Custom CSV generated in Mendix Exposing the absolute path of the server temp location
Hello All, I have a requirement where I am supposed to create a custom CSV File. To achieve this, I have written a Java Action which fetches the data from Database and then CSV File. The step-by-step process is as below. 1) Create a CSV File in the Mendix runtime temporary directory as below. Core.getConfiguration().getTempPath() 2) Once the empty file is written, I execute my business logic to fetch data from Database and start writing CSV data line by line into the above file using CSVWriter (openCSV library found by default in Mendix) 3) Once my File is ready in the temp location on the Mendix App Server, I want the User to download this File in Client Browser. So i need to convert the Java File into --> Mendix System.FileDocument entity so i can use Download File activity 4) To convert I am using the Community Commons.FileDocumentFromFile Java action 5) Return my FileDocument entity into the Microflow from the Java Action 6) Pass FileDocument to Download File Activity and it downloads the file in the Client browser window. Although this is working fine, when the file document is downloaded in Client, somehow the Filename of the CSV is the full absolute path of the File on the Server. This isposing a security risk as it is exposing the full absolute path of the file on the server and also we can easily tell our server is a windows based system which can be misused to launch any attacks. I have verfied the FileDocument Name is correct when i debug the microflow. It only holds the Filename eg: 20220530.csv But when the file is downloaded in Client browser it comes with below filename. F__MendixDeployment_Apps_SdcApp_Project_data_tmp_30052022_041125_TaskAreaVinExport.csv When i check in the temporary location it has only the filename. The issue happens when it is downloaded in the Client using Download File Activty in Microflow. I am not able to trace why this is happening.
did you check the file name after calling the Java action FileDocumentFromFile? If you did and the Name attribute only contains 20220530.csv and not the whole temp file location, then I think you should report this as a bug. As a temporary workaround, you could change the Name attribute to 20220530.csv just before the download activity.