23665300624

Committed 27 Mar 2026 08:06PM UTC coverage: 65.425% (+0.05%) from 65.373%

Build # 23665300624

Build Type

push

github

Committed by

ibacher

Commit Message

Follow-up for Java 8 support in ModuleResourcesServlet

Run Details

0 of 2 new or added lines in 1 file covered. (0.0%)

164 existing lines in 5 files now uncovered.

23858 of 36466 relevant lines covered (65.43%)

0.65 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/web/src/main/java/org/openmrs/module/web/ModuleResourcesServlet.java

/**
 * This Source Code Form is subject to the terms of the Mozilla Public License,
 * v. 2.0. If a copy of the MPL was not distributed with this file, You can
 * obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under
 * the terms of the Healthcare Disclaimer located at http://openmrs.org/license.
 *
 * Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS
 * graphic logo is a trademark of OpenMRS Inc.
 */
package org.openmrs.module.web;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.openmrs.module.Module;
import org.openmrs.module.ModuleUtil;
import org.openmrs.util.OpenmrsUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class ModuleResourcesServlet extends HttpServlet {
        
        private static final String MODULE_PATH = "/WEB-INF/view/module/";
        
        private static final long serialVersionUID = 1239820102030344L;
        
        private static final Logger log = LoggerFactory.getLogger(ModuleResourcesServlet.class);
        
        /**
         * Used for caching purposes
         *
         * @see javax.servlet.http.HttpServlet#getLastModified(javax.servlet.http.HttpServletRequest)
         */
        @Override
        protected long getLastModified(HttpServletRequest req) {
                File f = getFile(req);
                
                if (f == null) {
                        return super.getLastModified(req);
                }
                
                return f.lastModified();
        }
        
        @Override
        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
                
                log.debug("In service method for module servlet: " + request.getPathInfo());
                
                File f = getFile(request);
                if (f == null) {
                        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
                        return;
                }
                
                response.setDateHeader("Last-Modified", f.lastModified());
                response.setContentLength(Long.valueOf(f.length()).intValue());
                String mimeType = getServletContext().getMimeType(f.getName());
                response.setContentType(mimeType);
                
                FileInputStream is = new FileInputStream(f);
                try {
                        OpenmrsUtil.copyFile(is, response.getOutputStream());
                }
                finally {
                        OpenmrsUtil.closeStream(is);
                }
        }
        
        /**
         * Turns the given request/path into a File object
         *
         * @param request the current http request
         * @return the file being requested or null if not found
         */
        protected File getFile(HttpServletRequest request) {
                
                String path = request.getPathInfo();
                
                Module module = ModuleUtil.getModuleForPath(path);
                if (module == null) {
                        log.warn("No module handles the path: " + path);
                        return null;
                }
                
                String relativePath = ModuleUtil.getPathForResource(module, path);
                String realPath = getServletContext().getRealPath("") + MODULE_PATH + module.getModuleIdAsPath() + "/resources"
                        + relativePath;

                String basePath;

                //if in dev mode, load resources from the development directory
                File devDir = ModuleUtil.getDevelopmentDirectory(module.getModuleId());
                if (devDir != null) {
                        realPath = devDir.getAbsolutePath() + "/omod/target/classes/web/module/resources" + relativePath;
                        basePath = devDir.getAbsolutePath() + "/omod/target/classes/web/module/resources";
                } else {
                        basePath = getServletContext().getRealPath("") + MODULE_PATH + module.getModuleIdAsPath() + "/resources";
                }

                Path normalizedPath = Paths.get(realPath).normalize();
                Path normalizedBase = Paths.get(basePath).normalize();
                if (!normalizedPath.startsWith(normalizedBase)) {
                        log.warn("Detected attempted directory traversal with path: " + path);
                        return null;
                }

                File f = normalizedPath.toFile();
                if (!f.exists()) {
                        log.warn("No file with path '" + normalizedPath + "' exists for module '" + module.getModuleId() + "'");
                        return null;
                }
                
