Coverage Report - org.apache.commons.fileupload.disk.DiskFileItemFactory
 
Classes in this File Line Coverage Branch Coverage Complexity
DiskFileItemFactory
69%
18/26
50%
1/2
1.091
 
 1  
 /*
 2  
  * Licensed to the Apache Software Foundation (ASF) under one or more
 3  
  * contributor license agreements.  See the NOTICE file distributed with
 4  
  * this work for additional information regarding copyright ownership.
 5  
  * The ASF licenses this file to You under the Apache License, Version 2.0
 6  
  * (the "License"); you may not use this file except in compliance with
 7  
  * the License.  You may obtain a copy of the License at
 8  
  *
 9  
  *      http://www.apache.org/licenses/LICENSE-2.0
 10  
  *
 11  
  * Unless required by applicable law or agreed to in writing, software
 12  
  * distributed under the License is distributed on an "AS IS" BASIS,
 13  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 14  
  * See the License for the specific language governing permissions and
 15  
  * limitations under the License.
 16  
  */
 17  
 package org.apache.commons.fileupload.disk;
 18  
 
 19  
 import java.io.File;
 20  
 
 21  
 import org.apache.commons.fileupload.FileItem;
 22  
 import org.apache.commons.fileupload.FileItemFactory;
 23  
 import org.apache.commons.io.FileCleaningTracker;
 24  
 
 25  
 /**
 26  
  * <p>The default {@link org.apache.commons.fileupload.FileItemFactory}
 27  
  * implementation. This implementation creates
 28  
  * {@link org.apache.commons.fileupload.FileItem} instances which keep their
 29  
  * content either in memory, for smaller items, or in a temporary file on disk,
 30  
  * for larger items. The size threshold, above which content will be stored on
 31  
  * disk, is configurable, as is the directory in which temporary files will be
 32  
  * created.</p>
 33  
  *
 34  
  * <p>If not otherwise configured, the default configuration values are as
 35  
  * follows:</p>
 36  
  * <ul>
 37  
  *   <li>Size threshold is 10KB.</li>
 38  
  *   <li>Repository is the system default temp directory, as returned by
 39  
  *       <code>System.getProperty("java.io.tmpdir")</code>.</li>
 40  
  * </ul>
 41  
  * <p>
 42  
  * <b>NOTE</b>: Files are created in the system default temp directory with
 43  
  * predictable names. This means that a local attacker with write access to that
 44  
  * directory can perform a TOUTOC attack to replace any uploaded file with a
 45  
  * file of the attackers choice. The implications of this will depend on how the
 46  
  * uploaded file is used but could be significant. When using this
 47  
  * implementation in an environment with local, untrusted users,
 48  
  * {@link #setRepository(File)} MUST be used to configure a repository location
 49  
  * that is not publicly writable. In a Servlet container the location identified
 50  
  * by the ServletContext attribute <code>javax.servlet.context.tempdir</code>
 51  
  * may be used.
 52  
  * </p>
 53  
  *
 54  
  * <p>Temporary files, which are created for file items, should be
 55  
  * deleted later on. The best way to do this is using a
 56  
  * {@link FileCleaningTracker}, which you can set on the
 57  
  * {@link DiskFileItemFactory}. However, if you do use such a tracker,
 58  
  * then you must consider the following: Temporary files are automatically
 59  
  * deleted as soon as they are no longer needed. (More precisely, when the
 60  
  * corresponding instance of {@link java.io.File} is garbage collected.)
 61  
  * This is done by the so-called reaper thread, which is started and stopped
 62  
  * automatically by the {@link FileCleaningTracker} when there are files to be
 63  
  * tracked.
 64  
  * It might make sense to terminate that thread, for example, if
 65  
  * your web application ends. See the section on "Resource cleanup"
 66  
  * in the users guide of commons-fileupload.</p>
 67  
  *
 68  
  * @since FileUpload 1.1
 69  
  */
 70  
 public class DiskFileItemFactory implements FileItemFactory {
 71  
 
 72  
     // ----------------------------------------------------- Manifest constants
 73  
 
 74  
     /**
 75  
      * The default threshold above which uploads will be stored on disk.
 76  
      */
 77  
     public static final int DEFAULT_SIZE_THRESHOLD = 10240;
 78  
 
 79  
     // ----------------------------------------------------- Instance Variables
 80  
 
 81  
     /**
 82  
      * The directory in which uploaded files will be stored, if stored on disk.
 83  
      */
 84  
     private File repository;
 85  
 
 86  
     /**
 87  
      * The threshold above which uploads will be stored on disk.
 88  
      */
 89  34
     private int sizeThreshold = DEFAULT_SIZE_THRESHOLD;
 90  
 
 91  
     /**
 92  
      * <p>The instance of {@link FileCleaningTracker}, which is responsible
 93  
      * for deleting temporary files.</p>
 94  
      * <p>May be null, if tracking files is not required.</p>
 95  
      */
 96  
     private FileCleaningTracker fileCleaningTracker;
 97  
 
 98  
     /**
 99  
      * Default content charset to be used when no explicit charset
 100  
      * parameter is provided by the sender.
 101  
      */
 102  34
     private String defaultCharset = DiskFileItem.DEFAULT_CHARSET;
 103  
 
 104  
     // ----------------------------------------------------------- Constructors
 105  
 
