X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-node%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fnode%2FNodeServlet.java;h=4dbe0e754972af0224a2e9765ddb81042ff3e017;hb=HEAD;hp=d665080b54606388f4f419eb8a71ed8cb6a25dda;hpb=15b5a700e4d2ea3572d38ccf1a8120040e23a038;p=dmaap%2Fdatarouter.git
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index d665080b..4dbe0e75 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -24,15 +24,11 @@
package org.onap.dmaap.datarouter.node;
+import static org.onap.dmaap.datarouter.node.utils.NodeUtils.sendResponseError;
+
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
-import org.jetbrains.annotations.Nullable;
-import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
-import org.slf4j.MDC;
-
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServlet;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
@@ -45,13 +41,19 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Enumeration;
import java.util.regex.Pattern;
-
-import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.jetbrains.annotations.Nullable;
+import org.onap.dmaap.datarouter.node.delivery.Delivery;
+import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
+import org.onap.dmaap.datarouter.node.log.StatusLog;
+import org.onap.dmaap.datarouter.node.utils.NodeUtils;
+import org.slf4j.MDC;
/**
- * Servlet for handling all http and https requests to the data router node
- *
- * Handled requests are:
+ * Servlet for handling all http and https requests to the data router node.
+ *
+ *
Handled requests are:
*
* GET http://node/internal/fetchProv - fetch the provisioning data
*
@@ -61,47 +63,51 @@ import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError;
*/
public class NodeServlet extends HttpServlet {
- private static NodeConfigManager config;
- private static Pattern MetaDataPattern;
- private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServlet.class);
- private final Delivery delivery;
+ private static final String FROM = " from ";
+ private static final String INVALID_REQUEST_URI = "Invalid request URI. Expecting /.";
+ private static final String IO_EXCEPTION = "IOException";
+ private static final String ON_BEHALF_OF = "X-DMAAP-DR-ON-BEHALF-OF";
+ private final NodeConfigManager config;
+ private static final Pattern metaDataPattern;
+ private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServlet.class);
static {
final String ws = "\\s*";
// assume that \\ and \" have been replaced by X
final String string = "\"[^\"]*\"";
- //String string = "\"(?:[^\"\\\\]|\\\\.)*\"";
final String number = "[+-]?(?:\\.\\d+|(?:0|[1-9]\\d*)(?:\\.\\d*)?)(?:[eE][+-]?\\d+)?";
final String value = "(?:" + string + "|" + number + "|null|true|false)";
final String item = string + ws + ":" + ws + value + ws;
final String object = ws + "\\{" + ws + "(?:" + item + "(?:" + "," + ws + item + ")*)?\\}" + ws;
- MetaDataPattern = Pattern.compile(object, Pattern.DOTALL);
+ metaDataPattern = Pattern.compile(object, Pattern.DOTALL);
}
- NodeServlet(Delivery delivery) {
+ private final Delivery delivery;
+
+ NodeServlet(Delivery delivery, NodeConfigManager nodeConfigManager) {
+ config = nodeConfigManager;
this.delivery = delivery;
}
/**
- * Get the NodeConfigurationManager
+ * Get the NodeConfigurationManager.
*/
@Override
public void init() {
- config = NodeConfigManager.getInstance();
- eelfLogger.info("NODE0101 Node Servlet Configured");
+ eelfLogger.debug("NODE0101 Node Servlet Configured");
}
- private boolean down(HttpServletResponse resp) throws IOException {
+ private boolean down(HttpServletResponse resp) {
if (config.isShutdown() || !config.isConfigured()) {
sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, eelfLogger);
- eelfLogger.info("NODE0102 Rejecting request: Service is being quiesced");
+ eelfLogger.error("NODE0102 Rejecting request: Service is being quiesced");
return true;
}
return false;
}
/**
- * Handle a GET for /internal/fetchProv
+ * Handle a GET for /internal/fetchProv.
