- more changes

arshan.dabirsiaghi@gmail.com · arshan.dabirsiaghi@gmail.com · commit cfcc3dcd5dc5 · 2009-02-13T19:43:47.000Z
diff --git a/src/main/java/org/owasp/esapi/filters/waf/AppGuardianConfiguration.java b/src/main/java/org/owasp/esapi/filters/waf/AppGuardianConfiguration.java
@@ -7,7 +7,6 @@
 
 public class AppGuardianConfiguration {
 
-
 	/*
 	 * Each stage has an associated set of rules.
 	 */
@@ -17,18 +16,18 @@ public class AppGuardianConfiguration {
 
 	private int defaultFailAction = DONT_BLOCK;
 
+	public static int MAX_FILE_SIZE = Integer.MAX_VALUE;
+
 	private List<Rule> beforeBodyRules;
 	private List<Rule> afterBodyRules;
 	private List<Rule> beforeResponseRules;
 
-	List<String> allowedMethods;
+	private List<String> allowedMethods;
 
 	public AppGuardianConfiguration() {
-
 		beforeBodyRules = new ArrayList<Rule>();
 		afterBodyRules = new ArrayList<Rule>();
 		beforeResponseRules = new ArrayList<Rule>();
-
 	}
 
 	public void setDefaultFailRule(int defaultFailAction) {
diff --git a/src/main/java/org/owasp/esapi/filters/waf/internal/InterceptingHTTPServletRequest.java b/src/main/java/org/owasp/esapi/filters/waf/internal/InterceptingHTTPServletRequest.java
@@ -16,13 +16,13 @@
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
 import org.apache.commons.fileupload.util.Streams;
+import org.owasp.esapi.filters.waf.AppGuardianConfiguration;
 import org.owasp.esapi.filters.waf.UploadTooLargeException;
 
 public class InterceptingHTTPServletRequest extends HttpServletRequestWrapper {
 
 	private Vector<Parameter> allParameters;
 	private Vector<String> allParameterNames;
-	private static int MAX_FILE_SIZE = Integer.MAX_VALUE;
 	private static int CHUNKED_BUFFER_SIZE = 1024;
 
 	public InterceptingHTTPServletRequest(HttpServletRequest request) throws UploadTooLargeException, FileUploadException, IOException {
@@ -75,17 +75,20 @@ public InterceptingHTTPServletRequest(HttpServletRequest request) throws UploadT
 			    	 * regular form field. Our job is to stream it
 			    	 * to make sure it's not too big.
 			    	 */
+
 			    	ByteArrayOutputStream baos = new ByteArrayOutputStream(request.getContentLength());
 			    	byte buffer[] = new byte[CHUNKED_BUFFER_SIZE];
+
 			    	int size = 0;
+			    	int len = 0;
 
-			    	while(size <= MAX_FILE_SIZE ) {
-			    		int len = stream.read(buffer, 0, CHUNKED_BUFFER_SIZE);
+			    	while ( len != -1 || size <= AppGuardianConfiguration.MAX_FILE_SIZE ) {
+			    		len = stream.read(buffer, 0, CHUNKED_BUFFER_SIZE);
 			    		size += len;
 			    		baos.write(stream.read());
 			    	}
 
-		    		if ( size > MAX_FILE_SIZE) {
+		    		if ( size > AppGuardianConfiguration.MAX_FILE_SIZE) {
 		    			throw new UploadTooLargeException("param: " + name);
 		    		}
 			    }
diff --git a/src/main/java/org/owasp/esapi/filters/waf/rules/AuthenticatedRule.java b/src/main/java/org/owasp/esapi/filters/waf/rules/AuthenticatedRule.java
@@ -2,13 +2,25 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 public class AuthenticatedRule extends Rule {
 
-	@Override
+	private String sessionAttribute;
+
+	public AuthenticatedRule(String sessionAttribute) {
+		this.sessionAttribute = sessionAttribute;
+	}
+
 	public boolean check(HttpServletRequest request,
 			HttpServletResponse response) {
-		// TODO Auto-generated method stub
+
+		HttpSession session = request.getSession();
+
+		if ( session != null && session.getAttribute(sessionAttribute) != null ) {
+			return true;
+		}
+
 		return false;
 	}
 
