Coverage Report - org.apache.commons.fileupload.disk.DiskFileItemFactory
 
Classes in this File Line Coverage Branch Coverage Complexity
DiskFileItemFactory
66%
14/21
50%
1/2
1,111
 
 1  
 /*
 2  
  * Licensed to the Apache Software Foundation (ASF) under one or more
 3  
  * contributor license agreements.  See the NOTICE file distributed with
 4  
  * this work for additional information regarding copyright ownership.
 5  
  * The ASF licenses this file to You under the Apache License, Version 2.0
 6  
  * (the "License"); you may not use this file except in compliance with
 7  
  * the License.  You may obtain a copy of the License at
 8  
  *
 9  
  *      http://www.apache.org/licenses/LICENSE-2.0
 10  
  *
 11  
  * Unless required by applicable law or agreed to in writing, software
 12  
  * distributed under the License is distributed on an "AS IS" BASIS,
 13  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 14  
  * See the License for the specific language governing permissions and
 15  
  * limitations under the License.
 16  
  */
 17  
 package org.apache.commons.fileupload.disk;
 18  
 
 19  
 import java.io.File;
 20  
 
 21  
 import org.apache.commons.fileupload.FileItem;
 22  
 import org.apache.commons.fileupload.FileItemFactory;
 23  
 import org.apache.commons.io.FileCleaningTracker;
 24  
 
 25  
 /**
 26  
  * <p>The default {@link org.apache.commons.fileupload.FileItemFactory}
 27  
  * implementation. This implementation creates
 28  
  * {@link org.apache.commons.fileupload.FileItem} instances which keep their
 29  
  * content either in memory, for smaller items, or in a temporary file on disk,
 30  
  * for larger items. The size threshold, above which content will be stored on
 31  
  * disk, is configurable, as is the directory in which temporary files will be
 32  
  * created.</p>
 33  
  *
 34  
  * <p>If not otherwise configured, the default configuration values are as
 35  
  * follows:</p>
 36  
  * <ul>
 37  
  *   <li>Size threshold is 10KB.</li>
 38  
  *   <li>Repository is the system default temp directory, as returned by
 39  
  *       <code>System.getProperty("java.io.tmpdir")</code>.</li>
 40  
  * </ul>
 41  
  * <p>
 42  
  * <b>NOTE</b>: Files are created in the system default temp directory with
 43  
  * predictable names. This means that a local attacker with write access to that
 44  
  * directory can perform a TOUTOC attack to replace any uploaded file with a
 45  
  * file of the attackers choice. The implications of this will depend on how the
 46  
  * uploaded file is used but could be significant. When using this
 47  
  * implementation in an environment with local, untrusted users,
 48  
  * {@link #setRepository(File)} MUST be used to configure a repository location
 49  
  * that is not publicly writable. In a Servlet container the location identified
 50  
  * by the ServletContext attribute <code>javax.servlet.context.tempdir</code>
 51  
  * may be used.
 52  
  * </p>
 53  
  *
 54  
  * <p>Temporary files, which are created for file items, should be
 55  
  * deleted later on. The best way to do this is using a
 56  
  * {@link FileCleaningTracker}, which you can set on the
 57  
  * {@link DiskFileItemFactory}. However, if you do use such a tracker,
 58  
  * then you must consider the following: Temporary files are automatically
 59  
  * deleted as soon as they are no longer needed. (More precisely, when the
 60  
  * corresponding instance of {@link java.io.File} is garbage collected.)
 61  
  * This is done by the so-called reaper thread, which is started and stopped
 62  
  * automatically by the {@link FileCleaningTracker} when there are files to be
 63  
  * tracked.
 64  
  * It might make sense to terminate that thread, for example, if
 65  
  * your web application ends. See the section on "Resource cleanup"
 66  
  * in the users guide of commons-fileupload.</p>
 67  
  *
 68  
  * @since FileUpload 1.1
 69  
  */
 70  
 public class DiskFileItemFactory implements FileItemFactory {
 71  
 
 72  
     // ----------------------------------------------------- Manifest constants
 73  
 
 74  
     /**
 75  
      * The default threshold above which uploads will be stored on disk.
 76  
      */
 77  
     public static final int DEFAULT_SIZE_THRESHOLD = 10240;
 78  
 
 79  
     // ----------------------------------------------------- Instance Variables
 80  
 
 81  
     /**
 82  
      * The directory in which uploaded files will be stored, if stored on disk.
 83  
      */
 84  
     private File repository;
 85  
 
 86  
     /**
 87  
      * The threshold above which uploads will be stored on disk.
 88  
      */
 89  33
     private int sizeThreshold = DEFAULT_SIZE_THRESHOLD;
 90  
 
 91  
     /**
 92  
      * <p>The instance of {@link FileCleaningTracker}, which is responsible
 93  
      * for deleting temporary files.</p>
 94  
      * <p>May be null, if tracking files is not required.</p>
 95  
      */
 96  
     private FileCleaningTracker fileCleaningTracker;
 97  
 
