
-).golla().exec("/bin/bash -c id${IFS}>/tmp/rce");
-$context.getClass().forName('poll)o').ciao();
-
-$context.getClass().forName($full).sdsd.exec("sdfrt");
-$log.info("done");
-""";
-
-		Pattern runtimePattern = Pattern.compile("\\.\\s*(getRuntime|runtime)", Pattern.DOTALL);
-		Matcher m = runtimePattern.matcher(expression);
-		while (m.find()) {
-			System.out.println("\nSuspicious instruction: " + m.group());
-			
-			final String snippet = expression.substring(Math.max(0, m.start() - 50),
-					Math.min(expression.length() - 1, m.end() + 50));
-			System.out.println("\n" + snippet);
-		}
-
+		String expression = "1.0-conversion-pdf";
+		System.out.println(expression.replace("..", "").replace("/", "").replace("\\", "") );
+		
+		
+		
 //		OperatingSystemMXBean osBean = ManagementFactory.getPlatformMXBean(OperatingSystemMXBean.class);
 //		// What % CPU load this current JVM is taking, from 0.0-1.0
 //		System.out.println(osBean.getProcessCpuLoad());
diff --git a/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/folder/ContextMenu.java b/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/folder/ContextMenu.java
@@ -138,10 +138,10 @@ public void onFailure(Throwable caught) {
 						@Override
 						public void onSuccess(GUIFolder selectedFolder) {
 							delete.setEnabled(!selectedFolder.isDefaultWorkspace());
-							move.setEnabled(false);
-							merge.setEnabled(false);
+							move.setEnabled(!selectedFolder.isDefaultWorkspace());
 							rename.setEnabled(!selectedFolder.isDefaultWorkspace());
 							createWorkspace.setEnabled(Feature.enabled(Feature.MULTI_WORKSPACE));
+							merge.setEnabled(false);
 						}
 					});
 	}
@@ -321,7 +321,7 @@ private MenuItem prepareExportZipMenuItem(final GUIFolder folder) {
 	private MenuItem prepareMoveMenuItem() {
 		MenuItem move = new MenuItem();
 		move.setTitle(I18N.message("move"));
-		move.addClickHandler(event -> new MoveDialog().show());
+		move.addClickHandler(click -> new MoveDialog().show());
 		move.setEnabled(acl.isMove());
 		return move;
 	}
diff --git a/logicaldoc-webservice/src/main/java/com/logicaldoc/webservice/soap/client/SoapDocumentClient.java b/logicaldoc-webservice/src/main/java/com/logicaldoc/webservice/soap/client/SoapDocumentClient.java
@@ -384,6 +384,12 @@ public void replaceFile(String sid, long docId, String fileVersion, String comme
 		client.replaceFile(sid, docId, fileVersion, comment, content);
 	}
 
+	public void replaceFile(String sid, long docId, String fileVersion, String comment, File content)
+			throws AuthenticationException, PermissionException, WebserviceException, PersistenceException, IOException,
+			UnexistingResourceException {
+		client.replaceFile(sid, docId, fileVersion, comment, new DataHandler(new FileDataSource(content)));
+	}
+
 	@Override
 	public void promoteVersion(String sid, long docId, String version) throws AuthenticationException,
 			PermissionException, WebserviceException, PersistenceException, IOException, UnexistingResourceException {
