Improve file/path handling in asset manager

apache · Aug 3, 2024 · b23f672 · b23f672
1 parent 5288374
commit b23f672
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/...k/nifi-framework-components/src/main/java/org/apache/nifi/asset/StandardAssetManager.java b/...k/nifi-framework-components/src/main/java/org/apache/nifi/asset/StandardAssetManager.java
@@ -26,6 +26,8 @@
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
 import java.util.ArrayList;
 import java.util.HexFormat;
@@ -159,7 +161,10 @@ private String createAssetId(final String parameterContextId, final String asset
     }
 
     private File getFile(final String paramContextId, final String assetName) {
-        return new File(assetStorageLocation, paramContextId + "/" + assetName);
+        final Path parentPath = assetStorageLocation.toPath().normalize();
+        final Path assetPath = Paths.get(paramContextId, assetName).normalize();
+        final Path fullPath = parentPath.resolve(assetPath);
+        return fullPath.toFile();
     }
 
     private String getStorageLocation(final AssetManagerInitializationContext initializationContext) {

diff --git a/...nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ParameterContextResource.java b/...nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ParameterContextResource.java
@@ -406,14 +406,13 @@ public Response createAsset(
             }
         }
 
+        // Get the context or throw ResourceNotFoundException
+        final NiFiUser user = NiFiUserUtils.getNiFiUser();
+        final ParameterContextEntity contextEntity = serviceFacade.getParameterContext(contextId, false, user);
+        final Set<AffectedComponentEntity> affectedComponents = serviceFacade.getComponentsAffectedByParameterContextUpdate(Collections.singletonList(contextEntity.getComponent()));
+
         // Authorize the request
         serviceFacade.authorizeAccess(lookup -> {
-            final NiFiUser user = NiFiUserUtils.getNiFiUser();
-
-            // Get the context or throw ResourceNotFoundException
-            final ParameterContextEntity contextEntity = serviceFacade.getParameterContext(contextId, false, NiFiUserUtils.getNiFiUser());
-            final Set<AffectedComponentEntity> affectedComponents = serviceFacade.getComponentsAffectedByParameterContextUpdate(Collections.singletonList(contextEntity.getComponent()));
-
             // Verify READ and WRITE permissions for user, for the Parameter Context itself
             final ParameterContext parameterContext = lookup.getParameterContext(contextId);
             parameterContext.authorize(authorizer, RequestAction.READ, user);
@@ -447,8 +446,9 @@ public Response createAsset(
                     .build();
             assetEntity = uploadRequestReplicator.upload(uploadRequest);
         } else {
+            final String existingContextId = contextEntity.getId();
             final String sanitizedAssetName = FileUtils.sanitizeFilename(assetName);
-            final Asset asset = assetManager.createAsset(contextId, sanitizedAssetName, maxLengthInputStream);
+            final Asset asset = assetManager.createAsset(existingContextId, sanitizedAssetName, maxLengthInputStream);
             assetEntity = dtoFactory.createAssetEntity(asset);
         }