*/
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
@@ -109,15 +115,10 @@ public class NodeServlet extends HttpServlet {
NodeUtils.setRequestIdAndInvocationId(req);
eelfLogger.info(EelfMsgs.ENTRY);
try {
- eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
- getIdFromPath(req) + "");
- try {
- if (down(resp)) {
- return;
- }
-
- } catch (IOException ioe) {
- eelfLogger.error("IOException", ioe);
+ eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
+ getIdFromPath(req) + "");
+ if (down(resp)) {
+ return;
}
String path = req.getPathInfo();
String qs = req.getQueryString();
@@ -132,13 +133,13 @@ public class NodeServlet extends HttpServlet {
} else if (path.startsWith("/internal/resetSubscription/")) {
String subid = path.substring(28);
if (subid.length() != 0 && subid.indexOf('/') == -1) {
- NodeMain.resetQueue(subid, ip);
+ NodeServer.resetQueue(subid, ip);
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
return;
}
}
- eelfLogger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip);
+ eelfLogger.debug("NODE0103 Rejecting invalid GET of " + path + FROM + ip);
sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, eelfLogger);
} finally {
eelfLogger.info(EelfMsgs.EXIT);
@@ -146,103 +147,85 @@ public class NodeServlet extends HttpServlet {
}
/**
- * Handle all PUT requests
+ * Handle all PUT requests.
*/
@Override
protected void doPut(HttpServletRequest req, HttpServletResponse resp) {
NodeUtils.setIpAndFqdnForEelf("doPut");
NodeUtils.setRequestIdAndInvocationId(req);
eelfLogger.info(EelfMsgs.ENTRY);
- eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
- getIdFromPath(req) + "");
+ eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
+ getIdFromPath(req) + "");
try {
common(req, resp, true);
} catch (IOException ioe) {
- eelfLogger.error("IOException", ioe);
+ eelfLogger.error(IO_EXCEPTION, ioe);
eelfLogger.info(EelfMsgs.EXIT);
}
}
/**
- * Handle all DELETE requests
+ * Handle all DELETE requests.
*/
@Override
protected void doDelete(HttpServletRequest req, HttpServletResponse resp) {
NodeUtils.setIpAndFqdnForEelf("doDelete");
NodeUtils.setRequestIdAndInvocationId(req);
eelfLogger.info(EelfMsgs.ENTRY);
- eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
- getIdFromPath(req) + "");
+ eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
+ getIdFromPath(req) + "");
try {
common(req, resp, false);
} catch (IOException ioe) {
- eelfLogger.error("IOException", ioe);
+ eelfLogger.error(IO_EXCEPTION, ioe);
eelfLogger.info(EelfMsgs.EXIT);
}
}
private void common(HttpServletRequest req, HttpServletResponse resp, boolean isput) throws IOException {
+ final String PUBLISH = "/publish/";
+ final String INTERNAL_PUBLISH = "/internal/publish/";
+ final String HTTPS = "https://";
+ final String USER = " user ";
String fileid = getFileId(req, resp);
- if (fileid == null) return;
+ if (fileid == null) {
+ return;
+ }
String feedid = null;
String user = null;
String ip = req.getRemoteAddr();
String lip = req.getLocalAddr();
String pubid = null;
- String xpubid = null;
String rcvd = NodeUtils.logts(System.currentTimeMillis()) + ";from=" + ip + ";by=" + lip;
- Target[] targets = null;
- boolean isAAFFeed = false;
+ Target[] targets;
if (fileid.startsWith("/delete/")) {
deleteFile(req, resp, fileid, pubid);
return;
}
String credentials = req.getHeader("Authorization");
if (credentials == null) {
- eelfLogger.error("NODE0106 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ eelfLogger.error("NODE0306 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + FROM + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Authorization header required");
eelfLogger.info(EelfMsgs.EXIT);
return;
}
- if (fileid.startsWith("/publish/")) {
+ if (fileid.startsWith(PUBLISH)) {
fileid = fileid.substring(9);
- int i = fileid.indexOf('/');
