Code Review / dmaap / datarouter.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8f2e78c)
Fix Vulnerabilities in BaseServlet 89/66289/1
authorConor Ward <conor.ward@ericsson.com>
Thu, 13 Sep 2018 07:44:37 +0000 (07:44 +0000)
committerConor Ward <conor.ward@ericsson.com>
Thu, 13 Sep 2018 07:44:37 +0000 (07:44 +0000)
Change-Id: If17554c146ea4decf806a13a3412f903323d1c2b
Signed-off-by: Conor Ward <conor.ward@ericsson.com>
Issue-ID: DMAAP-771

datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java patch | blob | history
datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java patch | blob | history
datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java patch | blob | history

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
index 047043b..3838cad 100755 (executable)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
@@ -121,7 +121,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
     private static final int DEFAULT_POKETIMER2 = 30;
     private static final String DEFAULT_DOMAIN = "onap";
     private static final String DEFAULT_PROVSRVR_NAME = "dmaap-dr-prov";
-    private static final String RESEARCH_SUBNET = "10.42.0.0/16";
     private static final String STATIC_ROUTING_NODES = ""; //Adding new param for static Routing - Rally:US664862-1610
 
     /**
@@ -139,11 +138,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
     /**
      * The set of authorized addresses and networks; pulled from the DB (PROV_AUTH_ADDRESSES)
      */
-    private static Set<String> authorizedAddressesAndNetworks = new HashSet<String>();
+    private static Set<String> authorizedAddressesAndNetworks = new HashSet<>();
     /**
      * The set of authorized names; pulled from the DB (PROV_AUTH_SUBJECTS)
      */
-    private static Set<String> authorizedNames = new HashSet<String>();
+    private static Set<String> authorizedNames = new HashSet<>();
     /**
      * The FQDN of the initially "active" provisioning server in this Data Router ecosystem
      */
@@ -199,19 +198,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
     /**
      * The standard FQDN of the provisioning server in this Data Router ecosystem
      */
-    public static String provName = "feeds-drtr.web.att.com";
+    private static String provName = "feeds-drtr.web.att.com";
+
     /**
      * The standard FQDN of the ACTIVE provisioning server in this Data Router ecosystem
      */
-    public static String activeProvName = "feeds-drtr.web.att.com";
-    /**
-     * Special subnet that is allowed access to /internal
-     */
-    private static String researchSubnet = RESEARCH_SUBNET;
-    /**
-     * Special subnet that is allowed access to /internal to Lab Machine
-     */
-    private static String researchSubnet1 = RESEARCH_SUBNET;
+    private static String activeProvName = "feeds-drtr.web.att.com";
+
     private static String staticRoutingNodes = STATIC_ROUTING_NODES; //Adding new param for static Routing - Rally:US664862-1610
 
     /**
@@ -389,13 +382,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
             if (loopback != null && ip.equals(loopback)) {
                 return true;
             }
-            // Also allow the "special subnet" access
-            if (addressMatchesNetwork(ip, researchSubnet1)) {
-                return true;
-            }
-            if (addressMatchesNetwork(ip, researchSubnet)) {
-                return true;
-            }
         } catch (UnknownHostException e) {
             // ignore
         }
@@ -473,7 +459,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
         provDomain = getString(map, Parameters.PROV_DOMAIN, DEFAULT_DOMAIN);
         provName = getString(map, Parameters.PROV_NAME, DEFAULT_PROVSRVR_NAME);
         activeProvName = getString(map, Parameters.PROV_ACTIVE_NAME, provName);
-        researchSubnet = getString(map, Parameters.PROV_SPECIAL_SUBNET, RESEARCH_SUBNET);
         staticRoutingNodes = getString(map, Parameters.STATIC_ROUTING_NODES,
             ""); //Adding new param for static Routing - Rally:US664862-1610
         initialActivePod = getString(map, Parameters.ACTIVE_POD, "");
@@ -630,6 +615,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
         }
     }
 
+    public static String getProvName() {
+        return provName;
+    }
+
+    public static String getActiveProvName() {
+        return activeProvName;
+    }
 
     /**
      * Get an array of all node names in the DR network.
@@ -784,7 +776,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
     }
 
     private static Set<String> getSet(Map<String, String> map, String name) {
-        Set<String> set = new HashSet<String>();
+        Set<String> set = new HashSet<>();
         String s = map.get(name);
         if (s != null) {
             String[] pp = s.split("\\|");
@@ -807,7 +799,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
     public class ContentHeader {
 
         private String type = "";
-        private Map<String, String> map = new HashMap<String, String>();
+        private Map<String, String> map = new HashMap<>();
 
         ContentHeader() {
             this("", "1.0");
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java
index e1eeb78..f9d0867 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java
@@ -302,7 +302,7 @@ public class SynchronizerTask extends TimerTask {
             String thisPod = myaddr.getHostName();
             Set<String> pods = new TreeSet<>(Arrays.asList(BaseServlet.getPods()));
             if (pods.contains(thisPod)) {
-                InetAddress pserver = InetAddress.getByName(BaseServlet.activeProvName);
+                InetAddress pserver = InetAddress.getByName(BaseServlet.getActiveProvName());
                 newstate = myaddr.equals(pserver) ? ACTIVE : STANDBY;
                 if (logger.isDebugEnabled() && System.currentTimeMillis() >= nextMsg) {
                     logger.debug("Active POD = " + pserver + ", Current state is " + stnames[newstate]);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
index b58ab5a..b73c463 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
@@ -45,7 +45,7 @@ public class URLUtilities {
      * @return the URL\r
      */\r
     public static String generateFeedURL(int feedid) {\r
-        return "https://" + BaseServlet.provName + "/feed/" + feedid;\r
+        return "https://" + BaseServlet.getProvName() + "/feed/" + feedid;\r
     }\r
 \r
     /**\r
@@ -55,7 +55,7 @@ public class URLUtilities {
      * @return the URL\r
      */\r
     public static String generatePublishURL(int feedid) {\r
-        return "https://" + BaseServlet.provName + "/publish/" + feedid;\r
+        return "https://" + BaseServlet.getProvName() + "/publish/" + feedid;\r
     }\r
 \r
     /**\r
@@ -65,7 +65,7 @@ public class URLUtilities {
      * @return the URL\r
      */\r
     public static String generateSubscribeURL(int feedid) {\r
-        return "https://" + BaseServlet.provName + "/subscribe/" + feedid;\r
+        return "https://" + BaseServlet.getProvName() + "/subscribe/" + feedid;\r
     }\r
 \r
     /**\r
@@ -75,7 +75,7 @@ public class URLUtilities {
      * @return the URL\r
      */\r
     public static String generateFeedLogURL(int feedid) {\r
-        return "https://" + BaseServlet.provName + "/feedlog/" + feedid;\r
+        return "https://" + BaseServlet.getProvName() + "/feedlog/" + feedid;\r
     }\r
 \r
     /**\r
@@ -85,7 +85,7 @@ public class URLUtilities {
      * @return the URL\r
      */\r
     public static String generateSubscriptionURL(int subid) {\r
-        return "https://" + BaseServlet.provName + "/subs/" + subid;\r
+        return "https://" + BaseServlet.getProvName() + "/subs/" + subid;\r
     }\r
 \r
     /**\r
@@ -95,7 +95,7 @@ public class URLUtilities {
      * @return the URL\r
      */\r
     public static String generateSubLogURL(int subid) {\r
-        return "https://" + BaseServlet.provName + "/sublog/" + subid;\r
+        return "https://" + BaseServlet.getProvName() + "/sublog/" + subid;\r
     }\r
 \r
     /**\r
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API