From 6aaa8fe86a92e06d92ca8c9df5a99baf84cb01aa Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Mon, 19 Oct 2020 10:11:15 -0400 Subject: Address security issues Removed unused Mdsal activator class. Added file name validation for ConnectionBuilder in ansible adaptor Change-Id: I00d6a0c1edccae263520738f7a4685b1ad71b943 Issue-ID: CCSDK-2918 Signed-off-by: Dan Timoney --- .../org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'ansible-adapter') diff --git a/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java b/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java index 6295a255..672e0df6 100644 --- a/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java +++ b/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java @@ -53,6 +53,8 @@ import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; import org.onap.ccsdk.sli.adaptors.ansible.model.AnsibleResult; import org.onap.ccsdk.sli.adaptors.ansible.model.AnsibleResultCodes; +import org.onap.ccsdk.sli.core.utils.PathValidator; + import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -104,6 +106,10 @@ public class ConnectionBuilder { public ConnectionBuilder(String trustStoreFile, char[] trustStorePasswd) throws KeyStoreException, IOException, KeyManagementException, NoSuchAlgorithmException, CertificateException { + if (!PathValidator.isValidFilePath(trustStoreFile)) { + throw new IOException("Invalid trust store file path"); + } + /* Load the specified trustStore */ KeyStore keystore = KeyStore.getInstance("JKS"); FileInputStream readStream = new FileInputStream(trustStoreFile); -- cgit 1.2.3-korg