preetkaran20
commented
8 months ago Hi @tkomlodi ,
Thanks for detailed issue. Yes, please raise the fix with the PR. We can look into it.
Thanks, Karan
Closed tkomlodi closed 7 months ago
preetkaran20
commented
8 months ago Hi @tkomlodi ,
Thanks for detailed issue. Yes, please raise the fix with the PR. We can look into it.
Thanks, Karan
preetkaran20
commented
7 months ago Closing this issue as being addresses #453
Describe the bug When running the application using gradle on a linux system, which does not allow writing the root directory by the app, files will be uploaded into a temp folder which is not accessible subsequently.
To Reproduce
Expected behavior The above path should download the file.
Additional context As far as I can tell, this issue is related to the fix for #256 and #255: https://github.com/SasanLabs/VulnerableApp/pull/256/commits/5f273b48ba1119a349c893bbf4550a383da51181 The original issue was caused by a FileSystemNotFoundException exception that prevented the "root" property from initializing. In my environment, the current code successfully initializes and creates the "root" (static) path and folder, but fails creating the "contentDispositionRoot" folder. This triggers an exception which causes the "root" path being replaced with a tmp folder. The file upload succeeds to the ("root") tmp folder, however, this location is not available for download.
Would you like to help fix this issue? I'm not completely clear how the current code is intended to behave when there is no filesystem (FileSystemNotFoundException), however, I have a tentative fix that works for my environment, and also when running the app as a jar file.
If the issue makes sense and is accepted, please assign it to me and I'll create a pull request with the fix and try to give more context at that point. The proposed fix only changes two lines.