Merge pull request #360 from bioinformatics-ua/bug/export-csv-validat…

…e-uuid Validate UUID provided to /exportFile
bioinformatics-ua · Jun 1, 2018 · 9d612ad · 9d612ad
2 parents d4fb840 + ebe2703
commit 9d612ad
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/dicoogle/src/main/java/pt/ua/dicoogle/server/web/servlets/ExportCSVToFILEServlet.java b/dicoogle/src/main/java/pt/ua/dicoogle/server/web/servlets/ExportCSVToFILEServlet.java
@@ -42,6 +42,7 @@
 import pt.ua.dicoogle.core.QueryExpressionBuilder;
 import pt.ua.dicoogle.core.query.ExportToCSVQueryTask;
 import pt.ua.dicoogle.plugins.PluginController;
+import pt.ua.dicoogle.server.web.utils.ResponseUtil;
 
 public class ExportCSVToFILEServlet extends HttpServlet {
 	private static final Logger logger = LoggerFactory.getLogger(ExportCSVToFILEServlet.class);
@@ -59,13 +60,22 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
 		String uid = req.getParameter("UID");
 		if(uid == null){
-			resp.sendError(401, "No Query UID Supplied: Please fill the field \"UID\"");
+			ResponseUtil.sendError(resp, 400, "No query UID Supplied: Please provide the field \"UID\"");
 			return;
 		}
-
+
+		// validate UUID
+		try {
+			UUID.fromString(uid);
+		} catch (IllegalArgumentException ex) {
+			ResponseUtil.sendError(resp, 400, "Illegal UUID supplied");
+			return;
+		}	
+
 		File tmpFile = new File(tempDirectory, "QueryResultsExport-"+uid);
-		if(!tmpFile.exists()){
-			resp.sendError(402, "The file for the given uid was not found. Please try again...");
+		logger.debug("Reading temporary CSV file: {}", tmpFile);
+		if(!tmpFile.exists()) {
+			ResponseUtil.sendError(resp, 404, "The file for the given UID was not found.");
 			return; 
 		}
 
@@ -96,15 +106,15 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
 		try {
 			queryString = req.getParameter("query");
 			if (queryString == null) {
-				resp.sendError(402,
+				ResponseUtil.sendError(resp, 400,
 						"QueryString not supplied: Please fill the field \"query\"");
 				return;
 			}
 
-			System.out.println(req.getParameter("fields"));
-			JSONArray jsonObj = new JSONArray().fromObject(req.getParameter("fields"));
+			logger.debug("{}", req.getParameter("fields"));
+			JSONArray jsonObj = JSONArray.fromObject(req.getParameter("fields"));
 			if (jsonObj.size()== 0) {
-				resp.sendError(403,
+				ResponseUtil.sendError(resp, 400,
 						"No fields supplied: Please fill the field \"extraFields\" in \"JSON\"");
 				return;
 			}
@@ -117,7 +127,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
 
 			arr = req.getParameterValues("providers");
 		} catch (JSONException ex) {
-			resp.sendError(400, "Invalid JSON content");
+			ResponseUtil.sendError(resp, 400, "Invalid JSON content");
 			return;
 		}
 

diff --git a/dicoogle/src/main/java/pt/ua/dicoogle/server/web/utils/ResponseUtil.java b/dicoogle/src/main/java/pt/ua/dicoogle/server/web/utils/ResponseUtil.java
@@ -60,6 +60,7 @@ public static void objectResponse(HttpServletResponse resp, List<Pair> pairs) th
      * @throws IOException if an I/O error occurs
      */
     public static void sendError(HttpServletResponse resp, int code, String message) throws IOException {
+        resp.setContentType("application/json");
         resp.setStatus(code);
         JSONObject obj = new JSONObject();
         obj.put("error", message);