The Struts 1.x vulnerability issue as mentioned below:
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
To handle multipart requests we used the following code:
DiskFileItemFactory factory = new DiskFileItemFactory();
// Configure a repository (to ensure a secure temp location is
// used)
ServletContext servletContext = filterConfig.getServletContext();
File repository = (File) servletContext.getAttribute( "javax.servlet.context.tempdir" );
factory.setRepository( repository );// Create a new file upload
// handler
ServletFileUpload upload = new ServletFileUpload( factory );
// Parse the request
List<FileItem> multipartItems = upload.parseRequest( request );
// Prepare the request parameter map.
Map<String, String[]> parameterMap = new HashMap<String, String[]>();
// Loop through multipart request items.
for ( FileItem multipartItem : multipartItems )
{
if ( multipartItem.isFormField() )
{
// Process regular form field (input type="text|radio|checkbox|etc", select, etc).
processFormField( multipartItem, parameterMap );
}
else
{
// Process form file field (input type="file").
processFileField( multipartItem, request );
}
}
We are processing the file field as:
private void processFileField( FileItem fileField, HttpServletRequest request )
{
if ( fileField.getName().length() <= 0 )
{
// No file uploaded.
request.setAttribute( fileField.getFieldName(), null );
}
else
{
// File uploaded with good size.
request.setAttribute( fileField.getFieldName(), fileField );
}
}
But in Action class, when we are trying to retrieve the form field, we are getting NULL. How do we get the file field in the form.
Options tried are: 1) Setting multipartItem.setFormField() as true 2) Setting the form field along with non-file parameters.
None of the above helped. Need ideas.
