1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17 package org.apache.commons.fileupload2.core;
18
19 import java.nio.charset.Charset;
20 import java.nio.file.Path;
21
22 import org.apache.commons.io.FileCleaningTracker;
23 import org.apache.commons.io.build.AbstractOrigin;
24 import org.apache.commons.io.build.AbstractStreamBuilder;
25 import org.apache.commons.io.file.PathUtils;
26
27 /**
28 * The default {@link FileItemFactory} implementation.
29 * <p>
30 * This implementation creates {@link FileItem} instances which keep their content either in memory, for smaller items, or in a temporary file on disk, for
31 * larger items. The size threshold, above which content will be stored on disk, is configurable, as is the directory in which temporary files will be created.
32 * </p>
33 * <p>
34 * If not otherwise configured, the default configuration values are as follows:
35 * </p>
36 * <ul>
37 * <li>Size threshold is 10 KB.</li>
38 * <li>Repository is the system default temporary directory, as returned by {@code System.getProperty("java.io.tmpdir")}.</li>
39 * </ul>
40 * <p>
41 * <b>NOTE</b>: Files are created in the system default temporary directory with predictable names. This means that a local attacker with write access to that
42 * directory can perform a TOUTOC attack to replace any uploaded file with a file of the attackers choice. The implications of this will depend on how the
43 * uploaded file is used but could be significant. When using this implementation in an environment with local, untrusted users, {@link Builder#setPath(Path)}
44 * MUST be used to configure a repository location that is not publicly writable. In a Servlet container the location identified by the ServletContext attribute
45 * {@code javax.servlet.context.tempdir} may be used.
46 * </p>
47 * <p>
48 * Temporary files, which are created for file items, should be deleted later on. The best way to do this is using a {@link FileCleaningTracker}, which you can
49 * set on the {@link DiskFileItemFactory}. However, if you do use such a tracker, then you must consider the following: Temporary files are automatically
50 * deleted as soon as they are no longer needed. (More precisely, when the corresponding instance of {@link java.io.File} is garbage collected.) This is done by
51 * the so-called reaper thread, which is started and stopped automatically by the {@link FileCleaningTracker} when there are files to be tracked. It might make
52 * sense to terminate that thread, for example, if your web application ends. See the section on "Resource cleanup" in the users guide of Commons FileUpload.
53 * </p>
54 *
55 * @see Builder
56 * @see Builder#get()
57 */
58 public final class DiskFileItemFactory implements FileItemFactory<DiskFileItem> {
59
60 /**
61 * Builds a new {@link DiskFileItemFactory} instance.
62 * <p>
63 * For example:
64 * </p>
65 *
66 * <pre>{@code
67 * DiskFileItemFactory factory = DiskFileItemFactory.builder().setPath(path).setBufferSize(DEFAULT_THRESHOLD).get();
68 * }
69 * </pre>
70 */
71 public static class Builder extends AbstractStreamBuilder<DiskFileItemFactory, Builder> {
72
73 /**
74 * The instance of {@link FileCleaningTracker}, which is responsible for deleting temporary files.
75 * <p>
76 * May be null, if tracking files is not required.
77 * </p>
78 */
79 private FileCleaningTracker fileCleaningTracker;
80
81 public Builder() {
82 setBufferSize(DEFAULT_THRESHOLD);
83 setPath(PathUtils.getTempDirectory());
84 setCharset(DiskFileItem.DEFAULT_CHARSET);
85 setCharsetDefault(DiskFileItem.DEFAULT_CHARSET);
86 }
87
88 /**
89 * Constructs a new instance.
90 * <p>
91 * This builder use the aspects Path and buffer size.
92 * </p>
93 * <p>
94 * You must provide an origin that can be converted to a Reader by this builder, otherwise, this call will throw an
95 * {@link UnsupportedOperationException}.
96 * </p>
97 *
98 * @return a new instance.
