From c748b65cd9de332da546bcf0a5da1b79b067d51f Mon Sep 17 00:00:00 2001
From: Sara Aspery <sara.aspery@alfresco.com>
Date: Tue, 23 Jan 2018 17:59:41 +0000
Subject: [PATCH] RM-5987 View Audit Log can crash Alfresco

---
 .../alfresco-global.properties                |  1 +
 .../rm-webscript-context.xml                  |  3 +++
 .../script/AuditLogGet.java                   | 23 +++++++++++++++++--
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
index 8fdbf91cbd..0df8fa38c8 100644
--- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
+++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
@@ -17,6 +17,7 @@ imap.server.attachments.extraction.enabled=false
 #
 audit.enabled=true
 audit.rm.enabled=true
+audit.rm.viewLog.maxSize=100
 #audit.rm.runas=admin
 
 #audit.filter.alfresco-access.transaction.user=~null;.*
diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
index d4f8b73a05..f1a6815869 100644
--- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
+++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
@@ -537,6 +537,9 @@
         <property name="namespaceService" ref="namespaceService" />
         <property name="capabilityService" ref="CapabilityService" />
         <property name="filePlanService" ref="FilePlanService" />
+        <property name="viewLogMaxSize">
+            <value>${audit.rm.viewLog.maxSize}</value>
+        </property>
     </bean>
 
    <!-- REST impl for GET Class Definitions for RM/DM -->
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/AuditLogGet.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/AuditLogGet.java
index 62307b2f79..de035737e0 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/AuditLogGet.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/AuditLogGet.java
@@ -57,6 +57,7 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
 
     private static final String PARAM_EXPORT = "export";
     private static final String ACCESS_AUDIT_CAPABILITY = "AccessAudit";
+    private static final int DEFAULT_VIEW_LOG_MAX_SIZE = 100;
 
     /** Content Streamer */
     protected ContentStreamer contentStreamer;
@@ -66,6 +67,9 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
 
     /** File plan service */
     protected FilePlanService filePlanService;
+    
+    /** Maximum number of entries to be displayed in View Audit Log */
+    private int viewLogMaxSize;
 
     /**
      * @param contentStreamer
@@ -86,13 +90,22 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
     
     /**
      * 
-     * @param capabilityService Capability Service
+     * @param filePlanService File Plan Service
      */
     public void setFilePlanService(FilePlanService filePlanService)
     {
         this.filePlanService = filePlanService;
     }
 
+    /**
+     * 
+     * @param viewLogMaxSize Maximum number of entries to be displayed in View Audit Log 
+     */
+    public void setViewLogMaxSize(int viewLogMaxSize)
+    {
+        this.viewLogMaxSize = (viewLogMaxSize <= 0 ? DEFAULT_VIEW_LOG_MAX_SIZE: viewLogMaxSize);
+    }
+
     @Override
     public void execute(WebScriptRequest req, WebScriptResponse res) throws IOException
     {
@@ -100,7 +113,6 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
 
         try
         {
-            
             RecordsManagementAuditQueryParameters queryParams = parseQueryParameters(req);
             ReportFormat reportFormat = parseReportFormat(req);
 
@@ -108,6 +120,13 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
             {
                 throw new WebScriptException(Status.STATUS_FORBIDDEN, "Access denied because the user does not have the Access Audit capability");
             }
+            
+            // limit the number of audit log entries to be returned
+            if (queryParams.getMaxEntries() == 0 || queryParams.getMaxEntries() > viewLogMaxSize)
+            {
+                queryParams.setMaxEntries(viewLogMaxSize);
+            }
+            
             // parse the parameters and get a file containing the audit trail
             auditTrail = this.rmAuditService.getAuditTrailFile(queryParams, reportFormat);