From f3813a02bcb9ff3d0fcb9ad999e0b6221ff79cdb Mon Sep 17 00:00:00 2001 From: esobmar Date: Mon, 24 Sep 2018 12:09:20 +0100 Subject: [PATCH] Fix PublishServlet Vulnerabilities Change-Id: I01a9fced7e8e18115f2a8f92fb789e4c585d5408 Signed-off-by: Mariusz Sobucki Issue-ID: DMAAP-775 --- .../datarouter/provisioning/PublishServlet.java | 72 ++++++++++++---------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java index 05502760..4cefdf1e 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java @@ -25,11 +25,9 @@ package org.onap.dmaap.datarouter.provisioning; import java.io.IOException; -import java.io.InputStream; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import java.util.Properties; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -98,41 +96,47 @@ public class PublishServlet extends BaseServlet { setIpAndFqdnForEelf("doPost"); eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); redirect(req, resp); + } - private void redirect(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String[] nodes = getNodes(); - if (nodes == null || nodes.length == 0) { - resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "There are no nodes defined in the DR network."); - } else { - EventLogRecord elr = new EventLogRecord(req); - int feedid = checkPath(req); - if (feedid < 0) { - String message = (feedid == -1) - ? "Invalid request - Missing or bad feed number." - : "Invalid request - Missing file ID."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); - - resp.sendError(HttpServletResponse.SC_NOT_FOUND, message); + private void redirect(HttpServletRequest req, HttpServletResponse resp) { + try { + String[] nodes = getNodes(); + if (nodes == null || nodes.length == 0) { + resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "There are no nodes defined in the DR network."); } else { - // Generate new URL - String nextnode = getRedirectNode(feedid, req); - nextnode = nextnode+":"+DB.HTTPS_PORT; - String newurl = "https://" + nextnode + "/publish" + req.getPathInfo(); - String qs = req.getQueryString(); - if (qs != null) - newurl += "?" + qs; - - // Log redirect in event log - String message = "Redirected to: "+newurl; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_MOVED_PERMANENTLY); - eventlogger.info(elr); - - resp.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); - resp.setHeader("Location", newurl); + EventLogRecord elr = new EventLogRecord(req); + int feedid = checkPath(req); + if (feedid < 0) { + String message = (feedid == -1) + ? "Invalid request - Missing or bad feed number." + : "Invalid request - Missing file ID."; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_NOT_FOUND); + eventlogger.info(elr); + + resp.sendError(HttpServletResponse.SC_NOT_FOUND, message); + } else { + // Generate new URL + String nextnode = getRedirectNode(feedid, req); + nextnode = nextnode + ":" + DB.HTTPS_PORT; + String newurl = "https://" + nextnode + "/publish" + req.getPathInfo(); + String qs = req.getQueryString(); + if (qs != null) + newurl += "?" + qs; + + // Log redirect in event log + String message = "Redirected to: " + newurl; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_MOVED_PERMANENTLY); + eventlogger.info(elr); + + resp.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); + resp.setHeader("Location", newurl); + } } + } catch (IOException ioe) { + intlogger.error("IOException" + ioe.getMessage()); + } } private String getRedirectNode(int feedid, HttpServletRequest req) { -- 2.16.6