import java.nio.file.Paths;
import java.util.Enumeration;
import java.util.regex.Pattern;
import java.nio.file.Paths;
import java.util.Enumeration;
import java.util.regex.Pattern;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
private static final String INVALID_REQUEST_URI = "Invalid request URI. Expecting <feed-publishing-url>/<fileid>.";
private static final String IO_EXCEPTION = "IOException";
private static final String ON_BEHALF_OF = "X-DMAAP-DR-ON-BEHALF-OF";
private static final String INVALID_REQUEST_URI = "Invalid request URI. Expecting <feed-publishing-url>/<fileid>.";
private static final String IO_EXCEPTION = "IOException";
private static final String ON_BEHALF_OF = "X-DMAAP-DR-ON-BEHALF-OF";
- private static NodeConfigManager config;
- private static Pattern metaDataPattern;
- private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServlet.class);
+ private final NodeConfigManager config;
+ private static final Pattern metaDataPattern;
+ private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServlet.class);
}
private boolean down(HttpServletResponse resp) {
if (config.isShutdown() || !config.isConfigured()) {
sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, eelfLogger);
}
private boolean down(HttpServletResponse resp) {
if (config.isShutdown() || !config.isConfigured()) {
sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, eelfLogger);
- eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
- getIdFromPath(req) + "");
+ eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
+ getIdFromPath(req) + "");
} else if (path.startsWith("/internal/resetSubscription/")) {
String subid = path.substring(28);
if (subid.length() != 0 && subid.indexOf('/') == -1) {
} else if (path.startsWith("/internal/resetSubscription/")) {
String subid = path.substring(28);
if (subid.length() != 0 && subid.indexOf('/') == -1) {
sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, eelfLogger);
} finally {
eelfLogger.info(EelfMsgs.EXIT);
sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, eelfLogger);
} finally {
eelfLogger.info(EelfMsgs.EXIT);
NodeUtils.setIpAndFqdnForEelf("doPut");
NodeUtils.setRequestIdAndInvocationId(req);
eelfLogger.info(EelfMsgs.ENTRY);
NodeUtils.setIpAndFqdnForEelf("doPut");
NodeUtils.setRequestIdAndInvocationId(req);
eelfLogger.info(EelfMsgs.ENTRY);
- eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
- getIdFromPath(req) + "");
+ eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
+ getIdFromPath(req) + "");
NodeUtils.setIpAndFqdnForEelf("doDelete");
NodeUtils.setRequestIdAndInvocationId(req);
eelfLogger.info(EelfMsgs.ENTRY);
NodeUtils.setIpAndFqdnForEelf("doDelete");
NodeUtils.setRequestIdAndInvocationId(req);
eelfLogger.info(EelfMsgs.ENTRY);
- eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
- getIdFromPath(req) + "");
+ eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
+ getIdFromPath(req) + "");
try {
common(req, resp, false);
} catch (IOException ioe) {
try {
common(req, resp, false);
} catch (IOException ioe) {
String lip = req.getLocalAddr();
String pubid = null;
String rcvd = NodeUtils.logts(System.currentTimeMillis()) + ";from=" + ip + ";by=" + lip;
String lip = req.getLocalAddr();
String pubid = null;
String rcvd = NodeUtils.logts(System.currentTimeMillis()) + ";from=" + ip + ";by=" + lip;
boolean isAAFFeed = false;
if (fileid.startsWith("/delete/")) {
deleteFile(req, resp, fileid, pubid);
boolean isAAFFeed = false;
if (fileid.startsWith("/delete/")) {
deleteFile(req, resp, fileid, pubid);
String credentials = req.getHeader("Authorization");
if (credentials == null) {
eelfLogger.error("NODE0306 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + FROM + req
String credentials = req.getHeader("Authorization");
if (credentials == null) {
eelfLogger.error("NODE0306 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + FROM + req
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Authorization header required");
eelfLogger.info(EelfMsgs.EXIT);
return;
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Authorization header required");
eelfLogger.info(EelfMsgs.EXIT);
return;
int index = fileid.indexOf('/');
if (index == -1 || index == fileid.length() - 1) {
eelfLogger.error("NODE0205 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
int index = fileid.indexOf('/');
if (index == -1 || index == fileid.length() - 1) {
eelfLogger.error("NODE0205 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
if (!("legacy".equalsIgnoreCase(aafInstance))) {
isAAFFeed = true;
String permission = config.getPermission(aafInstance);
if (!("legacy".equalsIgnoreCase(aafInstance))) {
isAAFFeed = true;
String permission = config.getPermission(aafInstance);
//Check in CADI Framework API if user has AAF permission or not
if (!req.isUserInRole(permission)) {
String message = "AAF disallows access to permission string - " + permission;
eelfLogger.error("NODE0307 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo()
//Check in CADI Framework API if user has AAF permission or not
if (!req.isUserInRole(permission)) {
String message = "AAF disallows access to permission string - " + permission;
eelfLogger.error("NODE0307 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo()
resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
eelfLogger.info(EelfMsgs.EXIT);
return;
resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
eelfLogger.info(EelfMsgs.EXIT);
return;
user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing
targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING"));
} else {
eelfLogger.error("NODE0204 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing
targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING"));
} else {
eelfLogger.error("NODE0204 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
eelfLogger.info(EelfMsgs.EXIT);
return;
}
if (fileid.indexOf('/') != -1) {
eelfLogger.error("NODE0202 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
eelfLogger.info(EelfMsgs.EXIT);
return;
}
if (fileid.indexOf('/') != -1) {
eelfLogger.error("NODE0202 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
String reason = config.isPublishPermitted(feedid, credentials, ip);
if (reason != null) {
eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil
String reason = config.isPublishPermitted(feedid, credentials, ip);
if (reason != null) {
eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil
- .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil
- .cleanString(ip) + " reason " + PathUtil.cleanString(reason));
+ .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil
+ .cleanString(ip) + " reason " + PathUtil.cleanString(reason));
resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason);
eelfLogger.info(EelfMsgs.EXIT);
return;
resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason);
eelfLogger.info(EelfMsgs.EXIT);
return;
String reason = config.isPublishPermitted(feedid, ip);
if (reason != null) {
eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil
String reason = config.isPublishPermitted(feedid, ip);
if (reason != null) {
eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil
- .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil
- .cleanString(ip) + " reason Invalid AAF user- " + PathUtil.cleanString(reason));
+ .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil
+ .cleanString(ip) + " reason Invalid AAF user- " + PathUtil.cleanString(reason));
- eelfLogger.info("NODE0308 Rejecting unauthenticated PUT or DELETE of " + PathUtil
- .cleanString(req.getPathInfo()) + FROM + PathUtil.cleanString(req.getRemoteAddr()));
+ eelfLogger.debug("NODE0308 Rejecting unauthenticated PUT or DELETE of " + PathUtil
+ .cleanString(req.getPathInfo()) + FROM + PathUtil.cleanString(req.getRemoteAddr()));
- .info("NODE0108 Redirecting publish attempt for feed " + PathUtil.cleanString(feedid) + USER
- + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " to " + PathUtil
- .cleanString(redirto)); //Fortify scan fixes - log forging
+ .debug("NODE0108 Redirecting publish attempt for feed " + PathUtil.cleanString(feedid) + USER
+ + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " to " + PathUtil
+ .cleanString(redirto)); //Fortify scan fixes - log forging
