Updated getSafeFileUpload and removed previous code. Added new method with only 2 parameters. This method uses the default upload location. Updated JUnit tests.

kfealz@gmail.com · kfealz@gmail.com · commit 2ae893bfe63f · 2009-04-21T16:21:42.000Z
diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -33,6 +33,7 @@
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.filters.SafeRequest;
 import org.owasp.esapi.filters.SafeResponse;
+import org.owasp.esapi.http.MockHttpServletRequest;
 
 
 /**
@@ -383,4 +384,7 @@ public interface HTTPUtilities {
      */
     void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate);
 
+
+	List getSafeFileUploads(HttpServletRequest request, File tempDir) throws ValidationException;
+
 }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -49,6 +49,7 @@
 import org.owasp.esapi.errors.ValidationUploadException;
 import org.owasp.esapi.filters.SafeRequest;
 import org.owasp.esapi.filters.SafeResponse;
+import org.owasp.esapi.http.MockHttpServletRequest;
 
 /**
  * Reference implementation of the HTTPUtilities interface. This implementation
@@ -344,6 +345,20 @@ public void encryptStateInCookie(HttpServletResponse response, Map cleartext) th
     	Cookie cookie = new Cookie( "state", encrypted );
     	response.addCookie( cookie );
     }
+    
+    /**
+	 * Uses the Apache Commons FileUploader to parse the multipart HTTP request
+	 * and extract any files therein. Note that the progress of any uploads is
+	 * put into a session attribute, where it can be retrieved with a simple
+	 * JSP.  Places the file in the default upload directory declared in ESAPI.properties.
+	 * 
+	 * 
+     * @param request
+     * @return list of File objects for new files in final directory
+	 */
+    public List getSafeFileUploads(HttpServletRequest request, File tempDir) throws ValidationException {
+    	return getSafeFileUploads(request, tempDir, ESAPI.securityConfiguration().getUploadDirectory());
+    }
 
 	/**
 	 * Uses the Apache Commons FileUploader to parse the multipart HTTP request
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -204,6 +204,23 @@ public void testGetFileUploads() throws IOException {
             fail();
         }
         
+        MockHttpServletRequest request4 = new MockHttpServletRequest("/test", content.getBytes());
+        request4.setContentType( "multipart/form-data; boundary=ridiculous");
+        ESAPI.httpUtilities().setCurrentHTTP(request4, response);
+        System.err.println("UPLOAD DIRECTORY: " + ESAPI.securityConfiguration().getUploadDirectory());
+        try {
+            List list = ESAPI.httpUtilities().getSafeFileUploads(request4, home);
+            Iterator i = list.iterator();
+            while ( i.hasNext() ) {
+            	File f = (File)i.next();
+            	System.out.println( "  " + f.getAbsolutePath() );
+            }
+            assertTrue( list.size() > 0 );
+        } catch (ValidationException e) {
+        	System.err.println("ERROR: " + e.toString());
+            fail();
+        }
+        
         MockHttpServletRequest request3 = new MockHttpServletRequest("/test", content.replaceAll("txt", "ridiculous").getBytes());
         request3.setContentType( "multipart/form-data; boundary=ridiculous");
         ESAPI.httpUtilities().setCurrentHTTP(request3, response);
@@ -214,22 +231,6 @@ public void testGetFileUploads() throws IOException {
         	// expected
         }
         
-        MockHttpServletRequest request4 = new MockHttpServletRequest("/test", content.getBytes());
-        request2.setContentType( "multipart/form-data; boundary=ridiculous");
-        ESAPI.httpUtilities().setCurrentHTTP(request2, response);
-        
-//        TODO: KF
-//        try {
-//            List list = ESAPI.httpUtilities().getSafeFileUploads(request2, home, null);
-//            Iterator i = list.iterator();
-//            while ( i.hasNext() ) {
-//            	File f = (File)i.next();
-//            	System.out.println( "  " + f.getAbsolutePath() );
-//            }
-//            assertTrue( list.size() > 0 );
-//        } catch (ValidationException e) {
-//            fail();
-//        }
     }
 
     /**
