Example #1
0
  /**
   * Copies a source file to a destination file, optionally preserving the source's last
   * modification time. We already have an input stream to read the source file, but we know nothing
   * about the destination file yet. Note that this method <em>never</em> closes the given input
   * stream!
   *
   * @throws FileNotFoundException If either the source or the destination cannot get accessed.
   * @throws InputIOException If copying the data fails because of an IOException in the source.
   * @throws IOException If copying the data fails because of an IOException in the destination.
   */
  private static void cp0(
      final boolean preserve, final java.io.File src, final InputStream in, final java.io.File dst)
      throws IOException {
    try {
      if (dst instanceof File) {
        final File dstFile = (File) dst;
        dstFile.ensureNotVirtualRoot("cannot write");
        final String dstEntryName = dstFile.getEnclEntryName();
        if (dstEntryName != null) {
          cp0(preserve, src, in, dstFile.getEnclArchive().getArchiveController(), dstEntryName);
          return;
        }
      }
    } catch (RfsEntryFalsePositiveException dstIsNotArchive) {
    }

    // Treat the destination like a regular file.
    final OutputStream out = new java.io.FileOutputStream(dst);
    try {
      Streams.cat(in, out);
    } finally {
      out.close();
    }
    if (preserve && !dst.setLastModified(src.lastModified()))
      throw new IOException(dst.getPath() + " (cannot preserve last modification time)");
  }
Example #2
0
 /** @see File#cp(InputStream, OutputStream) */
 public static void cp(final InputStream in, final OutputStream out) throws IOException {
   try {
     try {
       Streams.cat(in, out);
     } finally {
       out.close();
     }
   } finally {
     try {
       in.close();
     } catch (IOException ex) {
       throw new InputIOException(ex);
     }
   }
 }
  public void writeLandingPage(HttpServletRequest request, HttpServletResponse response)
      throws IOException {
    String landingPage = getNewTokenLandingPage();

    /** default to current page * */
    if (landingPage == null) {
      StringBuilder sb = new StringBuilder();

      sb.append(request.getContextPath());
      sb.append(request.getServletPath());

      landingPage = sb.toString();
    }

    /** create auto posting form * */
    StringBuilder sb = new StringBuilder();

    sb.append("<html>\r\n");
    sb.append("<head>\r\n");
    sb.append("<title>OWASP CSRFGuard Project - New Token Landing Page</title>\r\n");
    sb.append("</head>\r\n");
    sb.append("<body>\r\n");
    sb.append("<script type=\"text/javascript\">\r\n");
    sb.append("var form = document.createElement(\"form\");\r\n");
    sb.append("form.setAttribute(\"method\", \"post\");\r\n");
    sb.append("form.setAttribute(\"action\", \"");
    sb.append(landingPage);
    sb.append("\");\r\n");

    /** only include token if needed * */
    if (isProtectedPage(landingPage)) {
      sb.append("var hiddenField = document.createElement(\"input\");\r\n");
      sb.append("hiddenField.setAttribute(\"type\", \"hidden\");\r\n");
      sb.append("hiddenField.setAttribute(\"name\", \"");
      sb.append(getTokenName());
      sb.append("\");\r\n");
      sb.append("hiddenField.setAttribute(\"value\", \"");
      sb.append(getTokenValue(request, landingPage));
      sb.append("\");\r\n");
      sb.append("form.appendChild(hiddenField);\r\n");
    }

    sb.append("document.body.appendChild(form);\r\n");
    sb.append("form.submit();\r\n");
    sb.append("</script>\r\n");
    sb.append("</body>\r\n");
    sb.append("</html>\r\n");

    String code = sb.toString();

    /** setup headers * */
    response.setContentType("text/html");
    response.setContentLength(code.length());

    /** write auto posting form * */
    OutputStream output = null;
    PrintWriter writer = null;

    try {
      output = response.getOutputStream();
      writer = new PrintWriter(output);

      writer.write(code);
      writer.flush();
    } finally {
      Writers.close(writer);
      Streams.close(output);
    }
  }
Example #4
0
  /**
   * Copies a source file to a destination file, optionally preserving the source's last
   * modification time. We already have an input stream to read the source file and the destination
   * appears to be an entry in an archive file. Note that this method <em>never</em> closes the
   * given input stream!
   *
   * <p>Note that this method synchronizes on the class object in order to prevent dead locks by two
   * threads copying archive entries to the other's source archive concurrently!
   *
   * @throws FalsePositiveException If the destination is a false positive and the exception cannot
   *     get resolved within this method.
   * @throws InputIOException If copying the data fails because of an IOException in the source.
   * @throws IOException If copying the data fails because of an IOException in the destination.
   */
  static final void cp0(
      final boolean preserve,
      final java.io.File src,
      final InputStream in,
      final ArchiveController dstController,
      final String dstEntryName)
      throws IOException {
    // Do not assume anything about the lock status of the controller:
    // This method may be called from a subclass while a lock is acquired!
    // assert !dstController.readLock().isLocked();
    // assert !dstController.writeLock().isLocked();

    try {
      class OStreamCreator implements IORunnable {
        OutputStream out; // = null;

        public void run() throws IOException {
          // Update controller.
          // This may invalidate the file system object, so it must be
          // done first in case srcController and dstController are the
          // same!
          dstController.autoUmount(dstEntryName);

          final boolean lenient = File.isLenient();

          // Get source archive entry.
          final ArchiveEntry srcEntry = new RfsEntry(src);

          // Get destination archive entry.
          final ArchiveFileSystem dstFileSystem = dstController.autoMount(lenient);
          final Delta delta = dstFileSystem.link(dstEntryName, lenient, preserve ? srcEntry : null);
          final ArchiveEntry dstEntry = delta.getEntry();

          // Create output stream.
          out = dstController.createOutputStream(dstEntry, srcEntry);

          // Now link the destination entry into the file system.
          delta.commit();
        }
      }

      // Create the output stream while the destination controller is
      // write locked.
      final OStreamCreator stream = new OStreamCreator();
      dstController.runWriteLocked(stream);
      final OutputStream out = stream.out;

      // Finally copy the entry data.
      try {
        Streams.cat(in, out);
      } finally {
        out.close();
      }
    } catch (ArchiveEntryFalsePositiveException ex) {
      assert dstController == ex.getController();
      // Reroute call to the destination's enclosing ArchiveController.
      cp0(
          preserve,
          src,
          in,
          dstController.getEnclController(),
          dstController.enclEntryName(dstEntryName));
    }
  }