github-advanced-security[bot] commented on code in PR #725:
URL:
https://github.com/apache/hugegraph-toolchain/pull/725#discussion_r3079052674
##########
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/load/FileUploadController.java:
##########
@@ -261,31 +284,154 @@
HubbleOptions.UPLOAD_FILE_FORMAT_LIST);
Ex.check(formatWhiteList.contains(format),
"load.upload.file.format.unsupported");
+ }
+
+ private FileMapping reserveUploadQuota(int connId, int jobId,
+ String fileName, String filePath,
+ Long sourceFileSize) {
+ JobManager currentJob = this.jobService.get(jobId);
+ Ex.check(currentJob != null, "job-manager.not-exist.id", jobId);
+
+ FileMapping mapping = this.service.get(connId, jobId, fileName);
+ Ex.check(mapping == null ||
+ mapping.getFileStatus() == FileMappingStatus.UPLOADING,
+ "load.upload.file.existed", fileName);
+
+ long reservedFileSize = this.resolveReservedFileSize(mapping,
+ sourceFileSize);
+ Integer mappingId = mapping == null ? null : mapping.getId();
+ long reservedUploadingSize = this.sumReservedUploadingSize(jobId,
+ mappingId);
+ this.checkFileSizeLimit(reservedFileSize, currentJob.getJobSize(),
+ reservedUploadingSize);
+
+ if (mapping == null) {
+ mapping = new FileMapping(connId, fileName, filePath);
+ mapping.setJobId(jobId);
+ this.fillUploadingReservation(mapping, reservedFileSize);
+ this.service.save(mapping);
+ return mapping;
+ }
+
+ mapping.setPath(filePath);
+ this.fillUploadingReservation(mapping, reservedFileSize);
+ this.service.update(mapping);
+ return mapping;
+ }
+
+ private Long resolveSourceFileSize(MultipartFile file, Long fileSize,
+ int total, int index) {
+ if (total == 1) {
+ return file.getSize();
+ }
+ if (fileSize != null) {
+ return fileSize;
+ }
+ if (index == 0) {
+ return this.estimateChunkedFileSizeUpperBound(file.getSize(),
+ total);
+ }
+ return null;
+ }
+
+ private void checkFileSizeLimit(long fileSize, long currentJobSize) {
+ this.checkFileSizeLimit(fileSize, currentJobSize, 0L);
+ }
+
+ private void checkFileSizeLimit(long fileSize, long currentJobSize,
+ long reservedUploadingSize) {
+ Ex.check(fileSize > 0L, "load.upload.file.cannot-be-empty");
- long fileSize = file.getSize();
long singleFileSizeLimit = this.config.get(
HubbleOptions.UPLOAD_SINGLE_FILE_SIZE_LIMIT);
Ex.check(fileSize <= singleFileSizeLimit,
"load.upload.file.exceed-single-size",
FileUtils.byteCountToDisplaySize(singleFileSizeLimit));
- // Check is there a file with the same name
- FileMapping oldMapping = this.service.get(connId, jobId, fileName);
- Ex.check(oldMapping == null ||
- oldMapping.getFileStatus() == FileMappingStatus.UPLOADING,
- "load.upload.file.existed", fileName);
-
long totalFileSizeLimit = this.config.get(
HubbleOptions.UPLOAD_TOTAL_FILE_SIZE_LIMIT);
- List<FileMapping> fileMappings = this.service.listAll();
- long currentTotalSize = fileMappings.stream()
- .map(FileMapping::getTotalSize)
- .reduce(0L, (Long::sum));
- Ex.check(fileSize + currentTotalSize <= totalFileSizeLimit,
- "load.upload.file.exceed-single-size",
+ long totalReservedSize = this.safeAdd(this.safeAdd(fileSize,
+ currentJobSize),
+ reservedUploadingSize);
+ Ex.check(totalReservedSize <= totalFileSizeLimit,
+ "load.upload.file.exceed-total-size",
FileUtils.byteCountToDisplaySize(totalFileSizeLimit));
}
+ private long resolveUploadedFileSize(String filePath) {
+ File uploadedFile = new File(filePath);
+ if (!uploadedFile.exists() || !uploadedFile.isFile()) {
Review Comment:
## CodeQL / Uncontrolled data used in path expression
This path depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/hugegraph-toolchain/security/code-scanning/80)
##########
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/load/FileUploadController.java:
##########
@@ -261,31 +284,154 @@
HubbleOptions.UPLOAD_FILE_FORMAT_LIST);
Ex.check(formatWhiteList.contains(format),
"load.upload.file.format.unsupported");
+ }
+
+ private FileMapping reserveUploadQuota(int connId, int jobId,
+ String fileName, String filePath,
+ Long sourceFileSize) {
+ JobManager currentJob = this.jobService.get(jobId);
+ Ex.check(currentJob != null, "job-manager.not-exist.id", jobId);
