Merge pull request #131 from UniVE-SSV/file-path-sanitization

Filename sanitization for `FileManager`

Author: pietroferrara

lisa/lisa-sdk/src/main/java/it/unive/lisa/util/file/FileManager.java

@@ -7,6 +7,7 @@
 import java.io.Writer;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Paths;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.TreeSet;
 import org.apache.commons.io.FileUtils;
@@ -60,6 +61,24 @@ public void mkOutputFile(String name, WriteAction filler) throws IOException {
 		mkOutputFile(name, false, filler);
 	}
 
+	/**
+	 * Creates a UTF-8 encoded file with the given name. If name is a path, all
+	 * missing directories will be created as well. The given name will be
+	 * joined with the workdir used to initialize this file manager, thus
+	 * raising an exception if {@code name} is absolute. {@code filler} will
+	 * then be used to write to the writer.
+	 * 
+	 * @param path   the sub-path, relative to the workdir, where the file
+	 *                   should be created
+	 * @param name   the name of the file to create
+	 * @param filler the callback to write to the file
+	 * 
+	 * @throws IOException if something goes wrong while creating the file
+	 */
+	public void mkOutputFile(String path, String name, WriteAction filler) throws IOException {
+		mkOutputFile(path, name, false, filler);
+	}
+
 	/**
 	 * Creates a UTF-8 encoded file with the given name, appending the
 	 * {@code dot} extension. If name is a path, all missing directories will be
@@ -78,6 +97,26 @@ public void mkDotFile(String name, WriteAction filler) throws IOException {
 		mkOutputFile(cleanupForDotFile(name) + ".dot", false, filler);
 	}
 
+	/**
+	 * Creates a UTF-8 encoded file with the given name, appending the
+	 * {@code dot} extension. If name is a path, all missing directories will be
+	 * created as well. The name will be stripped of any characters that might
+	 * cause problems in the file name. The given name will be joined with the
+	 * workdir used to initialize this file manager, thus raising an exception
+	 * if {@code name} is absolute. {@code filler} will then be used to write to
+	 * the writer.
+	 * 
+	 * @param path   the sub-path, relative to the workdir, where the file
+	 *                   should be created
+	 * @param name   the name of the file to create
+	 * @param filler the callback to write to the file
+	 * 
+	 * @throws IOException if something goes wrong while creating the file
+	 */
+	public void mkDotFile(String path, String name, WriteAction filler) throws IOException {
+		mkOutputFile(path, cleanupForDotFile(name) + ".dot", false, filler);
+	}
+
 	/**
 	 * A functional interface for a write operation that can throw
 	 * {@link IOException}s.
@@ -112,20 +151,63 @@ public interface WriteAction {
 	 *                         the file
 	 */
 	public void mkOutputFile(String name, boolean bom, WriteAction filler) throws IOException {
-		File file = new File(workdir, name);
+		mkOutputFile(null, name, bom, filler);
+	}
+
+	/**
+	 * Creates a UTF-8 encoded file with the given name. If name is a path, all
+	 * missing directories will be created as well. The given name will be
+	 * joined with the workdir used to initialize this file manager, thus
+	 * raising an exception if {@code name} is absolute. {@code filler} will
+	 * then be used to write to the writer.
+	 * 
+	 * @param path   the sub-path, relative to the workdir, where the file
+	 *                   should be created
+	 * @param name   the name of the file to create
+	 * @param bom    if {@code true}, the bom marker {@code \ufeff} will be
+	 *                   written to the file
+	 * @param filler the callback to write to the file
+	 * 
+	 * @throws IOException if something goes wrong while creating or writing to
+	 *                         the file
+	 */
+	public void mkOutputFile(String path, String name, boolean bom, WriteAction filler) throws IOException {
+		File parent = workdir;
+		if (path != null)
+			parent = new File(workdir, cleanFileName(path, true));
+		File file = new File(parent, cleanFileName(name, false));
 
-		File parent = file.getAbsoluteFile().getParentFile();
 		if (!parent.exists() && !parent.mkdirs())
 			throw new IOException("Unable to create directory structure for " + file);
 
-		createdFiles.add(name);
+		createdFiles.add(workdir.toPath().relativize(file.toPath()).toString());
 		try (Writer writer = new OutputStreamWriter(new FileOutputStream(file), StandardCharsets.UTF_8.newEncoder())) {
 			if (bom)
 				writer.write('\ufeff');
 			filler.perform(writer);
 		}
 	}
 
