diff options
author | Dan Timoney <dtimoney@att.com> | 2020-10-16 11:22:11 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2020-10-16 15:17:17 -0400 |
commit | ec2cdff3f96e7587c97b6fc9961fb108cf9c7e29 (patch) | |
tree | 49bcb281a63e499347c70a2fbe1b7a3feab408b2 /sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java | |
parent | 368939e5f285dafeec594d58ba74c5bba0cc20d1 (diff) |
Add code to validate path names.
Added code to validate path names to avoid possible attacks
due to hidden/special characters and/or embedded new lines.
Change-Id: I53d7266e44fbada1d9d5f458dfcdbc452801672c
Issue-ID: CCSDK-2918
Signed-off-by: Dan Timoney <dtimoney@att.com>
Diffstat (limited to 'sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java')
-rw-r--r-- | sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java index 5cb7ac5e..cb78ac2e 100644 --- a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java +++ b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java @@ -33,10 +33,7 @@ import javax.xml.validation.Schema; import javax.xml.validation.SchemaFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.xml.sax.Attributes; -import org.xml.sax.Locator; -import org.xml.sax.SAXException; -import org.xml.sax.SAXParseException; +import org.xml.sax.*; import org.xml.sax.helpers.DefaultHandler; /** @@ -62,7 +59,7 @@ public class SvcLogicParser { private static final String SVCLOGIC_XSD = "/svclogic.xsd"; private SAXParser saxParser; - private class SvcLogicHandler extends DefaultHandler { + private class SvcLogicHandler extends DefaultHandler { private Locator locator = null; private String module = null; private String version = null; @@ -82,7 +79,7 @@ public class SvcLogicParser { this.curNodeId = 1; this.outcomeValue = null; } - + @Override public void setDocumentLocator(Locator locator) { this.locator = locator; @@ -450,6 +447,9 @@ public class SvcLogicParser { public static void load(String xmlfile, SvcLogicStore store) throws SvcLogicException { + if (!PathValidator.isValidXmlPath(xmlfile)) { + throw new ConfigurationException("Invalid xml file name ("+ xmlfile + ")"); + } File xmlFile = new File(xmlfile); if (!xmlFile.canRead()) { throw new ConfigurationException("Cannot read xml file (" + xmlfile + ")"); @@ -482,6 +482,9 @@ public class SvcLogicParser { } public static void validate(String xmlfile, SvcLogicStore store) throws SvcLogicException { + if (!PathValidator.isValidXmlPath(xmlfile)) { + throw new ConfigurationException("Invalid xml file name ("+ xmlfile + ")"); + } File xmlFile = new File(xmlfile); if (!xmlFile.canRead()) { throw new ConfigurationException("Cannot read xml file (" + xmlfile + ")"); @@ -601,7 +604,7 @@ public class SvcLogicParser { } SAXParser saxParser = factory.newSAXParser(); - if (saxParser.isValidating()) { + if (saxParser.isValidating()) { LOGGER.info("Parser configured to validate XML {}", (xsdUrl != null ? xsdUrl.getPath() : null)); } return saxParser; |