I need a validator for an upload file, for the moment I can upload all the files but I need a check that file is less than 10 MB and only text format such as ms word, txt, ppt, excel (not executable, might be harmful).
Do I have to use and libraries of java for that, or I don't know what, cause I am a junior. If anyone has any ideas that will be very nice.
I have seen some other similar question and i try out but none that can help me.
Ps: I am working on java spring.
Here is my code is compiled but not working is possible edit and also to check for the length.
class FileUploader implements Receiver, SucceededListener, FailedListener, ProgressListener {
private static final long serialVersionUID = 1L;
public File file;
public String filename;
#Override
public void updateProgress(long readBytes, long contentLength) {
UI ui = UI.getCurrent();
ui.access(() -> {
progressBar.setCaption("Uploaded: " + (float) readBytes / (float) contentLength * 100 + "%");
progressBar.setValue((float) readBytes / (float) contentLength);
progressBar.setVisible(true);
});
}
#Override
public void uploadFailed(FailedEvent event) {
UIHelper.showErrorNotification("File could not be uploaded");
}
#Override
public void uploadSucceeded(SucceededEvent event) {
try {
String savePath = "/var/ccpt_work_files/";
Path filePath = Paths.get(savePath);
if (Files.exists(filePath)) {
copyFiles("/tmp/" + event.getFilename(), savePath + event.getFilename(), savePath + event.getFilename());
} else {
File targetFile = new File(savePath);
if (!targetFile.mkdirs()) {
UIHelper.showErrorNotification("Couldn't create dir: " + targetFile);
} else {
copyFiles("/tmp/" + event.getFilename(), savePath + event.getFilename(), savePath + event.getFilename());
}
}
} catch (IOException e) {
UIHelper.showErrorNotification("File could not be uploaded");
}
UIHelper.showInformationNotification("File successfully uploaded");
}
private void copyFiles(String from, String to, String finalPath) throws IOException {
com.google.common.io.Files.copy(new File(from), new File(to));
uploadedFilePath = finalPath;
}
#Override
public OutputStream receiveUpload(String filename, String mimeType) {
this.filename = filename;
FileOutputStream fos = null;
try {
file = new File("/tmp/" + filename);
fos = new FileOutputStream(file);
if (!file.exists()) {
file.createNewFile();
}
} catch (final IOException e) {
UIHelper.showErrorNotification("File could not be stored in server");
return null;
}
return fos;
}
};
If you already have the File object of type java.io.File, you can just check for file size and mime type
boolean hasValidFileSize(File file, double maxFileSize) {
double bytes = file.length();
double megabytes = (kilobytes / 1024) / 1024;
if (megabytes > maxFileSize) {
return false;
}
return true;
}
For non harmful files, you can just check for the mime type. Look for ways on how to get the mime types for the files that you needed to be allowed and compare it with your file's mime type.
You can use this method to get the fileSize of a file.
static String getFileSizeMegaBytes(File file) {
return (double) file.length() / (1024 * 1024) + " mb";
}
Refer the post to get the file type.
File tyle extension
Related
Based on https://support.google.com/faqs/answer/9294009, we implement "Zip Path Traversal Vulnerability" detection in our code.
We are getting crash log from Google Play Console, as we run throw new SecurityException("https://support.google.com/faqs/answer/9294009"); explicitly when we encounter "Zip Path Traversal Vulnerability".
Currently, sometimes, I have "Zip Path Traversal Vulnerability" happens only in Android 11.
public static boolean extractZipFile(InputStream inputStream, String destDirectory, boolean overwrite) {
ZipInputStream zipInputStream = null;
boolean status = true;
try {
zipInputStream = new ZipInputStream(inputStream);
final byte[] data = new byte[1024];
while (true) {
ZipEntry zipEntry = null;
FileOutputStream outputStream = null;
try {
zipEntry = zipInputStream.getNextEntry();
if (zipEntry == null) {
break;
}
final File destination = new File(destDirectory, zipEntry.getName());
final String canonicalPath = destination.getCanonicalPath();
if (!canonicalPath.startsWith(destDirectory)) {
throw new SecurityException("https://support.google.com/faqs/answer/9294009");
}
I always ensure destDirectory is non null, before calling extractZipFile
public static boolean extractZipFile(InputStream inputStream, boolean overwrite) {
String destDirectory = Utils.getUserDataDirectory();
if (destDirectory == null) {
return false;
}
return extractZipFile(inputStream, destDirectory, overwrite);
}
public static String getUserDataDirectory() {
if (externalFilesDir == null) {
File _externalFilesDir = JStockApplication.instance().getExternalFilesDir(null);
externalFilesDir = _externalFilesDir;
if (externalFilesDir == null) {
return null;
}
}
return toEndWithFileSeperator(externalFilesDir.toString()) + getApplicationVersionString() + File.separator;
}
private static String toEndWithFileSeperator(String string) {
if (string.endsWith(File.separator)) {
return string;
}
return string + File.separator;
}
public static String getApplicationVersionString() {
return "1.0.7";
}
Based on the posed source code, do you have any guess reason, why "Zip Path Traversal Vulnerability" happens only in Android 11? I use emulator Android 11 but not able to reproduce the problem.
