Add compliant and noncompliant examples of java/unrestricted-file-upload@v1.0

karmakri · karmakri · commit b325b1a3c0a2 · 2023-12-14T20:11:09.000+05:30
diff --git a/src/java/detectors/unrestricted_file_upload/UnrestrictedFileUpload.java b/src/java/detectors/unrestricted_file_upload/UnrestrictedFileUpload.java
@@ -12,11 +12,14 @@
 import java.util.HashMap;
 import org.springframework.util.StringUtils;
 import javax.servlet.ServletException;
+import javax.servlet.http.Part;
+import java.nio.file.Files;
+import java.nio.file.StandardCopyOption;
 
 public class UnrestrictedFileUpload {
 
     // {fact rule=unrestricted-file-upload@v1.0 defects=1}
-    public void unrestrictedFileUploadNoncompliant(HttpServletRequest request) {
+    public void unrestrictedFileUploadNoncompliant(HttpServletRequest request, HttpServletResponse response) throws IOException {
         Part filePart = request.getPart("fileToUpload");
         InputStream fileInputStream = filePart.getInputStream();
         // Noncompliant: the uploaded file can have any extension.
@@ -27,7 +30,7 @@ public void unrestrictedFileUploadNoncompliant(HttpServletRequest request) {
     // {/fact}
 
     // {fact rule=unrestricted-file-upload@v1.0 defects=0}
-    public void unrestrictedFileUploadCompliant(HttpServletRequest request, HttpServletResponse response) {
+    public void unrestrictedFileUploadCompliant(HttpServletRequest request, HttpServletResponse response) throws IOException {
         Part filePart = request.getPart("fileToUpload");
         // Compliant: the uploaded file must have one of the allowed extensions.
         if (filePart.getSubmittedFileName().endsWith(".jpg") || filePart.getSubmittedFileName().endsWith(".png")) {
