moumiKnu/src_bak/kr/co/kihyun/text/hml/VirtualHtml.java

package kr.co.kihyun.text.hml;

import java.io.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class VirtualHtml {
    private static final Logger LOG = LoggerFactory.getLogger(VirtualHtml.class);
    private String head;
    private String end;

    public VirtualHtml() {
    }

    public String getHead() {
        return head;
    }

    public String getEnd() {
        return end;
    }

    public void IOhandler(String a, String b) throws IOException {

        BufferedWriter bw = null;

        try {
            //v2. 4.경로 조작 및 자원 삽입_CWE-22/23/36/99 : Update by KWON,HAN
//            bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(b), "KSC5601"));
//            bw.write(getVirtualHtml(new FileInputStream(a)));
//            bw.flush();
//            bw.close();

            String svrFilename = b;
            if (svrFilename != null && !"".equals(svrFilename)) {
                // 수정 : 외부 입력값 필터링
                svrFilename = svrFilename.replaceAll("/","");
                svrFilename = svrFilename.replaceAll("\\","");
                //svrFilename = svrFilename.replaceAll(".","");
                //svrFilename = svrFilename.replaceAll("&","");

                LOG.debug("v2. 4.경로 조작 및 자원 삽입_CWE-22/23/36/99 : VirtualHtml.IOhandler svrFilename={} / Not Test", svrFilename);
                bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(b), "KSC5601"));
                if (bw != null) {
                    bw.write(getVirtualHtml(new FileInputStream(a)));
                    bw.flush();
                    bw.close();
                }
            }
            //================================================================

        } catch (IOException ioex) {
            ioex.printStackTrace();
        } finally {
            //v2 21.부적절한 자원 해제 (IO)_CWE-404 : Add by YOUNGJUN,CHO
            if (bw != null) {
                bw.close();
            }
            //++++++++++++++++++++++++++++++++++++++++++++++++
        }
    }

    public String getVirtualHtml(FileInputStream fis) throws IOException, UnsupportedEncodingException {

        InputStreamReader isr = null;
        BufferedReader br = null;

        String str = "";
        String html = "";

        int offset = 0;

        int opener_idx1 = 0;
        int closer_idx1 = 0;
        int opener_idx2 = 0;
        int closer_idx2 = 0;

        isr = new InputStreamReader(fis, "KSC5601");

        //15.부적절한 자원 해제(Reader/Writer)_CWE-404 : Add by KWON,HAN
        try {
        //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

            if (!isr.ready())
                    return null;

            br = new BufferedReader(isr);

        //15.부적절한 자원 해제(Reader/Writer)_CWE-404 : Add by KWON,HAN
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            isr.close();
        }
        //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

        //v2 36.경쟁조건 : 검사시점과 사용시점 (File)_CWE-367 : Update by YOUNGJUN,CHO
        /*
        str = br.readLine();

        while (str != null) {
                html = html + str + "\n";
                str = br.readLine();
        }
        */
        while ((str = br.readLine()) != null) {
                html = html + str + "\n";
        }
        //================================================

        opener_idx1 = html.indexOf("<!--");
        closer_idx1 = html.indexOf("-->");
        opener_idx2 = html.lastIndexOf("<!--");
        closer_idx2 = html.lastIndexOf("-->");

        if (opener_idx1 != -1) {

                this.head = html.substring(opener_idx1, closer_idx1 + 3);
                this.end = html.substring(opener_idx2, closer_idx2 + 3);

        } else {
                html.substring(offset, html.length());
        }

        if (closer_idx2 == -1) {
                offset = closer_idx2 + 1;
        }

        br.close();
        isr.close();
        fis.close();

        return html;

    }

}