99 * @throws UnsupportedOperationException if the origin cannot provide a Path.
100 * @see AbstractOrigin#getReader(Charset)
101 */
102 @Override
103 public DiskFileItemFactory get() {
104 return new DiskFileItemFactory(getPath(), getBufferSize(), getCharset(), fileCleaningTracker);
105 }
106
107 /**
108 * Sets the tracker, which is responsible for deleting temporary files.
109 *
110 * @param fileCleaningTracker Callback to track files created, or null (default) to disable tracking.
111 * @return this
112 */
113 public Builder setFileCleaningTracker(final FileCleaningTracker fileCleaningTracker) {
114 this.fileCleaningTracker = fileCleaningTracker;
115 return this;
116 }
117
118 }
119
120 /**
121 * The default threshold in bytes above which uploads will be stored on disk.
122 */
123 public static final int DEFAULT_THRESHOLD = 10_240;
124
125 /**
126 * Constructs a new {@link Builder}.
127 *
128 * @return a new {@link Builder}.
129 */
130 public static Builder builder() {
131 return new Builder();
132 }
133
134 /**
135 * The directory in which uploaded files will be stored, if stored on disk.
136 */
137 private final Path repository;
138
139 /**
140 * The threshold above which uploads will be stored on disk.
141 */
142 private final int threshold;
143
144 /**
145 * The instance of {@link FileCleaningTracker}, which is responsible for deleting temporary files.
146 * <p>
147 * May be null, if tracking files is not required.
148 * </p>
149 */
150 private final FileCleaningTracker fileCleaningTracker;
151
152 /**
153 * Default content Charset to be used when no explicit Charset parameter is provided by the sender.
154 */
155 private final Charset charsetDefault;
156
157 /**
158 * Constructs a preconfigured instance of this class.
159 *
160 * @param repository The data repository, which is the directory in which files will be created, should the item size exceed the threshold.
161 * @param threshold The threshold, in bytes, below which items will be retained in memory and above which they will be stored as a file.
162 * @param charsetDefault Sets the default charset for use when no explicit charset parameter is provided by the sender.
163 * @param fileCleaningTracker Callback to track files created, or null (default) to disable tracking.
164 */
165 private DiskFileItemFactory(final Path repository, final int threshold, final Charset charsetDefault, final FileCleaningTracker fileCleaningTracker) {
166 this.threshold = threshold;
167 this.repository = repository;
168 this.charsetDefault = charsetDefault;
169 this.fileCleaningTracker = fileCleaningTracker;
170 }
171
172 @SuppressWarnings("unchecked")
173 @Override
174 public DiskFileItem.Builder fileItemBuilder() {
175 // @formatter:off
176 return DiskFileItem.builder()
177 .setBufferSize(threshold)
178 .setCharset(charsetDefault)
179 .setFileCleaningTracker(fileCleaningTracker)
180 .setPath(repository);
181 // @formatter:on
182 }
183
184 /**
185 * Gets the default charset for use when no explicit charset parameter is provided by the sender.
186 *
187 * @return the default charset
188 */
189 public Charset getCharsetDefault() {
190 return charsetDefault;
191 }
192
193 /**
194 * Gets the tracker, which is responsible for deleting temporary files.
195 *
196 * @return An instance of {@link FileCleaningTracker}, or null (default), if temporary files aren't tracked.
197 */
198 public FileCleaningTracker getFileCleaningTracker() {
199 return fileCleaningTracker;
200 }
201
202 /**
203 * Gets the directory used to temporarily store files that are larger than the configured size threshold.
204 *
205 * @return The directory in which temporary files will be located.
206 */
207 public Path getRepository() {
208 return repository;
209 }
210
211 /**
212 * Gets the size threshold beyond which files are written directly to disk. The default value is {@value #DEFAULT_THRESHOLD} bytes.
213 *
214 * @return The size threshold in bytes.
215 */
216 public int getThreshold() {
217 return threshold;
218 }
219 }