From f875a2c9819b0f0196e4abbadca3dbc5eb9d65ed Mon Sep 17 00:00:00 2001
From: chubtub <43381989+chubtub@users.noreply.github.com>
Date: Thu, 25 Apr 2024 14:45:39 -0400
Subject: [PATCH] Check upload file extensions

---
 .../ReferenceManifestPageController.java      | 31 ++++++++++++++-----
 .../src/main/webapp/WEB-INF/jsp/error.jsp     |  2 +-
 2 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
index 937bb4c9..f584bdaf 100644
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
@@ -62,7 +62,8 @@ import java.util.zip.ZipOutputStream;
 @RequestMapping("/HIRS_AttestationCAPortal/portal/reference-manifests")
 public class ReferenceManifestPageController extends PageController<NoPageParams> {
 
-    private static final String LOG_FILE_PATTERN = "([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)";
+    private static final String BASE_RIM_FILE_PATTERN = "([^\\s]+(\\.(?i)swidtag)$)";
+    private static final String SUPPORT_RIM_FILE_PATTERN = "([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)";
 
     @Autowired(required = false)
     private EntityManager entityManager;
@@ -156,9 +157,11 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
         Map<String, Object> model = new HashMap<>();
         PageMessages messages = new PageMessages();
         String fileName;
-        Pattern logPattern = Pattern.compile(LOG_FILE_PATTERN);
+        Pattern baseRimPattern = Pattern.compile(BASE_RIM_FILE_PATTERN);
+        Pattern supportRimPattern = Pattern.compile(SUPPORT_RIM_FILE_PATTERN);
         Matcher matcher;
-        boolean supportRIM = false;
+        boolean isBaseRim = false;
+        boolean isSupportRim = false;
         List<BaseReferenceManifest> baseRims = new ArrayList<>();
         List<SupportReferenceManifest> supportRims = new ArrayList<>();
         log.info(String.format("Processing %s uploaded files", files.length));
@@ -166,11 +169,23 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
         // loop through the files
         for (MultipartFile file : files) {
             fileName = file.getOriginalFilename();
-            matcher = logPattern.matcher(fileName);
-            supportRIM = matcher.matches();
-
-            //Parse reference manifests
-            parseRIM(file, supportRIM, messages, baseRims, supportRims);
+            matcher = baseRimPattern.matcher(fileName);
+            isBaseRim = matcher.matches();
+            if (!isBaseRim) {
+                matcher = supportRimPattern.matcher(fileName);
+                isSupportRim = matcher.matches();
+            }
+            if (!isBaseRim && !isSupportRim) {
+                String errorString = "The file extension of " + fileName + " was not recognized." +
+                        " Base RIMs support the extension \".swidtag\", and support RIMs support " +
+                        "\".rimpcr\", \".rimel\", \".bin\", and \".log\". " +
+                        "Please verify your upload and retry.";
+                log.error("File extension in " + fileName + " not recognized as base or support RIM.");
+                messages.addError(errorString);
+            } else {
+                //Parse reference manifests
+                parseRIM(file, isSupportRim, messages, baseRims, supportRims);
+            }
         }
         baseRims.stream().forEach((rim) -> {
             log.info(String.format("Storing swidtag %s", rim.getFileName()));
diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/error.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/error.jsp
index bf06bdf4..908cca10 100644
--- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/error.jsp
+++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/error.jsp
@@ -9,7 +9,7 @@
     <jsp:attribute name="pageHeaderTitle">Error - 404</jsp:attribute>
 
     <jsp:body>
-        <!--<div> Exception Message: <c:out value="${exception}"/></div>
+        <!--<div> Exception Message: <c:out value="${exception}"></c:out></div>
         <div> from URL -> <span th:text="${url}"</span></div>-->
     </jsp:body>
 </my:page>
\ No newline at end of file