Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KNOWAGE-8144 Update #888

Merged
merged 5 commits into from
Sep 4, 2023
Merged

KNOWAGE-8144 Update #888

merged 5 commits into from
Sep 4, 2023

Conversation

dbulatovicx32
Copy link
Contributor

No longer catching an exception as requested.
Informing the user in case file does not exist.

@dbulatovicx32
KNOWAGE-8144 Update
c0b6a76 
No longer catching an exception as requested.
Informing the user in case file does not exist.
@dbulatovicx32
Update Info Message
8a53567
@dbulatovicx32
Correct Info Message
19d5bd2
davide-zerbetto
davide-zerbetto suggested changes Aug 31, 2023
View reviewed changes
...e/src/main/java/it/eng/spagobi/analiticalmodel/document/service/ManagePreviewFileAction.java Outdated
response.getOutputStream().flush();
} catch (Throwable t) {
logger.error("Error getting file", t);
if (!file.exists()) {
writeBackToClient(404, "Error getting file with name, not found", false, null, "text/plain");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

put "File not found" as message

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated message.

...e/src/main/java/it/eng/spagobi/analiticalmodel/document/service/ManagePreviewFileAction.java Outdated
Comment on lines 86 to 93
FileInputStream fis = new FileInputStream(file);
HttpServletResponse response = getHttpResponse();
response.setHeader("Content-Disposition", "attachment; filename=\"" + file.getName() + "\";");
byte[] content = SpagoBIUtilities.getByteArrayFromInputStream(fis);
response.setContentLength(content.length);
response.getOutputStream().write(content);
response.getOutputStream().flush();

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this part must be inserted within an else block:
if (!file.exists()) {
writeBackToClient...
}{
return file content
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Included said chunk of code to else block.

@davide-zerbetto davide-zerbetto added the security Security related issues label Aug 31, 2023
@dbulatovicx32
Update Condition with Else
7f1650f 
Updated file check with else block so it stops execution in case file is not found.
davide-zerbetto
davide-zerbetto suggested changes Aug 31, 2023
View reviewed changes
...e/src/main/java/it/eng/spagobi/analiticalmodel/document/service/ManagePreviewFileAction.java Outdated
if (!file.exists()) {
writeBackToClient(404, "File not found.", false, null, "text/plain");
} else {
FileInputStream fis = new FileInputStream(file);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You removed the try-with-resources block, stream will stay open intead of being closed (every stream must be closed).
Use:
try (FileInputStream fis = new FileInputStream(file)) {
HttpServletResponse response = getHttpResponse();
response.setHeader("Content-Disposition", "attachment; filename="" + file.getName() + "";");
byte[] content = SpagoBIUtilities.getByteArrayFromInputStream(fis);
response.setContentLength(content.length);
response.getOutputStream().write(content);
response.getOutputStream().flush();
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrapped the code with try block.

@dbulatovicx32
Wrapped with Try block
b5d175c 
Wrapped requested code with try block.
@davide-zerbetto davide-zerbetto merged commit 46a4689 into KnowageLabs:master Sep 4, 2023
1 check passed
@github-actions github-actions bot locked and limited conversation to collaborators Sep 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@davide-zerbetto davide-zerbetto davide-zerbetto approved these changes

Assignees
No one assigned
Labels
security Security related issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dbulatovicx32 @davide-zerbetto