- if (i == -1 || i == fileid.length() - 1) {
- eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ int index = fileid.indexOf('/');
+ if (index == -1 || index == fileid.length() - 1) {
+ eelfLogger.error("NODE0205 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /. Possible missing fileid.");
+ "Invalid request URI. Expecting /. Possible missing fileid.");
eelfLogger.info(EelfMsgs.EXIT);
return;
}
- feedid = fileid.substring(0, i);
-
- if (config.getCadiEnabeld()) {
- String path = req.getPathInfo();
- if (!path.startsWith("/internal") && feedid != null) {
- String aafInstance = config.getAafInstance(feedid);
- if (!(aafInstance.equalsIgnoreCase("legacy"))) {
- isAAFFeed = true;
- String permission = config.getPermission(aafInstance);
- eelfLogger.info("NodeServlet.common() permission string - " + permission);
- //Check in CADI Framework API if user has AAF permission or not
- if (!req.isUserInRole(permission)) {
- String message = "AAF disallows access to permission string - " + permission;
- eelfLogger.error("NODE0106 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + " from " + req.getRemoteAddr());
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
- eelfLogger.info(EelfMsgs.EXIT);
- return;
- }
- }
- }
- }
-
- fileid = fileid.substring(i + 1);
+ feedid = fileid.substring(0, index);
+ fileid = fileid.substring(index + 1);
pubid = config.getPublishId();
- xpubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
targets = config.getTargets(feedid);
- } else if (fileid.startsWith("/internal/publish/")) {
+ } else if (fileid.startsWith(INTERNAL_PUBLISH)) {
if (!config.isAnotherNode(credentials, ip)) {
eelfLogger.error("NODE0107 Rejecting unauthorized node-to-node transfer attempt from " + ip);
resp.sendError(HttpServletResponse.SC_FORBIDDEN);
@@ -250,22 +233,21 @@ public class NodeServlet extends HttpServlet {
return;
}
fileid = fileid.substring(18);
- pubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
- user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing
+ pubid = generateAndValidatePublishId(req);
targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING"));
} else {
- eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ eelfLogger.error("NODE0204 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /.");
+ INVALID_REQUEST_URI);
eelfLogger.info(EelfMsgs.EXIT);
return;
}
if (fileid.indexOf('/') != -1) {
- eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ eelfLogger.error("NODE0202 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /.");
+ INVALID_REQUEST_URI);
eelfLogger.info(EelfMsgs.EXIT);
return;
}
@@ -278,37 +260,18 @@ public class NodeServlet extends HttpServlet {
if (xp != 443) {
hp = hp + ":" + xp;
}
- String logurl = "https://" + hp + "/internal/publish/" + fileid;
+ String logurl = HTTPS + hp + INTERNAL_PUBLISH + fileid;
if (feedid != null) {
- logurl = "https://" + hp + "/publish/" + feedid + "/" + fileid;
- //Cadi code starts
- if (!isAAFFeed) {
- String reason = config.isPublishPermitted(feedid, credentials, ip);
- if (reason != null) {
- eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil.cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + " from " + PathUtil.cleanString(ip) + " reason " + PathUtil.cleanString(reason));
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason);
- eelfLogger.info(EelfMsgs.EXIT);
- return;
- }
- user = config.getAuthUser(feedid, credentials);
- } else {
- String reason = config.isPublishPermitted(feedid, ip);
- if (reason != null) {
- eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil.cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + " from " + PathUtil.cleanString(ip) + " reason Invalid AAF user- " + PathUtil.cleanString(reason));
- String message = "Invalid AAF user- " + PathUtil.cleanString(reason);
