com.denimgroup.threadfix.service.DocumentServiceImpl.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.denimgroup.threadfix.service.DocumentServiceImpl.java

Introduction

Here is the source code for com.denimgroup.threadfix.service.DocumentServiceImpl.java

Source

////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2013 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.service;

import java.io.IOException;
import java.sql.Blob;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;

import javax.sql.rowset.serial.SerialBlob;

import org.apache.commons.io.FilenameUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.multipart.MultipartFile;

import com.denimgroup.threadfix.data.dao.ApplicationDao;
import com.denimgroup.threadfix.data.dao.DocumentDao;
import com.denimgroup.threadfix.data.dao.VulnerabilityDao;
import com.denimgroup.threadfix.data.entities.Application;
import com.denimgroup.threadfix.data.entities.Document;
import com.denimgroup.threadfix.data.entities.Vulnerability;

@Service
@Transactional(readOnly = false)
public class DocumentServiceImpl implements DocumentService {

    private final SanitizedLogger log = new SanitizedLogger(DocumentService.class);

    private ApplicationDao applicationDao;
    private VulnerabilityDao vulnerabilityDao;
    private DocumentDao documentDao;
    private ContentTypeServiceImpl contentTypeService = new ContentTypeServiceImpl();

    @Autowired
    public DocumentServiceImpl(DocumentDao documentDao, ApplicationDao applicationDao,
            VulnerabilityDao vulnerabilityDao) {
        this.documentDao = documentDao;
        this.applicationDao = applicationDao;
        this.vulnerabilityDao = vulnerabilityDao;
    }

    @Override
    public String saveFileToApp(Integer appId, MultipartFile file) {
        if (appId == null || file == null) {
            log.warn("The document upload file failed to save, it had null input.");
            return null;
        }

        Application application = applicationDao.retrieveById(appId);

        if (application == null) {
            log.warn("Unable to retrieve Application - document save failed.");
            return null;
        }

        if (!contentTypeService.isValidUpload(file.getContentType())) {
            log.warn("Invalid filetype for upload: " + file.getContentType());
            return null;
        }

        Document doc = new Document();
        String fileFullName = file.getOriginalFilename();
        doc.setApplication(application);
        doc.setName(getFileName(fileFullName));
        doc.setType(getFileType(fileFullName));
        if (!doc.getType().equals("json")) {
            doc.setContentType(contentTypeService.translateContentType(file.getContentType()));
        } else {
            doc.setContentType(contentTypeService.translateContentType("json"));
        }

        try {
            Blob blob = new SerialBlob(file.getBytes());
            doc.setFile(blob);

            List<Document> appDocs = application.getDocuments();
            if (appDocs == null)
                appDocs = new ArrayList<Document>();
            appDocs.add(doc);

            documentDao.saveOrUpdate(doc);
            applicationDao.saveOrUpdate(application);

        } catch (SQLException | IOException e) {
            log.warn("Unable to save document - exception occurs.");
            return null;
        }

        return fileFullName;
    }

    @Override
    public String saveFileToVuln(Integer vulnId, MultipartFile file) {
        if (vulnId == null || file == null) {
            log.warn("The document upload file failed to save, it had null input.");
            return null;
        }

        if (!contentTypeService.isValidUpload(file.getContentType())) {
            log.warn("Invalid filetype for upload: " + file.getContentType());
            return null;
        }

        Vulnerability vulnerability = vulnerabilityDao.retrieveById(vulnId);

        if (vulnerability == null) {
            log.warn("Unable to retrieve Vulnerability - document save failed.");
            return null;
        }

        Document doc = new Document();
        String fileFullName = file.getOriginalFilename();
        doc.setVulnerability(vulnerability);
        doc.setName(getFileName(fileFullName));
        doc.setType(getFileType(fileFullName));
        doc.setContentType(contentTypeService.translateContentType(file.getContentType()));
        try {
            Blob blob = new SerialBlob(file.getBytes());
            doc.setFile(blob);

            List<Document> appDocs = vulnerability.getDocuments();
            if (appDocs == null)
                appDocs = new ArrayList<Document>();
            appDocs.add(doc);

            documentDao.saveOrUpdate(doc);
            vulnerabilityDao.saveOrUpdate(vulnerability);

        } catch (SQLException | IOException e) {
            log.warn("Unable to save document - exception occurs.");
            return null;
        }

        return fileFullName;
    }

    @Override
    public Document loadDocument(Integer docId) {
        return documentDao.retrieveById(docId);
    }

    @Override
    public String deleteDocument(Document document) {

        if (document.getApplication() != null && document.getApplication().getId() != null) {
            Application application = applicationDao.retrieveById(document.getApplication().getId());
            application.getDocuments().remove(document);
            document.setApplication(null);
            documentDao.delete(document);
            applicationDao.saveOrUpdate(application);
            return "redirect:/organizations/" + application.getOrganization().getId() + "/applications/"
                    + application.getId();
        }

        if (document.getVulnerability() != null && document.getVulnerability().getId() != null) {
            Vulnerability vulnerability = vulnerabilityDao.retrieveById(document.getVulnerability().getId());
            vulnerability.getDocuments().remove(document);
            document.setVulnerability(null);
            documentDao.delete(document);
            vulnerabilityDao.saveOrUpdate(vulnerability);
            return "redirect:/organizations/" + vulnerability.getApplication().getOrganization().getId()
                    + "/applications/" + vulnerability.getApplication().getId() + "/vulnerabilities/"
                    + vulnerability.getId();
        }

        return null;

    }

    @Override
    public ContentTypeService getContentTypeService() {
        return contentTypeService;
    }

    private String getFileName(String fullName) {
        return FilenameUtils.getBaseName(fullName);
    }

    private String getFileType(String fullName) {
        return FilenameUtils.getExtension(fullName);
    }

}