From b65223c241f7f995d62dea08ebe9de1eb5806958 Mon Sep 17 00:00:00 2001 From: Maurice Lam Date: Fri, 5 Nov 2021 11:16:05 -0700 Subject: Remove nanohttpd/fileupload Fixes: 205161403 Test: TreeHugger Change-Id: I54f7da4f4a68983c782876bc05492f54e57ba780 --- fileupload/.gitignore | 2 - fileupload/README | 1 + fileupload/pom.xml | 46 ---- .../main/java/fi/iki/elonen/NanoFileUpload.java | 118 ---------- .../java/fi/iki/elonen/TestNanoFileUpLoad.java | 246 --------------------- 5 files changed, 1 insertion(+), 412 deletions(-) delete mode 100644 fileupload/.gitignore create mode 100644 fileupload/README delete mode 100644 fileupload/pom.xml delete mode 100644 fileupload/src/main/java/fi/iki/elonen/NanoFileUpload.java delete mode 100644 fileupload/src/test/java/fi/iki/elonen/TestNanoFileUpLoad.java diff --git a/fileupload/.gitignore b/fileupload/.gitignore deleted file mode 100644 index 868a6b2..0000000 --- a/fileupload/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/.settings/ -/LICENSE.txt diff --git a/fileupload/README b/fileupload/README new file mode 100644 index 0000000..4c70d72 --- /dev/null +++ b/fileupload/README @@ -0,0 +1 @@ +nanohttpd/fileupload is removed due to CVE-2016-1000031 \ No newline at end of file diff --git a/fileupload/pom.xml b/fileupload/pom.xml deleted file mode 100644 index a90469a..0000000 --- a/fileupload/pom.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - - nanohttpd-project - org.nanohttpd - 2.2.0 - - 4.0.0 - nanohttpd-apache-fileupload - NanoHttpd-apache file upload integration - nanohttpd-apache-fileupload integrates the apache file upload framework into nanohttpd - - - org.nanohttpd - nanohttpd - 2.2.0 - provided - - - commons-fileupload - commons-fileupload - 1.3.1 - - - javax.servlet - servlet-api - 2.5 - provided - - - org.apache.httpcomponents - httpclient - 4.4.1 - test - - - org.apache.httpcomponents - httpmime - 4.4.1 - test - - - - 0.99 - - \ No newline at end of file diff --git a/fileupload/src/main/java/fi/iki/elonen/NanoFileUpload.java b/fileupload/src/main/java/fi/iki/elonen/NanoFileUpload.java deleted file mode 100644 index ec02d4a..0000000 --- a/fileupload/src/main/java/fi/iki/elonen/NanoFileUpload.java +++ /dev/null @@ -1,118 +0,0 @@ -package fi.iki.elonen; - -/* - * #%L - * apache-fileupload-integration - * %% - * Copyright (C) 2012 - 2015 nanohttpd - * %% - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of the nanohttpd nor the names of its contributors - * may be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * #L% - */ - -import static fi.iki.elonen.NanoHTTPD.Method.POST; - -import java.io.IOException; -import java.io.InputStream; -import java.util.List; -import java.util.Map; - -import org.apache.commons.fileupload.FileItem; -import org.apache.commons.fileupload.FileItemFactory; -import org.apache.commons.fileupload.FileItemIterator; -import org.apache.commons.fileupload.FileUpload; -import org.apache.commons.fileupload.FileUploadBase; -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.fileupload.UploadContext; - -/** - * @author victor & ritchieGitHub - */ -public class NanoFileUpload extends FileUpload { - - public static class NanoHttpdContext implements UploadContext { - - private NanoHTTPD.IHTTPSession session; - - public NanoHttpdContext(NanoHTTPD.IHTTPSession session) { - this.session = session; - } - - @Override - public long contentLength() { - long size; - try { - String cl1 = session.getHeaders().get("content-length"); - size = Long.parseLong(cl1); - } catch (NumberFormatException var4) { - size = -1L; - } - - return size; - } - - @Override - public String getCharacterEncoding() { - return "UTF-8"; - } - - @Override - public String getContentType() { - return this.session.getHeaders().get("content-type"); - } - - @Override - public int getContentLength() { - return (int) contentLength(); - } - - @Override - public InputStream getInputStream() throws IOException { - return session.getInputStream(); - } - } - - public static final boolean isMultipartContent(NanoHTTPD.IHTTPSession