Where does the zip file come from?
The zip file comes from 2 places
Bundled with APK as shown in below screenshot
We use the following code to extract it during runtime.
private void initPreloadDatabase(boolean overWrite) {
AssetManager assetManager = getResources().getAssets();
InputStream inputStream = null;
try {
inputStream = assetManager.open("database" + File.separator + "database.zip");
} catch (IOException e) {
Log.e(TAG, "", e);
}
if (inputStream != null) {
org.yccheok.jstock.gui.Utils.extractZipFile(inputStream, overWrite);
}
}
Another zip file is downloaded from
https://raw.githubusercontent.com/yccheok/jstock/master/appengine/jstock-android-static/war/stocks_information/unitedstate/stocks.zip
In Utils.getUserDataDirectory() function use:
getFilesDir().getCanonicalFile()
instead of
getExternalFilesDir()
I have A big file and i want to upload that in Server side. it's very important when occured any problem (like interrupting the internet or power cut ...) if i retry to upload, file uploaded from resume and doesn't need to send file from beginning.
I try this approach with sending file chunks but it seems that's not a good way, because a send chunks(byte arrays) directly in response Entity and this isn't good idea.
whatever if anybody can develop this approach and make this code a better code with better performance i appreciate that. does anybody known Best practice way to doing that??
and if u like my code, vote me
thanks :)
RestController
#RestController
#RequestMapping("/files")
public class Controller {
#Autowired
private MyService service;
#PutMapping("/upload/resume")
public Mono<ResponseEntity> uploadWithResume(#RequestPart("chunk")byte[] chunk,
#RequestPart("fileName")String fileName,
#RequestParam("length")Long length
) throws ParseException {
try {
return service.fileResumeUpload(chunk, fileName, length);
} catch (IOException e) {
e.printStackTrace();
return Mono.just(ResponseEntity.status(HttpStatus.PERMANENT_REDIRECT).build());
}
}
#RequestMapping(value = "/get/uploaded/size", method = RequestMethod.HEAD)
public Mono<ResponseEntity> getUploadedSize(#RequestParam("fileName") String fileName) throws IOException {
if (Files.exists(Paths.get("src/main/resources/" + fileName))) {
String size = String.valueOf(Files.size(Paths.get("src/main/resources/" + fileName)));
return Mono.just(ResponseEntity.ok()
.header("upload-offset", size)
.build());
} else{
return Mono.just(ResponseEntity.notFound()
.header("upload-offset" , "0").build());
}
}
}
Service
public Mono<ResponseEntity> fileResumeUpload(byte[] chunk , String fileName,long length) throws IOException, ParseException {
BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream("src/main/resources/" + fileName, true));
boolean uploaded = true;
try {
out.write(chunk);
} catch (IOException e) {
uploaded = false;
System.err.println("io exception");
} finally {
if (uploaded) {
out.close();
return Mono.just(ResponseEntity.ok()
.header("expiration-date", getExpirationDate())
.build());
} else {
out.close();
return Mono.just(ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build());
}
}
}
Sending chunks with webTestClient
#Test
public void test1_upload_Expected_200StatusCode(){
try {
String fileName = "film.mkv";
RandomAccessFile raf = new RandomAccessFile(new File("src/test/resources/" + fileName), "rw");
long realSize = raf.length();
List<String> strings = webTestClient.head().uri("/files/get/uploaded/size?fileName=" + fileName)
.exchange().expectBody().returnResult().getResponseHeaders().get("upload-offset");
long uploadedSize = Long.valueOf(strings.get(0));
boolean f = false;
int sizeBuffer = 256 * 1024;
byte[] buffer = new byte[sizeBuffer];
MultiValueMap<String, Object> formData;
WebTestClient.ResponseSpec exchange = null;
System.out.println("first uploaded Size ; " + uploadedSize);
raf.seek(uploadedSize);
while (raf.read(buffer) != -1) {
formData = new LinkedMultiValueMap<>();
formData.add("fileName", fileName);
formData.add("chunk", buffer);
formData.add("length", realSize);
exchange = webTestClient.put().uri("/files/upload/resume")
.contentType(MediaType.MULTIPART_FORM_DATA)
.body(BodyInserters.fromMultipartData(formData))
.exchange();
exchange.expectStatus().isOk();
if (exchange.expectBody().returnResult().getStatus().is5xxServerError()) {
