apache-commons-fileupload: fix build (#14211)

Signed-off-by: David Korczynski <david@adalogics.com>

Author: DavidKorczynski

projects/apache-commons-fileupload/Dockerfile

@@ -34,6 +34,5 @@ COPY project-parent $SRC/project-parent/
 
 RUN rm -rf $SRC/project-parent/apache-commons-fileupload
 RUN git clone --depth 1 https://github.com/apache/commons-fileupload.git $SRC/project-parent/apache-commons-fileupload
-
 COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/

projects/apache-commons-fileupload/build.sh

@@ -20,12 +20,13 @@ PROJECT_GROUP_ID=org.apache.commons
 PROJECT_ARTIFACT_ID=commons-fileupload2
 MAIN_REPOSITORY=https://github.com/apache/commons-fileupload.git
 
-MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15 -Denforcer.skip=true -DskipTests"
+MAVEN_ARGS="-Djavac.src.version=15 -Djavac.target.version=15 -Denforcer.skip=true -DskipTests"
 
 function set_project_version_in_fuzz_targets_dependency {
   PROJECT_VERSION=$(cd $PROJECT && $MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
   # set dependency project version in fuzz-targets
-  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:$PROJECT_ARTIFACT_ID -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:commons-fileupload2-core -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:commons-fileupload2-javax -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
 }
 
 cd project-parent

projects/apache-commons-fileupload/project-parent/fuzz-targets/pom.xml

@@ -32,7 +32,12 @@
 
         <dependency>
             <groupId>org.apache.commons</groupId>
-            <artifactId>commons-fileupload2</artifactId>
+            <artifactId>commons-fileupload2-core</artifactId>
+            <version>2.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-fileupload2-javax</artifactId>
             <version>2.0-SNAPSHOT</version>
         </dependency>
         <dependency>

projects/apache-commons-fileupload/project-parent/fuzz-targets/src/test/java/com/example/FileUploadFuzzer.java

@@ -18,12 +18,12 @@
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 import com.code_intelligence.jazzer.junit.FuzzTest;
-import org.apache.commons.fileupload2.FileItem;
-import org.apache.commons.fileupload2.FileUpload;
-import org.apache.commons.fileupload2.FileUploadException;
-import org.apache.commons.fileupload2.MultipartStream;
-import org.apache.commons.fileupload2.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload2.servlet.ServletFileUpload;
+import org.apache.commons.fileupload2.core.FileItem;
+import org.apache.commons.fileupload2.core.AbstractFileUpload;
+import org.apache.commons.fileupload2.core.FileUploadException;
+import org.apache.commons.fileupload2.core.MultipartInput;
+import org.apache.commons.fileupload2.core.DiskFileItemFactory;
+import org.apache.commons.fileupload2.javax.JavaxServletFileUpload;
 
 import java.io.File;
 import java.io.IOException;
@@ -34,13 +34,14 @@
 public class FileUploadFuzzer {
     @FuzzTest
     void myFuzzTest(FuzzedDataProvider data)
-            throws IOException, FileUploadException, MultipartStream.MalformedStreamException {
-        DiskFileItemFactory factory = new DiskFileItemFactory();
-        factory.setRepository(new File("/tmp/abc"));
-        FileUpload upload = new ServletFileUpload(factory);
+            throws IOException, FileUploadException {
+        DiskFileItemFactory factory = DiskFileItemFactory.builder()
+                .setPath(new File("/tmp/abc").toPath())
+                .get();
+        AbstractFileUpload upload = new JavaxServletFileUpload(factory);
 
         // is set to tomcats default to approach CVE-2023-24998
-        upload.setFileCountMax(10000);
+        upload.setMaxFileCount(10000);
 
         String contentType = data.consumeAsciiString(200);
         String multipartData = data.consumeRemainingAsString();

projects/apache-commons-fileupload/project-parent/fuzz-targets/src/test/java/com/example/MockHttpServletRequest.java

@@ -16,7 +16,7 @@
 
 package com.example;
 
-import org.apache.commons.fileupload2.FileUploadBase;
+import org.apache.commons.fileupload2.core.AbstractFileUpload;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletInputStream;
@@ -63,7 +63,7 @@ public MockHttpServletRequest(
         mmRequestData = requestData;
         length = requestLength;
         mStrContentType = strContentType;
-        mHeaders.put(FileUploadBase.CONTENT_TYPE, strContentType);
+        mHeaders.put(AbstractFileUpload.CONTENT_TYPE, strContentType);
     }
 
     /**

projects/apache-commons-fileupload/project-parent/fuzz-targets/src/test/java/com/example/Util.java

@@ -16,13 +16,12 @@
 
 package com.example;
 
-import org.apache.commons.fileupload2.FileItem;
-import org.apache.commons.fileupload2.FileUpload;
-import org.apache.commons.fileupload2.FileUploadException;
-import org.apache.commons.fileupload2.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload2.portlet.PortletFileUpload;
-import org.apache.commons.fileupload2.servlet.ServletFileUpload;
-import org.apache.commons.fileupload2.servlet.ServletRequestContext;
+import org.apache.commons.fileupload2.core.FileItem;
+import org.apache.commons.fileupload2.core.AbstractFileUpload;
+import org.apache.commons.fileupload2.core.FileUploadException;
+import org.apache.commons.fileupload2.core.DiskFileItemFactory;
+import org.apache.commons.fileupload2.javax.JavaxServletFileUpload;
+import org.apache.commons.fileupload2.javax.JavaxServletRequestContext;
 
 import javax.servlet.http.HttpServletRequest;
 import java.io.UnsupportedEncodingException;
@@ -37,29 +36,29 @@
  */
 public class Util {
 
-    public static List<FileItem> parseUpload(final FileUpload upload, final byte[] bytes) throws FileUploadException {
+    public static List<FileItem> parseUpload(final AbstractFileUpload upload, final byte[] bytes) throws FileUploadException {
         return parseUpload(upload, bytes, Constants.CONTENT_TYPE);
     }
 
-    public static List<FileItem> parseUpload(final FileUpload upload, final byte[] bytes, final String contentType)
+    public static List<FileItem> parseUpload(final AbstractFileUpload upload, final byte[] bytes, final String contentType)
             throws FileUploadException {
         final HttpServletRequest request = new MockHttpServletRequest(bytes, contentType);
-        return upload.parseRequest(new ServletRequestContext(request));
+        return upload.parseRequest(new JavaxServletRequestContext(request));
     }
 
-    public static List<FileItem> parseUpload(final FileUpload upload, final String content)
+    public static List<FileItem> parseUpload(final AbstractFileUpload upload, final String content)
         throws UnsupportedEncodingException, FileUploadException {
         final byte[] bytes = content.getBytes(StandardCharsets.US_ASCII);
         return parseUpload(upload, bytes, Constants.CONTENT_TYPE);
     }
 
     /**
-     * Return a list of {@link FileUpload} implementations for parameterized tests.
-     * @return a list of {@link FileUpload} implementations
+     * Return a list of {@link AbstractFileUpload} implementations for parameterized tests.
+     * @return a list of {@link AbstractFileUpload} implementations
      */
-    public static List<FileUpload> fileUploadImplementations() {
+    public static List<AbstractFileUpload> fileUploadImplementations() {
+        DiskFileItemFactory factory = DiskFileItemFactory.builder().get();
         return Arrays.asList(
-                new ServletFileUpload(new DiskFileItemFactory()),
-                new PortletFileUpload(new DiskFileItemFactory()));
+                new JavaxServletFileUpload(factory));
     }
 }