fix(core): Prevent hidden files from breaking the backend (#26280)

Refs: #25823
dotCMS · Sep 27, 2023 · 04111a7 · 04111a7
1 parent 5c27e3e
commit 04111a7
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/dotCMS/src/main/java/com/dotcms/rest/api/v1/asset/WebAssetHelper.java b/dotCMS/src/main/java/com/dotcms/rest/api/v1/asset/WebAssetHelper.java
@@ -40,6 +40,7 @@
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
+import java.util.function.Predicate;
 import java.util.stream.Collectors;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang3.BooleanUtils;
@@ -259,6 +260,18 @@ final List<Contentlet> collectAllVersions(final Builder builder)
         return List.of();
     }
 
+    /**
+     * This Predicate is used to deal with a very rare situation on which a file might not have binary metadata associated
+     * for example hidden files. In the rare event of a hidden file being uploaded to the system, we need to make sure they don't break the API response
+     */
+    Predicate<Contentlet> nonNullMetadata = c -> {
+        try {
+            return null != c.getBinaryMetadata(FileAssetAPI.BINARY_FIELD);
+        } catch (DotDataException e) {
+            return false;
+        }
+    };
+
     /**
      * Converts a list of folders to a list of {@link FolderView}
      * @param assets folders to convert
@@ -268,6 +281,7 @@ Iterable<AssetView> toAssets(final Collection<? extends Treeable> assets) {
 
         return assets.stream().filter(Contentlet.class::isInstance).map(Contentlet.class::cast)
                 .filter(Contentlet::isFileAsset)
+                .filter(nonNullMetadata)
                 .map(contentlet -> fileAssetAPI.fromContentlet(contentlet)).map(this::toAsset)
                 .collect(Collectors.toList());
     }

diff --git a/...li/src/main/java/com/dotcms/api/client/files/traversal/task/LocalFolderTraversalTask.java b/...li/src/main/java/com/dotcms/api/client/files/traversal/task/LocalFolderTraversalTask.java
@@ -679,12 +679,12 @@ private AssetView.Builder assetViewFromFile(AssetsUtils.LocalPathStructure local
     }
 
     /**
-     * FileFilter implementation to allow hidden files and folders and filter out system specific elements.
+     * FileFilter implementation to block hidden files and filter out system specific elements.
      */
     private static class HiddenFileFilter implements FileFilter {
         @Override
         public boolean accept(File file) {
-            return !file.getName().equalsIgnoreCase(".DS_Store");
+            return !(file.isFile() && file.isHidden());
         }
     }