resp.sendRedirect(PathUtil.cleanString(redirto)); //Fortify scan fixes-open redirect - 2 issues
eelfLogger.info(EelfMsgs.EXIT);
return;
resp.sendRedirect(PathUtil.cleanString(redirto)); //Fortify scan fixes-open redirect - 2 issues
eelfLogger.info(EelfMsgs.EXIT);
return;
try {
StringBuilder mx = new StringBuilder();
mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
try {
StringBuilder mx = new StringBuilder();
mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
String ctype = null;
boolean hasRequestIdHeader = false;
boolean hasInvocationIdHeader = false;
while (hnames.hasMoreElements()) {
String ctype = null;
boolean hasRequestIdHeader = false;
boolean hasInvocationIdHeader = false;
while (hnames.hasMoreElements()) {
- || "content-language".equals(hnlc)
- || "content-md5".equals(hnlc)
- || "content-range".equals(hnlc)))
- || "x-dmaap-dr-meta".equals(hnlc)
- || (feedid == null && "x-dmaap-dr-received".equals(hnlc))
- || (hnlc.startsWith("x-") && !hnlc.startsWith("x-dmaap-dr-"))) {
- Enumeration hvals = req.getHeaders(hn);
+ || "content-language".equals(hnlc)
+ || "content-md5".equals(hnlc)
+ || "content-range".equals(hnlc)))
+ || "x-dmaap-dr-meta".equals(hnlc)
+ || (feedid == null && "x-dmaap-dr-received".equals(hnlc))
+ || (hnlc.startsWith("x-") && !hnlc.startsWith("x-dmaap-dr-"))) {
+ Enumeration<String> hvals = req.getHeaders(hn);
if ("x-dmaap-dr-meta".equals(hnlc)) {
if (hv.length() > 4096) {
eelfLogger.error("NODE0109 Rejecting publish attempt with metadata too long for feed "
if ("x-dmaap-dr-meta".equals(hnlc)) {
if (hv.length() > 4096) {
eelfLogger.error("NODE0109 Rejecting publish attempt with metadata too long for feed "
- + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
- + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
+ + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
+ + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Metadata too long");
eelfLogger.info(EelfMsgs.EXIT);
return;
}
if (!metaDataPattern.matcher(hv.replaceAll("\\\\.", "X")).matches()) {
eelfLogger.error("NODE0109 Rejecting publish attempt with malformed metadata for feed "
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Metadata too long");
eelfLogger.info(EelfMsgs.EXIT);
return;
}
if (!metaDataPattern.matcher(hv.replaceAll("\\\\.", "X")).matches()) {
eelfLogger.error("NODE0109 Rejecting publish attempt with malformed metadata for feed "
- + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
- + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
+ + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
+ + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Malformed metadata");
eelfLogger.info(EelfMsgs.EXIT);
return;
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Malformed metadata");
eelfLogger.info(EelfMsgs.EXIT);
return;
String message = writeInputStreamToFile(req, data);
if (message != null) {
StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
String message = writeInputStreamToFile(req, data);
if (message != null) {
StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
throw new IOException(message);
}
Path dpath = Paths.get(fbase);
for (Target t : targets) {
DestInfo di = t.getDestInfo();
if (di == null) {
throw new IOException(message);
}
Path dpath = Paths.get(fbase);
for (Target t : targets) {
DestInfo di = t.getDestInfo();
if (di == null) {
Files.createLink(Paths.get(dbase), dpath);
mw = new FileWriter(meta);
mw.write(metadata);
Files.createLink(Paths.get(dbase), dpath);
mw = new FileWriter(meta);
mw.write(metadata);
}
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
try {
resp.getOutputStream().close();
} catch (IOException ioe) {
StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
}
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
try {
resp.getOutputStream().close();
} catch (IOException ioe) {
StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
//Fortify scan fixes - log forging
eelfLogger.error("NODE0110 IO Exception while closing IO stream " + PathUtil.cleanString(feedid)
//Fortify scan fixes - log forging
eelfLogger.error("NODE0110 IO Exception while closing IO stream " + PathUtil.cleanString(feedid)
throw ioe;
}
StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user,
throw ioe;
}
StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user,
} catch (IOException ioe) {
eelfLogger.error("NODE0110 IO Exception receiving publish attempt for feed " + feedid + USER + user
} catch (IOException ioe) {
eelfLogger.error("NODE0110 IO Exception receiving publish attempt for feed " + feedid + USER + user
+ private String generateAndValidatePublishId(HttpServletRequest req) throws IOException {
+ String newPubId = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
+
+ String regex = ".*";
+
+ if(newPubId.matches(regex)){
+ return newPubId;
+ }
+ throw new IOException("Invalid Header X-DMAAP-DR-PUBLISH-ID");
+ }
+
private String writeInputStreamToFile(HttpServletRequest req, File data) {
byte[] buf = new byte[1024 * 1024];
int bytesRead;
try (OutputStream dos = new FileOutputStream(data);
private String writeInputStreamToFile(HttpServletRequest req, File data) {
byte[] buf = new byte[1024 * 1024];
int bytesRead;
try (OutputStream dos = new FileOutputStream(data);
while ((bytesRead = is.read(buf)) > 0) {
dos.write(buf, 0, bytesRead);
}
while ((bytesRead = is.read(buf)) > 0) {
dos.write(buf, 0, bytesRead);
}
int index = fileid.indexOf('/');
if (index == -1 || index == fileid.length() - 1) {
eelfLogger.error("NODE0112 Rejecting bad URI for DELETE of " + req.getPathInfo() + FROM + req
int index = fileid.indexOf('/');
if (index == -1 || index == fileid.length() - 1) {
eelfLogger.error("NODE0112 Rejecting bad URI for DELETE of " + req.getPathInfo() + FROM + req
int subId = Integer.parseInt(subscriptionId);
pubid = fileid.substring(index + 1);
String errorMessage = "Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
int subId = Integer.parseInt(subscriptionId);
pubid = fileid.substring(index + 1);
String errorMessage = "Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
int subIdDir = subId - (subId % 100);
if (!isAuthorizedToDelete(resp, subscriptionId, errorMessage)) {
return;
}
boolean result = delivery.markTaskSuccess(config.getSpoolBase() + "/s/" + subIdDir + "/" + subId, pubid);
if (result) {
int subIdDir = subId - (subId % 100);
if (!isAuthorizedToDelete(resp, subscriptionId, errorMessage)) {
return;
}
boolean result = delivery.markTaskSuccess(config.getSpoolBase() + "/s/" + subIdDir + "/" + subId, pubid);
if (result) {
}
} catch (IOException ioe) {
eelfLogger.error("NODE0117 Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
}
} catch (IOException ioe) {
eelfLogger.error("NODE0117 Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "https required on publish requests");
eelfLogger.info(EelfMsgs.EXIT);
return null;
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "https required on publish requests");
eelfLogger.info(EelfMsgs.EXIT);
return null;
String fileid = req.getPathInfo();
if (fileid == null) {
eelfLogger.error("NODE0201 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
String fileid = req.getPathInfo();
if (fileid == null) {
eelfLogger.error("NODE0201 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
}
private boolean isAuthorizedToDelete(HttpServletResponse resp, String subscriptionId, String errorMessage)
}
private boolean isAuthorizedToDelete(HttpServletResponse resp, String subscriptionId, String errorMessage)
try {
boolean deletePermitted = config.isDeletePermitted(subscriptionId);
if (!deletePermitted) {
eelfLogger.error("NODE0113 " + errorMessage + " Error: Subscription "
try {
boolean deletePermitted = config.isDeletePermitted(subscriptionId);
if (!deletePermitted) {
eelfLogger.error("NODE0113 " + errorMessage + " Error: Subscription "
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
eelfLogger.info(EelfMsgs.EXIT);
return false;
}
} catch (NullPointerException npe) {
eelfLogger.error("NODE0114 " + errorMessage + " Error: Subscription " + subscriptionId
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
eelfLogger.info(EelfMsgs.EXIT);
return false;
}
} catch (NullPointerException npe) {
eelfLogger.error("NODE0114 " + errorMessage + " Error: Subscription " + subscriptionId