- eelfLogger.info("NODE0106 Rejecting unauthenticated PUT or DELETE of " + PathUtil.cleanString(req.getPathInfo()) + " from " + PathUtil.cleanString(req.getRemoteAddr()));
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
- return;
- }
- if ((req.getUserPrincipal() != null) && (req.getUserPrincipal().getName() != null)) {
- String userName = req.getUserPrincipal().getName();
- String[] attid = userName.split("@");
- user = attid[0];
- } else {
- user = "AAFUser";
- }
+ logurl = HTTPS + hp + PUBLISH + feedid + "/" + fileid;
+ String reason = config.isPublishPermitted(feedid, credentials, ip);
+ if (reason != null) {
+ eelfLogger.info("NODE0111 Rejecting unauthorized publish attempt to feed " + feedid + " fileid "
+ + fileid + " from " + ip + " reason " + reason);
+ resp.sendError(javax.servlet.http.HttpServletResponse.SC_FORBIDDEN, reason);
+ eelfLogger.info(EelfMsgs.EXIT);
+ return;
}
- //Cadi code Ends
+ user = config.getAuthUser(feedid, credentials);
String newnode = config.getIngressNode(feedid, user, ip);
if (newnode != null) {
String port = "";
@@ -316,43 +279,44 @@ public class NodeServlet extends HttpServlet {
if (iport != 443) {
port = ":" + iport;
}
- String redirto = "https://" + newnode + port + "/publish/" + feedid + "/" + fileid;
- eelfLogger.info("NODE0108 Redirecting publish attempt for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " to " + PathUtil.cleanString(redirto)); //Fortify scan fixes - log forging
+ String redirto = HTTPS + newnode + port + PUBLISH + feedid + "/" + fileid;
+ eelfLogger
+ .debug("NODE0108 Redirecting publish attempt for feed " + PathUtil.cleanString(feedid) + USER
+ + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " to " + PathUtil
+ .cleanString(redirto)); //Fortify scan fixes - log forging
resp.sendRedirect(PathUtil.cleanString(redirto)); //Fortify scan fixes-open redirect - 2 issues
eelfLogger.info(EelfMsgs.EXIT);
return;
}
resp.setHeader("X-DMAAP-DR-PUBLISH-ID", pubid);
}
- if (req.getPathInfo().startsWith("/internal/publish/")) {
+ if (req.getPathInfo().startsWith(INTERNAL_PUBLISH)) {
feedid = req.getHeader("X-DMAAP-DR-FEED-ID");
}
String fbase = PathUtil.cleanString(config.getSpoolDir() + "/" + pubid); //Fortify scan fixes-Path manipulation
File data = new File(fbase);
File meta = new File(fbase + ".M");
- OutputStream dos = null;
Writer mw = null;
- InputStream is = null;
try {
- StringBuffer mx = new StringBuffer();
+ StringBuilder mx = new StringBuilder();
mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
- Enumeration hnames = req.getHeaderNames();
+ Enumeration hnames = req.getHeaderNames();
String ctype = null;
boolean hasRequestIdHeader = false;
boolean hasInvocationIdHeader = false;
while (hnames.hasMoreElements()) {
- String hn = (String) hnames.nextElement();
+ String hn = hnames.nextElement();
String hnlc = hn.toLowerCase();
- if ((isput && ("content-type".equals(hnlc) ||
- "content-language".equals(hnlc) ||
- "content-md5".equals(hnlc) ||
- "content-range".equals(hnlc))) ||
- "x-dmaap-dr-meta".equals(hnlc) ||
- (feedid == null && "x-dmaap-dr-received".equals(hnlc)) ||
- (hnlc.startsWith("x-") && !hnlc.startsWith("x-dmaap-dr-"))) {
- Enumeration hvals = req.getHeaders(hn);
+ if ((isput && ("content-type".equals(hnlc)
+ || "content-language".equals(hnlc)
+ || "content-md5".equals(hnlc)
+ || "content-range".equals(hnlc)))
+ || "x-dmaap-dr-meta".equals(hnlc)
+ || (feedid == null && "x-dmaap-dr-received".equals(hnlc))
+ || (hnlc.startsWith("x-") && !hnlc.startsWith("x-dmaap-dr-"))) {
+ Enumeration hvals = req.getHeaders(hn);
while (hvals.hasMoreElements()) {
- String hv = (String) hvals.nextElement();
+ String hv = hvals.nextElement();
if ("content-type".equals(hnlc)) {
ctype = hv;
}
@@ -364,13 +328,17 @@ public class NodeServlet extends HttpServlet {
}
if ("x-dmaap-dr-meta".equals(hnlc)) {