return;
}
if (uploadedSize + 256 * 1024 > realSize) {
sizeBuffer = ((int) (realSize - uploadedSize));
System.out.println(sizeBuffer);
uploadedSize = uploadedSize + sizeBuffer;
System.out.println(uploadedSize);
buffer = new byte[sizeBuffer];
f=true;
} else uploadedSize = uploadedSize + sizeBuffer;
if (f) System.out.println(uploadedSize);
//System.out.println(uploadedSize);
float percent = ((float) uploadedSize / realSize * 100);
System.out.format("%.2f\n", percent);
}
if (exchange!=null)
exchange.expectStatus().isOk();
}
catch (Exception e){
e.printStackTrace();
System.err.println("channel closed!!!");
}
}
I make simple application using commons-net-3.1 library
I want download file from FTP server, but downloaded file's size is 0
This file name is mixed english, symbol(like "-", "_", etc...), other language(like korean, japanese, etc...).
How to solve this problum? T.T
Here is code
/**
* download file. it works thread
*
* #param source
* file path witch is remote path
* #param destination
* file path witch is saving local memory
*/
public void downloadFile(String source, String destination) {
DownloadTempFile download = new DownloadTempFile(source, destination);
download.setDaemon(true);
download.start();
}
class DownloadTempFile extends Thread {
String source, destination;
public DownloadTempFile(String source, String destination) {
this.source = source;
this.destination = destination;
}
public void run() {
OutputStream output = null;
try {
File local = new File(destination);
output = new FileOutputStream(local);
ftpClient.retrieveFile(source, output);
} catch (Exception e) {
// TODO: handle exception
}
}
}
and, this code is call upper method
String tempPath = mSDpath + "/mgtec/temp";
File d = new File(tempPath);
if (d.isDirectory()) {
String tempFile = tempPath + "/tmp" + position + ".mp3";
NativeMusicAppActivity.mConnector.downloadFile(mAdapter
.getItem(position).toString(), tempFile);
} else {
if (d.mkdirs()) {
String tempFile = tempPath + "/tmp" + position + ".mp3";
NativeMusicAppActivity.mConnector.downloadFile(mAdapter
.getItem(position).toString(), tempFile);
}
}
Im making a backup program, and I want everything that i have the program backing up displayed on a JTextArea. well, it works, but only after the program is finished with the backup. How do i fix this? The code i have running this is here:
backup method
public void startBackup() throws Exception {
// txtarea is the JTextArea
Panel.txtArea.append("Starting Backup...\n");
for (int i = 0; i < al.size(); i++) {
//al is an ArrayList that holds all of the backup assignments selected
// from the JFileChooser
File file = new File((String) al.get(i));
File directory = new File(dir);
CopyFolder.copyFolder(file, directory);
}
}
Copy Folder class:
public class CopyFolder {
public static void copyFolder(File src, File dest) throws IOException {
if (src.isDirectory()) {
// if directory not exists, create it
if (!dest.exists()) {
dest.mkdir();
Panel.txtArea.append("Folder " + src.getName()
+ " was created\n");
}
// list all the directory contents
String files[] = src.list();
for (String file : files) {
// construct the src and dest file structure
File srcFile = new File(src, file);
File destFile = new File(dest, file);
// recursive copy
copyFolder(srcFile, destFile);
}
} else {
try {
CopyFile.copyFile(src, dest);
} catch (Exception e) {
}
}
}
}
CopyFile class
public class CopyFile {
public static void copyFile(File src, File dest) throws Exception {
// if file, then copy it
// Use bytes stream to support all file types
InputStream in = new FileInputStream(src);
OutputStream out = new FileOutputStream(dest);
byte[] buffer = new byte[1024];
int length;
// copy the file content in bytes
while ((length = in.read(buffer)) > 0) {
out.write(buffer, 0, length);
}
in.close();
out.close();
// System.out.println("File copied from " + src + " to " + dest);
Panel.txtArea.append("File copied " + src.getName() + "\n");
}
}
Thanks for the help in advance, and let me know of any assistance i can give. I did a google search on this, and it does seem to be a big problem, but i just cant think of how to fix it. Oh, and please dont downvote this just because it doesnt apply to you, its very aggravating. Thanks in advance again!
