Fix Forfity issue on group Id by adding a validation on this input
value.
Issue-ID: POLICY-734
Change-Id: I83321a5ffd1ddca84f985b5fd8659e502ca967d7
Signed-off-by: Wang,Frank(gw1218) <gw1218@att.com>
public static final String POLICY_IN_PDP = "PolicyInPDP";
public static final String ERROR = "error";
public static final String UNKNOWN = "unknown";
public static final String POLICY_IN_PDP = "PolicyInPDP";
public static final String ERROR = "error";
public static final String UNKNOWN = "unknown";
+ private static final String REGEX = "[0-9a-zA-Z._]*";
public void doAPIDeleteFromPAP(HttpServletRequest request, HttpServletResponse response) throws IOException, SQLException {
// get the request content into a String
public void doAPIDeleteFromPAP(HttpServletRequest request, HttpServletResponse response) throws IOException, SQLException {
// get the request content into a String
String groupId = request.getParameter("groupId");
String responseString = null;
String groupId = request.getParameter("groupId");
String responseString = null;
+ if(groupId != null && !groupId.matches(REGEX) ){
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ response.addHeader("error",ERROR);
+ response.addHeader("message", "Group Id is not valid");
+ return;
+ }
+
PolicyLogger.info("JSON request from API to Delete Policy from the PDP: " + policyName);
// for PUT operations the group may or may not need to exist before the operation can be done
PolicyLogger.info("JSON request from API to Delete Policy from the PDP: " + policyName);
// for PUT operations the group may or may not need to exist before the operation can be done