MightyPork
/
airsonic-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix various minor issues found by LGTM

Browse Source 
- Unnecessary boxing
- Integer overflow
- Path traversal via zip
- Dangerous synchronization pattern
master
jvoisin 6 years ago committed by GitHub
parent a911ebab80
commit d3970a5c62
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      airsonic-main/src/main/java/org/airsonic/player/controller/PodcastReceiverAdminController.java
  2. 2
      airsonic-main/src/main/java/org/airsonic/player/controller/StreamController.java
  3. 5
      airsonic-main/src/main/java/org/airsonic/player/controller/UploadController.java
  4. 2
      airsonic-main/src/main/java/org/airsonic/player/monitor/MetricsManager.java

2
airsonic-main/src/main/java/org/airsonic/player/controller/PodcastReceiverAdminController.java
Unescape View File

@ -84,7 +84,7 @@ public class PodcastReceiverAdminController {
} }
private void download(int[] episodeIds) { private void download(int[] episodeIds) {
for (Integer episodeId : episodeIds) { for (int episodeId : episodeIds) {
PodcastEpisode episode = podcastService.getEpisode(episodeId, false); PodcastEpisode episode = podcastService.getEpisode(episodeId, false);
if (episode != null && episode.getUrl() != null && if (episode != null && episode.getUrl() != null &&
(episode.getStatus() == PodcastStatus.NEW || (episode.getStatus() == PodcastStatus.NEW ||

2
airsonic-main/src/main/java/org/airsonic/player/controller/StreamController.java
Unescape View File

@ -311,7 +311,7 @@ public class StreamController {
return file.getFileSize(); return file.getFileSize();
} }
return duration * maxBitRate * 1000L / 8L; return duration * (long)maxBitRate * 1000L / 8L;
} }
private HttpRange getRange(HttpServletRequest request, MediaFile file) { private HttpRange getRange(HttpServletRequest request, MediaFile file) {

5
airsonic-main/src/main/java/org/airsonic/player/controller/UploadController.java
Unescape View File

@ -173,6 +173,9 @@ public class UploadController {
while (entries.hasMoreElements()) { while (entries.hasMoreElements()) {
ZipEntry entry = (ZipEntry) entries.nextElement(); ZipEntry entry = (ZipEntry) entries.nextElement();
File entryFile = new File(file.getParentFile(), entry.getName()); File entryFile = new File(file.getParentFile(), entry.getName());
if (!entryFile.toPath().normalize().startsWith(file.getParentFile().toPath())) {
throw new Exception("Bad zip filename: " + StringUtil.toHtml(entryFile.getPath()));
}
if (!entry.isDirectory()) { if (!entry.isDirectory()) {
@ -263,4 +266,4 @@ public class UploadController {
} }
} }
} }

2
airsonic-main/src/main/java/org/airsonic/player/monitor/MetricsManager.java
Unescape View File

@ -20,7 +20,7 @@ public class MetricsManager {
// Main metrics registry // Main metrics registry
private static final MetricRegistry metrics = new MetricRegistry(); private static final MetricRegistry metrics = new MetricRegistry();
private static Boolean metricsActivatedByConfiguration = null; private static volatile Boolean metricsActivatedByConfiguration = null;
private static Object _lock = new Object(); private static Object _lock = new Object();
// Potential metrics reporters // Potential metrics reporters

Write Preview
Loading…
Cancel
Save