EDIT:
This is what i got:
public class test extends SwingWorker<Void, String> {
String txt;
JTextArea txtArea = null;
public test(JTextArea txtArea, String str) {
txt = str;
this.txtArea = txtArea;
}
protected Void doInBackground() throws Exception {
return null;
}
protected void process(String str) {
txtArea.append(str);
}
protected void getString() {
publish(txt);
}
}
The main problem you're having is you're trying to perform blocking actions in the Event Dispatching Thread. This will prevent the UI from been updated as repaint requests are not reaching the repaint manager until AFTER you've finished.
To over come this, you're going to need to off load the blocking work (ie the back up process) to a separate thread.
For this I suggest you have a read through the Concurrency in Swing Trail which will provide you with some useful strategies to solve your particular problem. In particular, you'll probably benifit from using a SwingWorker
Take a close look at doInBackground and the process methods
UPDATED with Example
Okay, so this is a REALLY simple example. This basically walks you C:\ drive to 3 directories deep and dumps the content to the supplied JTextArea
public class BackgroundWorker extends SwingWorker<Object, File> {
private JTextArea textArea;
public BackgroundWorker(JTextArea textArea) {
this.textArea = textArea;
}
#Override
protected Object doInBackground() throws Exception {
list(new File("C:\\"), 0);
return null;
}
#Override
protected void process(List<File> chunks) {
for (File file : chunks) {
textArea.append(file.getPath() + "\n");
}
textArea.setCaretPosition(textArea.getText().length() - 1);
}
protected void list(File path, int level) {
if (level < 4) {
System.out.println(level + " - Listing " + path);
File[] files = path.listFiles(new FileFilter() {
#Override
public boolean accept(File pathname) {
return pathname.isFile();
}
});
publish(path);
for (File file : files) {
System.out.println(file);
publish(file);
}
files = path.listFiles(new FileFilter() {
#Override
public boolean accept(File pathname) {
return pathname.isDirectory() && !pathname.isHidden();
}
});
for (File folder : files) {
list(folder, level + 1);
}
}
}
}
You would simply call new BackgroundWorker(textField).execute() and walk away :D
UPDATED with explicit example
public class BackgroundWorker extends SwingWorker<Object, String> {
private JTextArea textArea;
private File sourceDir;
private File destDir;
public BackgroundWorker(JTextArea textArea, File sourceDir, File destDir) {
this.textArea = textArea;
this.sourceDir = sourceDir;
this.destDir = destDirl
}
#Override
protected Object doInBackground() throws Exception {
if (sourceDir.isDirectory()) {
// if directory not exists, create it
if (!destDir.exists()) {
destDir.mkdir();
publish("Folder " + sourceDir.getName() + " was created");
}
// list all the directory contents
String files[] = sourceDir.list();
for (String file : files) {
// construct the src and dest file structure
File srcFile = new File(sourceDir, file);
File destFile = new File(destDir, file);
// recursive copy
copyFolder(srcFile, destFile);
}
} else {
try {
copyFile(sourceDir, destDir);
} catch (Exception e) {
}
}
return null;
}
public void copyFolder(File src, File dest) throws IOException {
if (src.isDirectory()) {
// if directory not exists, create it
if (!dest.exists()) {
publish("Folder " + src.getName() + " was created");
}
// list all the directory contents
String files[] = src.list();
for (String file : files) {
// construct the src and dest file structure
File srcFile = new File(src, file);
File destFile = new File(dest, file);
// recursive copy
copyFolder(srcFile, destFile);
}
} else {
try {
copyFile(src, dest);
} catch (Exception e) {
}
}
}
public void copyFile(File src, File dest) throws Exception {
// if file, then copy it
// Use bytes stream to support all file types
InputStream in = new FileInputStream(src);
OutputStream out = new FileOutputStream(dest);
byte[] buffer = new byte[1024];
int length;
// copy the file content in bytes
while ((length = in.read(buffer)) > 0) {
out.write(buffer, 0, length);
}
in.close();
out.close();
publish("File copied " + src.getName());
}
#Override
protected void process(List<String> chunks) {
for (String msg : chunks) {
textArea.append(msg + "\n");
}
textArea.setCaretPosition(textArea.getText().length() - 1);
}
}
Now to run...
new BackgroundWorker(textArea, sourceDir, destDir).execute();
I am using this gwt upload system here(http://code.google.com/p/gwtupload/). I am getting some problems with it.