 106  
     /**
 107  
      * Constructs an unconfigured instance of this class. The resulting factory
 108  
      * may be configured by calling the appropriate setter methods.
 109  
      */
 110  
     public DiskFileItemFactory() {
 111  23
         this(DEFAULT_SIZE_THRESHOLD, null);
 112  23
     }
 113  
 
 114  
     /**
 115  
      * Constructs a preconfigured instance of this class.
 116  
      *
 117  
      * @param sizeThreshold The threshold, in bytes, below which items will be
 118  
      *                      retained in memory and above which they will be
 119  
      *                      stored as a file.
 120  
      * @param repository    The data repository, which is the directory in
 121  
      *                      which files will be created, should the item size
 122  
      *                      exceed the threshold.
 123  
      */
 124  34
     public DiskFileItemFactory(int sizeThreshold, File repository) {
 125  34
         this.sizeThreshold = sizeThreshold;
 126  34
         this.repository = repository;
 127  34
     }
 128  
 
 129  
     // ------------------------------------------------------------- Properties
 130  
 
 131  
     /**
 132  
      * Returns the directory used to temporarily store files that are larger
 133  
      * than the configured size threshold.
 134  
      *
 135  
      * @return The directory in which temporary files will be located.
 136  
      *
 137  
      * @see #setRepository(java.io.File)
 138  
      *
 139  
      */
 140  
     public File getRepository() {
 141  5
         return repository;
 142  
     }
 143  
 
 144  
     /**
 145  
      * Sets the directory used to temporarily store files that are larger
 146  
      * than the configured size threshold.
 147  
      *
 148  
      * @param repository The directory in which temporary files will be located.
 149  
      *
 150  
      * @see #getRepository()
 151  
      *
 152  
      */
 153  
     public void setRepository(File repository) {
 154  0
         this.repository = repository;
 155  0
     }
 156  
 
 157  
     /**
 158  
      * Returns the size threshold beyond which files are written directly to
 159  
      * disk. The default value is 10240 bytes.
 160  
      *
 161  
      * @return The size threshold, in bytes.
 162  
      *
 163  
      * @see #setSizeThreshold(int)
 164  
      */
 165  
     public int getSizeThreshold() {
 166  5
         return sizeThreshold;
 167  
     }
 168  
 
 169  
     /**
 170  
      * Sets the size threshold beyond which files are written directly to disk.
 171  
      *
 172  
      * @param sizeThreshold The size threshold, in bytes.
 173  
      *
 174  
      * @see #getSizeThreshold()
 175  
      *
 176  
      */
 177  
     public void setSizeThreshold(int sizeThreshold) {
 178  0
         this.sizeThreshold = sizeThreshold;
 179  0
     }
 180  
 
 181  
     // --------------------------------------------------------- Public Methods
 182  
 
 183  
     /**
 184  
      * Create a new {@link org.apache.commons.fileupload.disk.DiskFileItem}
 185  
      * instance from the supplied parameters and the local factory
 186  
      * configuration.
 187  
      *
 188  
      * @param fieldName   The name of the form field.
 189  
      * @param contentType The content type of the form field.
 190  
      * @param isFormField <code>true</code> if this is a plain form field;
 191  
      *                    <code>false</code> otherwise.
 192  
      * @param fileName    The name of the uploaded file, if any, as supplied
 193  
      *                    by the browser or other client.
 194  
      *
 195  
      * @return The newly created file item.
 196  
      */
 197  
     @Override
 198  
     public FileItem createItem(String fieldName, String contentType,
 199  
             boolean isFormField, String fileName) {
 200  2169
         DiskFileItem result = new DiskFileItem(fieldName, contentType,
 201  
                 isFormField, fileName, sizeThreshold, repository);
 202  2169
         result.setDefaultCharset(defaultCharset);
 203  2169
         FileCleaningTracker tracker = getFileCleaningTracker();
 204  2169
         if (tracker != null) {
 205  0
             tracker.track(result.getTempFile(), result);
 206  
         }
 207  2169
         return result;
 208  
     }
 209  
 
 210  
     /**
 211  
      * Returns the tracker, which is responsible for deleting temporary
 212  
      * files.
 213  
      *
 214  
      * @return An instance of {@link FileCleaningTracker}, or null
 215  
      *   (default), if temporary files aren't tracked.
 216  
      */
 217  
     public FileCleaningTracker getFileCleaningTracker() {
 218  2169
         return fileCleaningTracker;
 219  
     }
 220  
 
 221  
     /**
 222  
      * Sets the tracker, which is responsible for deleting temporary
 223  
      * files.
 224  
      *
 225  
      * @param pTracker An instance of {@link FileCleaningTracker},
 226  
      *   which will from now on track the created files, or null
 227  
      *   (default), to disable tracking.
 228  
      */
 229  
     public void setFileCleaningTracker(FileCleaningTracker pTracker) {
 230  0
         fileCleaningTracker = pTracker;
 231  0
     }
 232  
 
 233  
     /**
 234  
      * Returns the default charset for use when no explicit charset
 235  
      * parameter is provided by the sender.
 236  
      * @return the default charset
 237  
      */
 238  
     public String getDefaultCharset() {
 239  0
         return defaultCharset;
 240  
     }
 241  
 
 242  
     /**
 243  
      * Sets the default charset for use when no explicit charset
 244  
      * parameter is provided by the sender.
 245  
      * @param pCharset the default charset
 246  
      */
 247  
     public void setDefaultCharset(String pCharset) {
 248  1
         defaultCharset = pCharset;
 249  1
     }
 250  
 }