Validate the path during ConfigFile upload

The IBM management console usecase - ConfigFile upload was allowing
to create or modify any file at the BMC when the path url is given
as below.
PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../../../<any file under root dir> --data-binary "junk data"

This commit adds validation to the "path" variable after the "ConfigFiles/"
in the url - so that only the ConfigFiles are created or modified.

The filename validation includes:
  Restrict the maximum filename length to 20 characters
  Restrict the allowed charaters to [A-Za-z0-9-]

The minimum size of the file allowed is 100 bytes
The maximum size of the file allowed is 500KB
Maximum total size of the ConfigFile directory at BMC file system allowed is 10MB

Tested by:

  1. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../../../etc/p2 --data-binary "some data"
     Bad Request

  2. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../etc/p2 --data-binary "some data"
     Bad Request

  3. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../etc/p2 --data-binary "some data"
     Bad Request

  4. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/etc/p2 --data-binary "some data"
     {
       "Description": "Error while creating the file"
     }

  5. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/mydir/p2 --data-binary "some data"
     {
       "Description": "Error while creating the file"
     }

  6. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/ --data-binary "some data"
     Not Found

  7. PUT https://${bmc}/ibm/v1/Host/ConfigFiles --data-binary "some data"
     Method Not Allowed

  8. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/../p2 --data-binary "some data"
     Bad Request

  9. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/p2 --data-binary "some data"
     {
       "Description": "Error while creating the file"
     }

  10. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/../../../p2 --data-binary "some data"
      Bad Request

  11. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/./../../p2 --data-binary "some data"
      Bad Request

  12. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/. --data-binary "some data"
      Bad Request

  13. PUT https://${bmc}/ibm/v1/Host/../ConfigFiles/p2 --data-binary "some data"
      Not Found

  14. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2 --data-binary "some data"
      {
        "Description": "File Created"
      }

  15. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2 --data-binary "some data"
      {
        "Description": "File Updated"
      }

  16. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2.ext --data-binary "some data"
      {
        "Description": "File Created"
      }
  17. Tested sending filename greater than 20 charaters
      Bad Request
  18. Tested sending filename with special charaters
      Bad Request
  19. Tested sending filesize less than 100bytes
      Bad request
  20. Tested sending filesize greater than 500KB
      Bad request
  21. Tested uploading the file when the directory size is nearly full
      Bad request
  22. Added unit test for isValidConfigFileName

Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: I838d39d5765ddc8701f7e5c533a93eebde021cbf
diff --git a/redfish-core/ut/configfile_test.cpp b/redfish-core/ut/configfile_test.cpp
new file mode 100644
index 0000000..9f6bc13
--- /dev/null
+++ b/redfish-core/ut/configfile_test.cpp
@@ -0,0 +1,71 @@
+#include "ibm/management_console_rest.hpp"
+#include "nlohmann/json.hpp"
+
+#include <string>
+
+#include "gmock/gmock.h"
+
+namespace crow
+{
+namespace ibm_mc
+{
+
+TEST(ConfigFileTest, FileNameValidChar)
+{
+    crow::Response res;
+
+    const std::string fileName = "GoodConfigFile";
+    EXPECT_TRUE(isValidConfigFileName(fileName, res));
+}
+TEST(ConfigFileTest, FileNameInvalidChar)
+{
+    crow::Response res;
+
+    const std::string fileName = "Bad@file";
+    EXPECT_FALSE(isValidConfigFileName(fileName, res));
+}
+TEST(ConfigFileTest, FileNameInvalidPath1)
+{
+    crow::Response res;
+
+    const std::string fileName = "/../../../../../etc/badpath";
+    EXPECT_FALSE(isValidConfigFileName(fileName, res));
+}
+TEST(ConfigFileTest, FileNameInvalidPath2)
+{
+    crow::Response res;
+
+    const std::string fileName = "/../../etc/badpath";
+    EXPECT_FALSE(isValidConfigFileName(fileName, res));
+}
+TEST(ConfigFileTest, FileNameInvalidPath3)
+{
+    crow::Response res;
+
+    const std::string fileName = "/mydir/configFile";
+    EXPECT_FALSE(isValidConfigFileName(fileName, res));
+}
+TEST(ConfigFileTest, FileNameNull)
+{
+    crow::Response res;
+
+    const std::string fileName = "";
+    EXPECT_FALSE(isValidConfigFileName(fileName, res));
+}
+TEST(ConfigFileTest, FileNameSlash)
+{
+    crow::Response res;
+
+    const std::string fileName = "/";
+    EXPECT_FALSE(isValidConfigFileName(fileName, res));
+}
+TEST(ConfigFileTest, FileNameMorethan20Char)
+{
+    crow::Response res;
+
+    const std::string fileName = "BadfileBadfileBadfile";
+    EXPECT_FALSE(isValidConfigFileName(fileName, res));
+}
+
+} // namespace ibm_mc
+} // namespace crow