                return f;
        }
        
}

1	/**
2	* This Source Code Form is subject to the terms of the Mozilla Public License,
3	* v. 2.0. If a copy of the MPL was not distributed with this file, You can
4	* obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under
5	* the terms of the Healthcare Disclaimer located at http://openmrs.org/license.
6	*
7	* Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS
8	* graphic logo is a trademark of OpenMRS Inc.
9	*/
10	package org.openmrs.module.web;
11
12	import java.io.File;
13	import java.io.FileInputStream;
14	import java.io.IOException;
15	import java.nio.file.Path;
16	import java.nio.file.Paths;
17
18	import javax.servlet.ServletException;
19	import javax.servlet.http.HttpServlet;
20	import javax.servlet.http.HttpServletRequest;
21	import javax.servlet.http.HttpServletResponse;
22
23	import org.openmrs.module.Module;
24	import org.openmrs.module.ModuleUtil;
25	import org.openmrs.util.OpenmrsUtil;
26	import org.slf4j.Logger;
27	import org.slf4j.LoggerFactory;
28
UNCOV 29	public class ModuleResourcesServlet extends HttpServlet {	×
30
31	private static final String MODULE_PATH = "/WEB-INF/view/module/";
32
33	private static final long serialVersionUID = 1239820102030344L;
34
UNCOV 35	private static final Logger log = LoggerFactory.getLogger(ModuleResourcesServlet.class);	×
36
37	/**
38	* Used for caching purposes
39	*
40	* @see javax.servlet.http.HttpServlet#getLastModified(javax.servlet.http.HttpServletRequest)
41	*/
42	@Override
43	protected long getLastModified(HttpServletRequest req) {
UNCOV 44	File f = getFile(req);	×
45
46	if (f == null) {	×
UNCOV 47	return super.getLastModified(req);	×
48	}
49
UNCOV 50	return f.lastModified();	×
51	}
52
53	@Override
54	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
55
UNCOV 56	log.debug("In service method for module servlet: " + request.getPathInfo());	×
57
58	File f = getFile(request);	×
59	if (f == null) {	×
60	response.setStatus(HttpServletResponse.SC_NOT_FOUND);	×
UNCOV 61	return;	×
62	}
63
64	response.setDateHeader("Last-Modified", f.lastModified());	×
65	response.setContentLength(Long.valueOf(f.length()).intValue());	×
66	String mimeType = getServletContext().getMimeType(f.getName());	×
UNCOV 67	response.setContentType(mimeType);	×
68
UNCOV 69	FileInputStream is = new FileInputStream(f);	×
70	try {
UNCOV 71	OpenmrsUtil.copyFile(is, response.getOutputStream());	×
72	}
73	finally {
UNCOV 74	OpenmrsUtil.closeStream(is);	×
75	}
UNCOV 76	}	×
77
78	/**
79	* Turns the given request/path into a File object
80	*
81	* @param request the current http request
82	* @return the file being requested or null if not found
83	*/
84	protected File getFile(HttpServletRequest request) {
85
UNCOV 86	String path = request.getPathInfo();	×
87
88	Module module = ModuleUtil.getModuleForPath(path);	×
89	if (module == null) {	×
90	log.warn("No module handles the path: " + path);	×
UNCOV 91	return null;	×
92	}
93
94	String relativePath = ModuleUtil.getPathForResource(module, path);	×
UNCOV 95	String realPath = getServletContext().getRealPath("") + MODULE_PATH + module.getModuleIdAsPath() + "/resources"	×
96	+ relativePath;
97
98	String basePath;
99
100	//if in dev mode, load resources from the development directory
UNCOV 101	File devDir = ModuleUtil.getDevelopmentDirectory(module.getModuleId());	×
UNCOV 102	if (devDir != null) {	×
103	realPath = devDir.getAbsolutePath() + "/omod/target/classes/web/module/resources" + relativePath;	×
UNCOV 104	basePath = devDir.getAbsolutePath() + "/omod/target/classes/web/module/resources";	×
105	} else {
106	basePath = getServletContext().getRealPath("") + MODULE_PATH + module.getModuleIdAsPath() + "/resources";	×
107	}
108
NEW 109	Path normalizedPath = Paths.get(realPath).normalize();	×
NEW 110	Path normalizedBase = Paths.get(basePath).normalize();	×
UNCOV 111	if (!normalizedPath.startsWith(normalizedBase)) {	×
UNCOV 112	log.warn("Detected attempted directory traversal with path: " + path);	×
UNCOV 113	return null;	×
114	}
115
UNCOV 116	File f = normalizedPath.toFile();	×
UNCOV 117	if (!f.exists()) {	×
UNCOV 118	log.warn("No file with path '" + normalizedPath + "' exists for module '" + module.getModuleId() + "'");	×
UNCOV 119	return null;	×
120	}
121
UNCOV 122	return f;	×
123	}
124
125	}

openmrs / openmrs-core / 23665300624

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous