+
/*-
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (c) 2019 Samsung
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
*
*
*/
-
package org.onap.portalapp.filter;
import java.io.BufferedReader;
import javax.servlet.FilterChain;
import javax.servlet.ReadListener;
+import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class SecurityXssFilter extends OncePerRequestFilter {
- private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
+ private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
private static final String APPLICATION_JSON = "application/json";
@Override
public void setReadListener(ReadListener readListener) {
- // do nothing
+
}
+
}
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
- throws IOException {
+ throws ServletException, IOException {
StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
- String queryString = request.getQueryString();
- String requestUrl;
-
- if (queryString == null) {
- requestUrl = requestURL.toString();
- } else {
- requestUrl = requestURL.append('?').append(queryString).toString();
- }
-
- validateRequest(requestUrl, response);
+ String queryString = request.getQueryString();
+ String requestUrl = "";
+ if (queryString == null) {
+ requestUrl = requestURL.toString();
+ } else {
+ requestUrl = requestURL.append('?').append(queryString).toString();
+ }
+ validateRequest(requestUrl, response);
StringBuilder headerValues = new StringBuilder();
Enumeration<String> headerNames = request.getHeaderNames();
-
while (headerNames.hasMoreElements()) {
- String key = headerNames.nextElement();
+ String key = (String) headerNames.nextElement();
String value = request.getHeader(key);
- headerValues.append(value);
+ headerValues.append(key + ":" + value + ";");
}
-
validateRequest(headerValues.toString(), response);
-
if (validateRequestType(request)) {
request = new RequestWrapper(request);
String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
validateRequest(requestData, response);
- }
+ filterChain.doFilter(request, response);
- try {
+ } else {
filterChain.doFilter(request, response);
- } catch (Exception e) {
- sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
- response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request");
}
}
throw new SecurityException(ERROR_BAD_REQUEST);
}
} catch (Exception e) {
- sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+ logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
response.getWriter().close();
+ return;
}
}
-}
+}
\ No newline at end of file
Code Review / portal.git / blobdiff