session) { - return session.getMethod() == POST && FileUploadBase.isMultipartContent(new NanoHttpdContext(session)); - } - - public NanoFileUpload(FileItemFactory fileItemFactory) { - super(fileItemFactory); - } - - public List parseRequest(NanoHTTPD.IHTTPSession session) throws FileUploadException { - return this.parseRequest(new NanoHttpdContext(session)); - } - - public Map> parseParameterMap(NanoHTTPD.IHTTPSession session) throws FileUploadException { - return this.parseParameterMap(new NanoHttpdContext(session)); - } - - public FileItemIterator getItemIterator(NanoHTTPD.IHTTPSession session) throws FileUploadException, IOException { - return super.getItemIterator(new NanoHttpdContext(session)); - } - -} diff --git a/fileupload/src/test/java/fi/iki/elonen/TestNanoFileUpLoad.java b/fileupload/src/test/java/fi/iki/elonen/TestNanoFileUpLoad.java deleted file mode 100644 index ac18e3a..0000000 --- a/fileupload/src/test/java/fi/iki/elonen/TestNanoFileUpLoad.java +++ /dev/null @@ -1,246 +0,0 @@ -package fi.iki.elonen; - -/* - * #%L - * NanoHttpd-apache file upload integration - * %% - * Copyright (C) 2012 - 2015 nanohttpd - * %% - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * 3. Neither the name of the nanohttpd nor the names of its contributors - * may be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * #L% - */ - -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.net.InetAddress; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.commons.fileupload.FileItem; -import org.apache.commons.fileupload.FileItemIterator; -import org.apache.commons.fileupload.FileItemStream; -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.fileupload.disk.DiskFileItemFactory; -import org.apache.commons.fileupload.util.Streams; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.client.ClientProtocolException; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpTrace; -import org.apache.http.entity.ContentType; -import org.apache.http.entity.mime.HttpMultipartMode; -import org.apache.http.entity.mime.MultipartEntityBuilder; -import org.apache.http.entity.mime.content.FileBody; -import org.apache.http.entity.mime.content.StringBody; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.FixMethodOrder; -import org.junit.Test; -import org.junit.internal.runners.statements.Fail; - -import fi.iki.elonen.NanoHTTPD.Response.Status; - -/** - * very strange but if the file upload is the first request the test fails. - * - * @author ritchieGitHub - */ -@FixMethodOrder -public class TestNanoFileUpLoad { - - protected TestServer testServer; - - public static class TestServer extends NanoHTTPD { - - public Response response = newFixedLengthResponse(""); - - public String uri; - - public Method method; - - public Map header; - - public Map parms; - - public Map> files; - - public Map> decodedParamters; - - public Map> decodedParamtersFromParameter; - - public String queryParameterString; - - public TestServer() { - super(8192); - uploader = new NanoFileUpload(new DiskFileItemFactory()); - } - - public HTTPSession createSession(TempFileManager tempFileManager, InputStream inputStream, OutputStream outputStream) { - return new HTTPSession(tempFileManager, inputStream, outputStream); - } - - public HTTPSession createSession(TempFileManager tempFileManager, InputStream inputStream, OutputStream outputStream, InetAddress inetAddress) { - return new HTTPSession(tempFileManager, inputStream, outputStream, inetAddress); - } - - NanoFileUpload uploader; - - @Override - public Response serve(IHTTPSession session) { - - this.uri = session.getUri(); - this.method = session.getMethod(); - this.header = session.getHeaders(); - this.parms = session.getParms(); - if (NanoFileUpload.isMultipartContent(session)) { - try { - if ("/uploadFile1".equals(this.uri)) { - session.getHeaders().put("content-length", "AA"); - files = uploader.parseParameterMap(session); - } - if ("/uploadFile2".equals(this.uri)) { - files = new HashMap>(); - List parseRequest = uploader.parseRequest(session); - files.put(parseRequest.get(0).getFieldName(), parseRequest); - } - if ("/uploadFile3".equals(this.uri)) { - files = new HashMap>(); - FileItemIterator iter = uploader.getItemIterator(session); - while (iter.hasNext()) { - FileItemStream item = iter.next(); - final String fileName = item.getName(); - FileItem fileItem = uploader.getFileItemFactory().createItem(item.getFieldName(), item.getContentType(), item.isFormField(), fileName); - files.put(fileItem.getFieldName(), Arrays.asList(new FileItem[]{ - fileItem - })); - try { - Streams.copy(item.openStream(), fileItem.getOutputStream(), true); - } catch (Exception e) { - } - fileItem.setHeaders(item.getHeaders()); - } - } - } catch (Exception e) { - this.response.setStatus(Status.INTERNAL_ERROR); - e.printStackTrace(); - } - } - this.queryParameterString = session.getQueryParameterString(); - this.decodedParamtersFromParameter = decodeParameters(this.queryParameterString); - this.decodedParamters = decodeParameters(session.getQueryParameterString()); - return this.response; - } - - } - - @Test - public void testNormalRequest() throws Exception { - CloseableHttpClient httpclient = HttpClients.createDefault(); - HttpTrace httphead = new HttpTrace("http://localhost:8192/index.html"); - CloseableHttpResponse response = httpclient.execute(httphead); - Assert.assertEquals(200, response.getStatusLine().getStatusCode()); - response.close(); - } - - @Test - public void testPostWithMultipartFormUpload1() throws Exception { - CloseableHttpClient httpclient = HttpClients.createDefault(); - String textFileName = "src/test/java/fi/iki/elonen/TestNanoFileUpLoad.java"; - HttpPost post = new HttpPost("http://localhost:8192/uploadFile1"); - - executeUpload(httpclient, textFileName, post); - FileItem file = this.testServer.files.get("upfile").get(0); - Assert.assertEquals(file.getSize(), new File(textFileName).length()); - } - - @Test - public void testPostWithMultipartFormUpload2() throws Exception { - CloseableHttpClient httpclient = HttpClients.createDefault(); - String textFileName = "src/test/java/fi/iki/elonen/TestNanoFileUpLoad.java"; - HttpPost post = new HttpPost("http://localhost:8192/uploadFile2"); - - executeUpload(httpclient, textFileName, post); - FileItem file = this.testServer.files.get("upfile").get(0); - Assert.assertEquals(file.getSize(), new File(textFileName).length()); - } - - @Test - public void testPostWithMultipartFormUpload3() throws Exception { - CloseableHttpClient httpclient = HttpClients.createDefault(); - String textFileName = "src/test/java/fi/iki/elonen/TestNanoFileUpLoad.java"; - HttpPost post = new HttpPost("http://localhost:8192/uploadFile3"); - - executeUpload(httpclient, textFileName, post); - FileItem file = this.testServer.files.get("upfile").get(0); - Assert.assertEquals(file.getSize(), new File(textFileName).length()); - } - - private void executeUpload(CloseableHttpClient httpclient, String textFileName, HttpPost post) throws IOException, ClientProtocolException { - FileBody fileBody = new FileBody(new File(textFileName), ContentType.DEFAULT_BINARY); - StringBody stringBody1 = new StringBody("Message 1", ContentType.MULTIPART_FORM_DATA); - - MultipartEntityBuilder builder = MultipartEntityBuilder.create(); - builder.setMode(HttpMultipartMode.BROWSER_COMPATIBLE); - builder.addPart("upfile", fileBody); - builder.addPart("text1", stringBody1); - HttpEntity entity = builder.build(); - // - post.setEntity(entity); - HttpResponse response = httpclient.execute(post); - Assert.assertEquals(200, response.getStatusLine().getStatusCode()); - } - - @Before - public void setUp() throws IOException { - this.testServer = new TestServer(); - this.testServer.start(); - try { - long start = System.currentTimeMillis(); - Thread.sleep(100L); - while (!this.testServer.wasStarted()) { - Thread.sleep(100L); - if (System.currentTimeMillis() - start > 2000) { - Assert.fail("could not start server"); - } - } - } catch (InterruptedException e) { - } - } - - @After - public void tearDown() { - this.testServer.stop(); - } - -} -- cgit v1.2.3