if (hv.length() > 4096) {
- eelfLogger.error("NODE0109 Rejecting publish attempt with metadata too long for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
+ eelfLogger.error("NODE0109 Rejecting publish attempt with metadata too long for feed "
+ + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
+ + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Metadata too long");
eelfLogger.info(EelfMsgs.EXIT);
return;
}
- if (!MetaDataPattern.matcher(hv.replaceAll("\\\\.", "X")).matches()) {
- eelfLogger.error("NODE0109 Rejecting publish attempt with malformed metadata for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
+ if (!metaDataPattern.matcher(hv.replaceAll("\\\\.", "X")).matches()) {
+ eelfLogger.error("NODE0109 Rejecting publish attempt with malformed metadata for feed "
+ + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
+ + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Malformed metadata");
eelfLogger.info(EelfMsgs.EXIT);
return;
@@ -388,37 +356,22 @@ public class NodeServlet extends HttpServlet {
}
mx.append("X-DMAAP-DR-RECEIVED\t").append(rcvd).append('\n');
String metadata = mx.toString();
- byte[] buf = new byte[1024 * 1024];
- int i;
- try {
- is = req.getInputStream();
- dos = new FileOutputStream(data);
- while ((i = is.read(buf)) > 0) {
- dos.write(buf, 0, i);
- }
- is.close();
- is = null;
- dos.close();
- dos = null;
- } catch (IOException ioe) {
- long exlen = -1;
- try {
- exlen = Long.parseLong(req.getHeader("Content-Length"));
- } catch (Exception e) {
- eelfLogger.error("NODE0529 Exception common: " + e);
- }
- StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user, ioe.getMessage());
- eelfLogger.info(EelfMsgs.EXIT);
- throw ioe;
+ long exlen = getExlen(req);
+ String message = writeInputStreamToFile(req, data);
+ if (message != null) {
+ StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
+ message);
+ throw new IOException(message);
}
Path dpath = Paths.get(fbase);
for (Target t : targets) {
DestInfo di = t.getDestInfo();
if (di == null) {
- // TODO: unknown destination
+ //Handle this? : unknown destination
continue;
}
- String dbase = PathUtil.cleanString(di.getSpool() + "/" + pubid); //Fortify scan fixes-Path Manipulation
+ String dbase = PathUtil
+ .cleanString(di.getSpool() + "/" + pubid); //Fortify scan fixes-Path Manipulation
Files.createLink(Paths.get(dbase), dpath);
mw = new FileWriter(meta);
mw.write(metadata);
@@ -426,46 +379,31 @@ public class NodeServlet extends HttpServlet {
mw.write("X-DMAAP-DR-ROUTING\t" + t.getRouting() + "\n");
}
mw.close();
- meta.renameTo(new File(dbase + ".M"));
-
+ if (!meta.renameTo(new File(dbase + ".M"))) {
+ eelfLogger.error("Rename of file " + dbase + " failed.");
+ }
}
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
try {
resp.getOutputStream().close();
} catch (IOException ioe) {
- long exlen = -1;
- try {
- exlen = Long.parseLong(req.getHeader("Content-Length"));
- } catch (Exception e) {
- eelfLogger.error("NODE00000 Exception common", e);
- }
- StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user, ioe.getMessage());
+ StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
+ ioe.getMessage());
//Fortify scan fixes - log forging
- eelfLogger.error("NODE0110 IO Exception while closing IO stream " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " " + ioe.toString(), ioe);
-
+ eelfLogger.error("NODE0110 IO Exception while closing IO stream " + PathUtil.cleanString(feedid)
+ + USER + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " " + ioe
+ .toString(), ioe);
throw ioe;
}
- StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user, HttpServletResponse.SC_NO_CONTENT);
+ StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user,
+ HttpServletResponse.SC_NO_CONTENT);
} catch (IOException ioe) {
