diff options
author | Dan Timoney <dtimoney@att.com> | 2020-10-19 10:11:15 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2020-10-19 10:11:15 -0400 |
commit | 684ff7064739851f66483df77d6578966ee4b6a3 (patch) | |
tree | a4ed1744189bca5394f698c0ae7aa45c0fd47a87 /ansible-adapter/ansible-adapter-bundle | |
parent | 3a489bb37be36b72bc584c530f2c514032e12b8c (diff) |
Address security issues
Removed unused Mdsal activator class.
Added file name validation for ConnectionBuilder in ansible adaptor
Change-Id: I00d6a0c1edccae263520738f7a4685b1ad71b943
Issue-ID: CCSDK-2918
Signed-off-by: Dan Timoney <dtimoney@att.com>
Diffstat (limited to 'ansible-adapter/ansible-adapter-bundle')
-rw-r--r-- | ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java b/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java index 6295a2557..672e0df67 100644 --- a/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java +++ b/ansible-adapter/ansible-adapter-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/ansible/impl/ConnectionBuilder.java @@ -53,6 +53,8 @@ import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; import org.onap.ccsdk.sli.adaptors.ansible.model.AnsibleResult; import org.onap.ccsdk.sli.adaptors.ansible.model.AnsibleResultCodes; +import org.onap.ccsdk.sli.core.utils.PathValidator; + import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -104,6 +106,10 @@ public class ConnectionBuilder { public ConnectionBuilder(String trustStoreFile, char[] trustStorePasswd) throws KeyStoreException, IOException, KeyManagementException, NoSuchAlgorithmException, CertificateException { + if (!PathValidator.isValidFilePath(trustStoreFile)) { + throw new IOException("Invalid trust store file path"); + } + /* Load the specified trustStore */ KeyStore keystore = KeyStore.getInstance("JKS"); FileInputStream readStream = new FileInputStream(trustStoreFile); |