MAGETWO-89609: [Backport for 2.2.x] Improve import files validation

Author: svitja

app/code/Magento/CatalogImportExport/Model/Import/Uploader.php

@@ -241,6 +241,7 @@ protected function _validateFile()
 
         $fileExtension = pathinfo($filePath, PATHINFO_EXTENSION);
         if (!$this->checkAllowedExtension($fileExtension)) {
+            $this->_directory->delete($filePath);
             throw new \Exception('Disallowed file type.');
         }
         //run validate callbacks

dev/tests/integration/testsuite/Magento/CatalogImportExport/Model/Import/UploaderTest.php

@@ -0,0 +1,80 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\CatalogImportExport\Model\Import;
+
+use Magento\Framework\App\Bootstrap;
+use Magento\Framework\App\Filesystem\DirectoryList;
+
+/**
+ * Tests for the \Magento\CatalogImportExport\Model\Import\Uploader class.
+ */
+class UploaderTest extends \Magento\TestFramework\Indexer\TestCase
+{
+    /**
+     * @var \Magento\Framework\ObjectManagerInterface
+     */
+    private $objectManager;
+
+    /**
+     * @var \Magento\Framework\Filesystem\Directory\WriteInterface
+     */
+    private $directory;
+
+    /**
+     * @var \Magento\CatalogImportExport\Model\Import\Uploader
+     */
+    private $uploader;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp()
+    {
+        $this->objectManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager();
+        $this->uploader = $this->objectManager->create(\Magento\CatalogImportExport\Model\Import\Uploader::class);
+
+        $filesystem = $this->objectManager->create(\Magento\Framework\Filesystem::class);
+
+        $appParams = \Magento\TestFramework\Helper\Bootstrap::getInstance()
+            ->getBootstrap()
+            ->getApplication()
+            ->getInitParams()[Bootstrap::INIT_PARAM_FILESYSTEM_DIR_PATHS];
+        $mediaPath = $appParams[DirectoryList::MEDIA][DirectoryList::PATH];
+        $this->directory = $filesystem->getDirectoryWrite(DirectoryList::ROOT);
+        $tmpDir = $this->directory->getRelativePath($mediaPath . '/import');
+        $this->uploader->setTmpDir($tmpDir);
+
+        parent::setUp();
+    }
+
+    /**
+     * @magentoAppIsolation enabled
+     */
+    public function testMoveWithValidFile() : void
+    {
+        $fileName = 'magento_additional_image_one.jpg';
+        $filePath = $this->directory->getAbsolutePath($this->uploader->getTmpDir() . '/' . $fileName);
+        copy(__DIR__ . '/_files/' . $fileName, $filePath);
+        $this->uploader->move($fileName);
+        $this->assertTrue($this->directory->isExist($this->uploader->getTmpDir() . '/' . $fileName));
+    }
+
+    /**
+     * @magentoAppIsolation enabled
+     * @expectedException \Exception
+     */
+    public function testMoveWithInvalidFile() :void
+    {
+        $fileName = 'media_import_image.php';
+        $filePath = $this->directory->getAbsolutePath($this->uploader->getTmpDir() . '/' . $fileName);
+        copy(__DIR__ . '/_files/' . $fileName, $filePath);
+        $this->uploader->move($fileName);
+        $this->assertFalse($this->directory->isExist($this->uploader->getTmpDir() . '/' . $fileName));
+    }
+}