summaryrefslogtreecommitdiffstats
path: root/sidecar/rproxy/src/main/java/org
diff options
context:
space:
mode:
authorLee, Tian (tl5884) <TianL@amdocs.com>2018-10-01 16:24:47 +0100
committerLee, Tian (tl5884) <TianL@amdocs.com>2018-10-01 16:24:47 +0100
commit0d9b3896ad594816b1eb7048949114e6a18c4bd4 (patch)
tree67b318549cc5de466a999a3fd1029402ac6b593f /sidecar/rproxy/src/main/java/org
parent69f4409bb70e8891a08219133bfc09c07aecbde6 (diff)
Fix NexusIQ security vulnerabilities
Remove Spring Boot Jackson dependencies and replace with Gson implementation. Fix potential source of NullPointerException. Change-Id: I3a715a023223b596e8a0979f0e0d381511fca32d Issue-ID: AAF-529 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
Diffstat (limited to 'sidecar/rproxy/src/main/java/org')
-rw-r--r--sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyAuthorizationFilter.java9
-rw-r--r--sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java6
2 files changed, 10 insertions, 5 deletions
diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyAuthorizationFilter.java b/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyAuthorizationFilter.java
index 6374c9d..f939249 100644
--- a/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyAuthorizationFilter.java
+++ b/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyAuthorizationFilter.java
@@ -20,6 +20,7 @@
package org.onap.aaf.rproxy;
import com.google.gson.Gson;
+import com.google.gson.reflect.TypeToken;
import com.google.gson.stream.JsonReader;
import java.io.File;
import java.io.FileInputStream;
@@ -30,6 +31,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.annotation.Resource;
import javax.servlet.Filter;
@@ -58,7 +60,7 @@ public class ReverseProxyAuthorizationFilter implements Filter {
private static final Logger LOGGER = LoggerFactory.getLogger(ReverseProxyAuthorizationFilter.class);
- private ReverseProxyAuthorization[] reverseProxyAuthorizations = new ReverseProxyAuthorization[] {};
+ private List<ReverseProxyAuthorization> reverseProxyAuthorizations = new ArrayList<>();
@Resource
private ReverseProxyURIAuthorizationProperties reverseProxyURIAuthorizationProperties;
@@ -72,7 +74,10 @@ public class ReverseProxyAuthorizationFilter implements Filter {
try (InputStream inputStream =
new FileInputStream(new File(reverseProxyURIAuthorizationProperties.getConfigurationFile()));
JsonReader jsonReader = new JsonReader(new InputStreamReader(inputStream))) {
- reverseProxyAuthorizations = new Gson().fromJson(jsonReader, ReverseProxyAuthorization[].class);
+ List<ReverseProxyAuthorization> untrimmedList = new Gson().fromJson(jsonReader,
+ new TypeToken<ArrayList<ReverseProxyAuthorization>>() {}.getType());
+ untrimmedList.removeAll(Collections.singleton(null));
+ reverseProxyAuthorizations = untrimmedList;
} catch (IOException e) {
throw new ServletException("Authorizations config file not found.", e);
}
diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java b/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java
index b5c000c..55fcdd1 100644
--- a/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java
+++ b/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java
@@ -35,7 +35,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.actuate.endpoint.InvalidEndpointRequestException;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
@@ -45,6 +44,7 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
@RestController
@@ -152,8 +152,8 @@ public class ReverseProxyService {
restTemplate.postForEntity(forwardProxyURI, credentialCacheData, String.class);
if (!response.getStatusCode().is2xxSuccessful()) {
- throw new InvalidEndpointRequestException("Error posting to credential cache.",
- "Status code: " + response.getStatusCodeValue() + " Message: " + response.getBody());
+ throw new HttpClientErrorException(response.getStatusCode(),
+ "Error posting to credential cache. Message: " + response.getBody());
}
}