+	private final static int[] illegalChars = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
+			20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 42, 47, 58, 60, 62, 63, 92, 124 };
+
+	private static String cleanFileName(String name, boolean keepDirSeparator) {
+		// https://stackoverflow.com/questions/1155107/is-there-a-cross-platform-java-method-to-remove-filename-special-chars
+		StringBuilder cleanName = new StringBuilder();
+		int len = name.codePointCount(0, name.length());
+		for (int i = 0; i < len; i++) {
+			int c = name.codePointAt(i);
+			// 57 is / and 92 is \
+			if ((keepDirSeparator && (c == 57 || c == 92))
+					|| Arrays.binarySearch(illegalChars, c) < 0)
+				cleanName.appendCodePoint(c);
+			else
+				cleanName.appendCodePoint('_');
+
+		}
+		return cleanName.toString();
+	}
+
 	private static String cleanupForDotFile(String name) {
 		String result = name.replace(' ', '_');
 		result = result.replace("::", ".");

lisa/lisa-sdk/src/test/java/it/unive/lisa/util/file/FileManagerTest.java

@@ -1,5 +1,6 @@
 package it.unive.lisa.util.file;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 
 import java.io.File;
@@ -50,8 +51,9 @@ public void testDeleteEmptyFolder() {
 	@Test
 	public void testCreateFile() {
 		FileManager manager = new FileManager(TESTDIR);
+		String name = "foo.txt";
 		try {
-			manager.mkOutputFile("foo.txt", w -> w.write("foo"));
+			manager.mkOutputFile(name, w -> w.write("foo"));
 		} catch (IOException e) {
 			e.printStackTrace();
 			fail("The file has not been created");
@@ -61,16 +63,20 @@ public void testCreateFile() {
 		if (!dir.exists())
 			fail("The working directory has not been created");
 
-		File file = new File(dir, "foo.txt");
+		File file = new File(dir, name);
 		if (!file.exists())
 			fail("The file has not been created");
+
+		assertEquals("FileManager did not track the correct number of files", manager.createdFiles().size(), 1);
+		assertEquals("FileManager did not track the created file", manager.createdFiles().iterator().next(), name);
 	}
 
 	@Test
 	public void testCreateFileWithBom() {
 		FileManager manager = new FileManager(TESTDIR);
+		String name = "foo.txt";
 		try {
-			manager.mkOutputFile("foo.txt", true, w -> w.write("foo"));
+			manager.mkOutputFile(name, true, w -> w.write("foo"));
 		} catch (IOException e) {
 			e.printStackTrace();
 			fail("The file has not been created");
@@ -80,16 +86,19 @@ public void testCreateFileWithBom() {
 		if (!dir.exists())
 			fail("The working directory has not been created");
 
-		File file = new File(dir, "foo.txt");
+		File file = new File(dir, name);
 		if (!file.exists())
 			fail("The file has not been created");
+
+		assertEquals("FileManager did not track the correct number of files", manager.createdFiles().size(), 1);
+		assertEquals("FileManager did not track the created file", manager.createdFiles().iterator().next(), name);
 	}
 
 	@Test
 	public void testCreateFileInSubfolder() {
 		FileManager manager = new FileManager(TESTDIR);
 		try {
-			manager.mkOutputFile("sub/foo.txt", w -> w.write("foo"));
+			manager.mkOutputFile("sub", "foo.txt", w -> w.write("foo"));
 		} catch (IOException e) {
 			e.printStackTrace();
 			fail("The file has not been created");
@@ -106,6 +115,10 @@ public void testCreateFileInSubfolder() {
 		File file = new File(sub, "foo.txt");
 		if (!file.exists())
 			fail("The file has not been created");
+
+		assertEquals("FileManager did not track the correct number of files", manager.createdFiles().size(), 1);
+		assertEquals("FileManager did not track the created file", manager.createdFiles().iterator().next(),
+				"sub" + File.separatorChar + "foo.txt");
 	}
 
 	@Test
@@ -125,5 +138,55 @@ public void testDotFileNameSanitization() {
 		File file = new File(dir, "foo()__bar.jar.dot");
 		if (!file.exists())
 			fail("The file has not been created");
+
+		assertEquals("FileManager did not track the correct number of files", manager.createdFiles().size(), 1);
+		assertEquals("FileManager did not track the created file", manager.createdFiles().iterator().next(),
+				file.getName());
+	}
+
+	@Test
+	public void testFileNameWithUnixSlashes() {
+		FileManager manager = new FileManager(TESTDIR);
+		try {
+			manager.mkOutputFile("foo/bar.txt", w -> w.write("foo"));
+		} catch (IOException e) {
+			e.printStackTrace();
+			fail("The file has not been created");
+		}
+
+		File dir = new File(TESTDIR);
+		if (!dir.exists())
+			fail("The working directory has not been created");
+
+		File file = new File(dir, "foo_bar.txt");
+		if (!file.exists())
+			fail("The file has not been created");
+
+		assertEquals("FileManager did not track the correct number of files", manager.createdFiles().size(), 1);
+		assertEquals("FileManager did not track the created file", manager.createdFiles().iterator().next(),
+				file.getName());
+	}
+
+	@Test
+	public void testFileNameWithWindowsSlashes() {
+		FileManager manager = new FileManager(TESTDIR);
+		try {
+			manager.mkOutputFile("foo\\bar.txt", w -> w.write("foo"));
+		} catch (IOException e) {
+			e.printStackTrace();
+			fail("The file has not been created");
+		}
+
+		File dir = new File(TESTDIR);
+		if (!dir.exists())
+			fail("The working directory has not been created");
+
+		File file = new File(dir, "foo_bar.txt");
+		if (!file.exists())
+			fail("The file has not been created");
+
+		assertEquals("FileManager did not track the correct number of files", manager.createdFiles().size(), 1);
+		assertEquals("FileManager did not track the created file", manager.createdFiles().iterator().next(),
+				file.getName());
 	}
 }