"Upload and apply" Error Message Should Be Handled More Gracefully

[LeoNerdoG]

If user is trying to upload and apply random file that is not a regular Kura Snapshot file, Kapua returns error message that is not very user-friendly (look at the screenshots).

Testflow:

1. Login as kapua-sys or any other user that has proper pemissions
2. Connect a live Kura device to Kapua (e.g. device0)
3. Go to Devices, select device0 and go to its Configuration -> Snapshots -> Upload and apply
4. Select a file that is not a Kura snapshot and try to upload it.
   Observe the error message that shows up.

Expected behavior
Kapua should throw a more generic error, e.g. "The file provided is not a valid Kura Snapshot. Please review the file and try again" or something similar.

Screenshot No. 1:

Screenshot No. 2:

Version of Kapua
1.1.0-SNAPSHOT

Type of deployment
[ ] Local Vagrant deployment
[x] Docker
[ ] Openshift (in its variants)
[ ] Others

Main component affected
[x] Console (in case of console please report info on which browser you encountered the problem)
[ ] REST API
[ ] Message Broker
[ ] - Others

Browsers used:

• Google Chrome (Version 69.0.3497.100 (Official Build) (64-bit))
• Safari (Version 12.0 (13604.3.5))
• Mozilla Firefox (63.0 (64-bit))
• Opera (Version 55.0.2994.44)

[LeoNerdoG]

Hey @Coduz @lorthirk,
I have a question regarding this matter. Aleksandra and I have been fixing/testing this and found out that user can enter file with any extension (e.g. snapshot.iooodifsodifo) and file will still get uploaded and applied (if the content is a proper Kura snapshot).
Is this OK, or should we limit the file extensions to .xml?

[Coduz]

Hi @LeoNerdoG ,

limiting to .xml can add some benefits.

An attacker can intentionally set a not XML file as .xml, but the regular user will be protected against this mistake.

Regards ,

Alberto

[LeoNerdoG]

I have verified that this issue has been successfully resolved.