Show to feed it with a path from the client
Get the path on the server where the file was saved
set a path on the server where the file is to be saved
This the servlet to handle the file upload
public class SampleUploadServlet extends UploadAction {
private static final long serialVersionUID = 1L;
Hashtable<String, String> receivedContentTypes = new Hashtable<String, String>();
/**
* Maintain a list with received files and their content types.
*/
Hashtable<String, File> receivedFiles = new Hashtable<String, File>();
/**
* Override executeAction to save the received files in a custom place
* and delete this items from session.
*/
#Override
public String executeAction(HttpServletRequest request, List<FileItem> sessionFiles) throws UploadActionException {
String response = "";
int cont = 0;
for (FileItem item : sessionFiles) {
if (false == item.isFormField()) {
cont ++;
try {
/// Create a new file based on the remote file name in the client
// String saveName = item.getName().replaceAll("[\\\\/><\\|\\s\"'{}()\\[\\]]+", "_");
// File file =new File("/tmp/" + saveName);
/// Create a temporary file placed in /tmp (only works in unix)
// File file = File.createTempFile("upload-", ".bin", new File("/tmp"));
/// Create a temporary file placed in the default system temp folder
File file = File.createTempFile("upload-", ".bin");
item.write(file);
/// Save a list with the received files
receivedFiles.put(item.getFieldName(), file);
receivedContentTypes.put(item.getFieldName(), item.getContentType());
/// Compose a xml message with the full file information which can be parsed in client side
response += "<file-" + cont + "-field>" + item.getFieldName() + "</file-" + cont + "-field>\n";
response += "<file-" + cont + "-name>" + item.getName() + "</file-" + cont + "-name>\n";
response += "<file-" + cont + "-size>" + item.getSize() + "</file-" + cont + "-size>\n";
response += "<file-" + cont + "-type>" + item.getContentType()+ "</file-" + cont + "type>\n";
} catch (Exception e) {
throw new UploadActionException(e);
}
}
}
/// Remove files from session because we have a copy of them
removeSessionFileItems(request);
/// Send information of the received files to the client.
return "<response>\n" + response + "</response>\n";
}
/**
* Get the content of an uploaded file.
*/
#Override
public void getUploadedFile(HttpServletRequest request, HttpServletResponse response) throws IOException {
String fieldName = request.getParameter(PARAM_SHOW);
File f = receivedFiles.get(fieldName);
if (f != null) {
response.setContentType(receivedContentTypes.get(fieldName));
FileInputStream is = new FileInputStream(f);
copyFromInputStreamToOutputStream(is, response.getOutputStream());
} else {
renderXmlResponse(request, response, ERROR_ITEM_NOT_FOUND);
}
}
/**
* Remove a file when the user sends a delete request.
*/
#Override
public void removeItem(HttpServletRequest request, String fieldName) throws UploadActionException {
File file = receivedFiles.get(fieldName);
receivedFiles.remove(fieldName);
receivedContentTypes.remove(fieldName);
if (file != null) {
file.delete();
}
}
}
Thanks
Try with this:
public String executeAction(HttpServletRequest request, List<FileItem> sessionFiles) throws UploadActionException {
for (FileItem item : sessionFiles) {
if (false == item.isFormField()) {
String uploadedFileName = "";
try {
String uploadsDir = "/uploads";
File dirFile = new File(uploadsDir);
dirFile.mkdirs();
String filename = FilenameUtils.getName(item.getName()); // uploaded file filename
File file = new File(uploadsDir, filename);
item.write(file);
uploadedFileName = uploadsDir + "/" + filename;
} catch (Exception e) {
logger.error("ERROR UPLOADING FILE: " + uploadedFileName + ", Exception: " + e);
throw new UploadActionException(e.getMessage());
}
}
removeSessionFileItems(request);
}
return null;
}
Happy coding!
Regards.