- eelfLogger.error("NODE0110 IO Exception receiving publish attempt for feed " + feedid + " user " + user + " ip " + ip + " " + ioe.toString(), ioe);
+ eelfLogger.error("NODE0110 IO Exception receiving publish attempt for feed " + feedid + USER + user
+ + " ip " + ip + " " + ioe.toString(), ioe);
eelfLogger.info(EelfMsgs.EXIT);
throw ioe;
} finally {
- if (is != null) {
- try {
- is.close();
- } catch (Exception e) {
- eelfLogger.error("NODE0530 Exception common: " + e);
- }
- }
- if (dos != null) {
- try {
- dos.close();
- } catch (Exception e) {
- eelfLogger.error("NODE0531 Exception common: " + e);
- }
- }
if (mw != null) {
try {
mw.close();
@@ -474,43 +412,77 @@ public class NodeServlet extends HttpServlet {
}
}
try {
- data.delete();
+ Files.delete(data.toPath());
+ Files.delete(meta.toPath());
} catch (Exception e) {
eelfLogger.error("NODE0533 Exception common: " + e);
}
- try {
- meta.delete();
- } catch (Exception e) {
- eelfLogger.error("NODE0534 Exception common: " + e);
+ }
+ }
+
+ private String generateAndValidatePublishId(HttpServletRequest req) throws IOException {
+ String newPubId = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
+
+ String regex = ".*";
+
+ if(newPubId.matches(regex)){
+ return newPubId;
+ }
+ throw new IOException("Invalid Header X-DMAAP-DR-PUBLISH-ID");
+ }
+
+ private String writeInputStreamToFile(HttpServletRequest req, File data) {
+ byte[] buf = new byte[1024 * 1024];
+ int bytesRead;
+ try (OutputStream dos = new FileOutputStream(data);
+ InputStream is = req.getInputStream()) {
+ while ((bytesRead = is.read(buf)) > 0) {
+ dos.write(buf, 0, bytesRead);
}
+ } catch (IOException ioe) {
+ eelfLogger.error("NODE0530 Exception common: " + ioe, ioe);
+ eelfLogger.info(EelfMsgs.EXIT);
+ return ioe.getMessage();
+ }
+ return null;
+ }
+
+ private long getExlen(HttpServletRequest req) {
+ long exlen = -1;
+ try {
+ exlen = Long.parseLong(req.getHeader("Content-Length"));
+ } catch (Exception e) {
+ eelfLogger.error("NODE0529 Exception common: " + e);
}
+ return exlen;
}
private void deleteFile(HttpServletRequest req, HttpServletResponse resp, String fileid, String pubid) {
+ final String FROM_DR_MESSAGE = ".M) from DR Node: ";
try {
fileid = fileid.substring(8);
- int i = fileid.indexOf('/');
- if (i == -1 || i == fileid.length() - 1) {
- eelfLogger.error("NODE0112 Rejecting bad URI for DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ int index = fileid.indexOf('/');
+ if (index == -1 || index == fileid.length() - 1) {
+ eelfLogger.error("NODE0112 Rejecting bad URI for DELETE of " + req.getPathInfo() + FROM + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /.");
+ "Invalid request URI. Expecting /.");
eelfLogger.info(EelfMsgs.EXIT);
return;
}
- String subscriptionId = fileid.substring(0, i);
+ String subscriptionId = fileid.substring(0, index);
int subId = Integer.parseInt(subscriptionId);
- pubid = fileid.substring(i + 1);
- String errorMessage = "Unable to delete files (" + pubid + ", " + pubid + ".M) from DR Node: "
- + config.getMyName() + ".";
+ pubid = fileid.substring(index + 1);
+ String errorMessage = "Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
+ + config.getMyName() + ".";
int subIdDir = subId - (subId % 100);
if (!isAuthorizedToDelete(resp, subscriptionId, errorMessage)) {
return;
}
boolean result = delivery.markTaskSuccess(config.getSpoolBase() + "/s/" + subIdDir + "/" + subId, pubid);
if (result) {
- eelfLogger.info("NODE0115 Successfully deleted files (" + pubid + ", " + pubid + ".M) from DR Node: "
- + config.getMyName());
+ eelfLogger.debug("NODE0115 Successfully deleted files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
+ + config.getMyName());
resp.setStatus(HttpServletResponse.SC_OK);
eelfLogger.info(EelfMsgs.EXIT);
} else {
@@ -519,8 +491,8 @@ public class NodeServlet extends HttpServlet {