 98  
     // ----------------------------------------------------------- Constructors
 99  
 
 100  
     /**
 101  
      * Constructs an unconfigured instance of this class. The resulting factory
 102  
      * may be configured by calling the appropriate setter methods.
 103  
      */
 104  
     public DiskFileItemFactory() {
 105  22
         this(DEFAULT_SIZE_THRESHOLD, null);
 106  22
     }
 107  
 
 108  
     /**
 109  
      * Constructs a preconfigured instance of this class.
 110  
      *
 111  
      * @param sizeThreshold The threshold, in bytes, below which items will be
 112  
      *                      retained in memory and above which they will be
 113  
      *                      stored as a file.
 114  
      * @param repository    The data repository, which is the directory in
 115  
      *                      which files will be created, should the item size
 116  
      *                      exceed the threshold.
 117  
      */
 118  33
     public DiskFileItemFactory(int sizeThreshold, File repository) {
 119  33
         this.sizeThreshold = sizeThreshold;
 120  33
         this.repository = repository;
 121  33
     }
 122  
 
 123  
     // ------------------------------------------------------------- Properties
 124  
 
 125  
     /**
 126  
      * Returns the directory used to temporarily store files that are larger
 127  
      * than the configured size threshold.
 128  
      *
 129  
      * @return The directory in which temporary files will be located.
 130  
      *
 131  
      * @see #setRepository(java.io.File)
 132  
      *
 133  
      */
 134  
     public File getRepository() {
 135  5
         return repository;
 136  
     }
 137  
 
 138  
     /**
 139  
      * Sets the directory used to temporarily store files that are larger
 140  
      * than the configured size threshold.
 141  
      *
 142  
      * @param repository The directory in which temporary files will be located.
 143  
      *
 144  
      * @see #getRepository()
 145  
      *
 146  
      */
 147  
     public void setRepository(File repository) {
 148  0
         this.repository = repository;
 149  0
     }
 150  
 
 151  
     /**
 152  
      * Returns the size threshold beyond which files are written directly to
 153  
      * disk. The default value is 10240 bytes.
 154  
      *
 155  
      * @return The size threshold, in bytes.
 156  
      *
 157  
      * @see #setSizeThreshold(int)
 158  
      */
 159  
     public int getSizeThreshold() {
 160  5
         return sizeThreshold;
 161  
     }
 162  
 
 163  
     /**
 164  
      * Sets the size threshold beyond which files are written directly to disk.
 165  
      *
 166  
      * @param sizeThreshold The size threshold, in bytes.
 167  
      *
 168  
      * @see #getSizeThreshold()
 169  
      *
 170  
      */
 171  
     public void setSizeThreshold(int sizeThreshold) {
 172  0
         this.sizeThreshold = sizeThreshold;
 173  0
     }
 174  
 
 175  
     // --------------------------------------------------------- Public Methods
 176  
 
 177  
     /**
 178  
      * Create a new {@link org.apache.commons.fileupload.disk.DiskFileItem}
 179  
      * instance from the supplied parameters and the local factory
 180  
      * configuration.
 181  
      *
 182  
      * @param fieldName   The name of the form field.
 183  
      * @param contentType The content type of the form field.
 184  
      * @param isFormField <code>true</code> if this is a plain form field;
 185  
      *                    <code>false</code> otherwise.
 186  
      * @param fileName    The name of the uploaded file, if any, as supplied
 187  
      *                    by the browser or other client.
 188  
      *
 189  
      * @return The newly created file item.
 190  
      */
 191  
     public FileItem createItem(String fieldName, String contentType,
 192  
             boolean isFormField, String fileName) {
 193  2168
         DiskFileItem result = new DiskFileItem(fieldName, contentType,
 194  
                 isFormField, fileName, sizeThreshold, repository);
 195  2168
         FileCleaningTracker tracker = getFileCleaningTracker();
 196  2168
         if (tracker != null) {
 197  0
             tracker.track(result.getTempFile(), result);
 198  
         }
 199  2168
         return result;
 200  
     }
 201  
 
 202  
     /**
 203  
      * Returns the tracker, which is responsible for deleting temporary
 204  
      * files.
 205  
      *
 206  
      * @return An instance of {@link FileCleaningTracker}, or null
 207  
      *   (default), if temporary files aren't tracked.
 208  
      */
 209  
     public FileCleaningTracker getFileCleaningTracker() {
 210  2168
         return fileCleaningTracker;
 211  
     }
 212  
 
 213  
     /**
 214  
      * Sets the tracker, which is responsible for deleting temporary
 215  
      * files.
 216  
      *
 217  
      * @param pTracker An instance of {@link FileCleaningTracker},
 218  
      *   which will from now on track the created files, or null
 219  
      *   (default), to disable tracking.
 220  
      */
 221  
     public void setFileCleaningTracker(FileCleaningTracker pTracker) {
 222  0
         fileCleaningTracker = pTracker;
 223  0
     }
 224  
 
 225  
 }