+
+ FileMapping mapping = this.service.get(connId, jobId, fileName);
+ Ex.check(mapping == null ||
+ mapping.getFileStatus() == FileMappingStatus.UPLOADING,
+ "load.upload.file.existed", fileName);
+
+ long reservedFileSize = this.resolveReservedFileSize(mapping,
+ sourceFileSize);
+ Integer mappingId = mapping == null ? null : mapping.getId();
+ long reservedUploadingSize = this.sumReservedUploadingSize(jobId,
+ mappingId);
+ this.checkFileSizeLimit(reservedFileSize, currentJob.getJobSize(),
+ reservedUploadingSize);
+
+ if (mapping == null) {
+ mapping = new FileMapping(connId, fileName, filePath);
+ mapping.setJobId(jobId);
+ this.fillUploadingReservation(mapping, reservedFileSize);
+ this.service.save(mapping);
+ return mapping;
+ }
+
+ mapping.setPath(filePath);
+ this.fillUploadingReservation(mapping, reservedFileSize);
+ this.service.update(mapping);
+ return mapping;
+ }
+
+ private Long resolveSourceFileSize(MultipartFile file, Long fileSize,
+ int total, int index) {
+ if (total == 1) {
+ return file.getSize();
+ }
+ if (fileSize != null) {
+ return fileSize;
+ }
+ if (index == 0) {
+ return this.estimateChunkedFileSizeUpperBound(file.getSize(),
+ total);
+ }
+ return null;
+ }
+
+ private void checkFileSizeLimit(long fileSize, long currentJobSize) {
+ this.checkFileSizeLimit(fileSize, currentJobSize, 0L);
+ }
+
+ private void checkFileSizeLimit(long fileSize, long currentJobSize,
+ long reservedUploadingSize) {
+ Ex.check(fileSize > 0L, "load.upload.file.cannot-be-empty");
- long fileSize = file.getSize();
long singleFileSizeLimit = this.config.get(
HubbleOptions.UPLOAD_SINGLE_FILE_SIZE_LIMIT);
Ex.check(fileSize <= singleFileSizeLimit,
"load.upload.file.exceed-single-size",
FileUtils.byteCountToDisplaySize(singleFileSizeLimit));
- // Check is there a file with the same name
- FileMapping oldMapping = this.service.get(connId, jobId, fileName);
- Ex.check(oldMapping == null ||
- oldMapping.getFileStatus() == FileMappingStatus.UPLOADING,
- "load.upload.file.existed", fileName);
-
long totalFileSizeLimit = this.config.get(
HubbleOptions.UPLOAD_TOTAL_FILE_SIZE_LIMIT);
- List<FileMapping> fileMappings = this.service.listAll();
- long currentTotalSize = fileMappings.stream()
- .map(FileMapping::getTotalSize)
- .reduce(0L, (Long::sum));
- Ex.check(fileSize + currentTotalSize <= totalFileSizeLimit,
- "load.upload.file.exceed-single-size",
+ long totalReservedSize = this.safeAdd(this.safeAdd(fileSize,
+ currentJobSize),
+ reservedUploadingSize);
+ Ex.check(totalReservedSize <= totalFileSizeLimit,
+ "load.upload.file.exceed-total-size",
FileUtils.byteCountToDisplaySize(totalFileSizeLimit));
}
+ private long resolveUploadedFileSize(String filePath) {
+ File uploadedFile = new File(filePath);
+ if (!uploadedFile.exists() || !uploadedFile.isFile()) {
Review Comment:
## CodeQL / Uncontrolled data used in path expression
This path depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/hugegraph-toolchain/security/code-scanning/79)
##########
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/service/load/FileMappingService.java:
##########
@@ -363,4 +379,71 @@
}
}
}
+
+ private void deletePathIfExists(File path, int mappingId) {
+ if (!path.exists()) {
+ log.info("Skip deleting path {} for mapping {} because it no " +
+ "longer exists", path, mappingId);
+ return;
+ }
+
+ log.info("Prepare to delete directory {}", path);
+ try {
+ FileUtils.forceDelete(path);
Review Comment:
## CodeQL / Uncontrolled data used in path expression
This path depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/hugegraph-toolchain/security/code-scanning/83)
##########
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/service/load/FileMappingService.java:
##########
@@ -363,4 +379,71 @@
}
}
}
+
+ private void deletePathIfExists(File path, int mappingId) {
+ if (!path.exists()) {
Review Comment:
## CodeQL / Uncontrolled data used in path expression
This path depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/hugegraph-toolchain/security/code-scanning/82)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