eelfLogger.info(EelfMsgs.EXIT);
}
} catch (IOException ioe) {
- eelfLogger.error("NODE0117 Unable to delete files (" + pubid + ", " + pubid + ".M) from DR Node: "
- + config.getMyName(), ioe);
+ eelfLogger.error("NODE0117 Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
+ + config.getMyName(), ioe);
eelfLogger.info(EelfMsgs.EXIT);
}
}
@@ -531,39 +503,40 @@ public class NodeServlet extends HttpServlet {
eelfLogger.info(EelfMsgs.EXIT);
return null;
}
- if (!req.isSecure()) {
+ if (!req.isSecure() && config.isTlsEnabled()) {
eelfLogger.error(
- "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + FROM + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "https required on publish requests");
eelfLogger.info(EelfMsgs.EXIT);
return null;
}
String fileid = req.getPathInfo();
if (fileid == null) {
- eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ eelfLogger.error("NODE0201 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /.");
+ INVALID_REQUEST_URI);
eelfLogger.info(EelfMsgs.EXIT);
return null;
}
return fileid;
}
- private boolean isAuthorizedToDelete(HttpServletResponse resp, String subscriptionId, String errorMessage) throws IOException {
+ private boolean isAuthorizedToDelete(HttpServletResponse resp, String subscriptionId, String errorMessage)
+ throws IOException {
try {
boolean deletePermitted = config.isDeletePermitted(subscriptionId);
if (!deletePermitted) {
eelfLogger.error("NODE0113 " + errorMessage + " Error: Subscription "
- + subscriptionId + " is not a privileged subscription");
+ + subscriptionId + " is not a privileged subscription");
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
eelfLogger.info(EelfMsgs.EXIT);
return false;
}
} catch (NullPointerException npe) {
- eelfLogger.error("NODE0114 " + errorMessage + " Error: Subscription " + subscriptionId +
- " does not exist", npe);
+ eelfLogger.error("NODE0114 " + errorMessage + " Error: Subscription " + subscriptionId
+ + " does not exist", npe);
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
eelfLogger.info(EelfMsgs.EXIT);
return false;
@@ -582,4 +555,88 @@ public class NodeServlet extends HttpServlet {
return -1;
}
}
+
+ /**
+ * Utility class that validates the path url formed from
+ * the string passed in the request parameters.
+ */
+ static class PathUtil {
+
+ private PathUtil() {
+ throw new IllegalStateException("Utility Class");
+ }
+
+ /**
+ * This method takes String as the parameter and return the filtered path string.
+ *
+ * @param string String to clean
+ * @return A cleaned String
+ */
+ static String cleanString(String string) {
+ if (string == null) {
+ return null;
+ }
+ StringBuilder cleanString = new StringBuilder();
+ for (int i = 0; i < string.length(); ++i) {
+ cleanString.append(cleanChar(string.charAt(i)));
+ }
+ return cleanString.toString();
+ }
+
+ /**
+ * This method filters the valid special characters in path string.
+ *
+ * @param character The char to be cleaned
+ * @return The cleaned char
+ */
+ private static char cleanChar(char character) {
+ // 0 - 9
+ for (int i = 48; i < 58; ++i) {
+ if (character == i) {
+ return (char) i;
+ }
+ }
+ // 'A' - 'Z'
+ for (int i = 65; i < 91; ++i) {
+ if (character == i) {
+ return (char) i;
+ }
+ }
+ // 'a' - 'z'
+ for (int i = 97; i < 123; ++i) {
+ if (character == i) {
+ return (char) i;
+ }
+ }
+ return getValidCharacter(character);
+ }
+
+ private static char getValidCharacter(char character) {
+ // other valid characters
+ switch (character) {
+ case '/':
+ return '/';
+ case '.':
+ return '.';
+ case '-':
+ return '-';
+ case ':':
+ return ':';
+ case '?':
+ return '?';
+ case '&':
+ return '&';
+ case '=':
+ return '=';
+ case '#':
+ return '#';
+ case '_':
+ return '_';
+ case ' ':
+ return ' ';
+ default:
+ return '%';
+ }
+ }
+ }
}