diff options
author | Conor Ward <conor.ward@ericsson.com> | 2018-09-13 07:44:37 +0000 |
---|---|---|
committer | Conor Ward <conor.ward@ericsson.com> | 2018-09-13 07:44:37 +0000 |
commit | 67cc50441de4e771ca3e0d91a2e35e0e4057a219 (patch) | |
tree | 012461e95cdada2a183f44479c27a6c6e059235c | |
parent | 8f2e78cc17997beb2cf410a26b6ff3e1d2644b4e (diff) |
Fix Vulnerabilities in BaseServlet
Change-Id: If17554c146ea4decf806a13a3412f903323d1c2b
Signed-off-by: Conor Ward <conor.ward@ericsson.com>
Issue-ID: DMAAP-771
3 files changed, 22 insertions, 30 deletions
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index 047043b1..3838cadf 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -121,7 +121,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { private static final int DEFAULT_POKETIMER2 = 30; private static final String DEFAULT_DOMAIN = "onap"; private static final String DEFAULT_PROVSRVR_NAME = "dmaap-dr-prov"; - private static final String RESEARCH_SUBNET = "10.42.0.0/16"; private static final String STATIC_ROUTING_NODES = ""; //Adding new param for static Routing - Rally:US664862-1610 /** @@ -139,11 +138,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { /** * The set of authorized addresses and networks; pulled from the DB (PROV_AUTH_ADDRESSES) */ - private static Set<String> authorizedAddressesAndNetworks = new HashSet<String>(); + private static Set<String> authorizedAddressesAndNetworks = new HashSet<>(); /** * The set of authorized names; pulled from the DB (PROV_AUTH_SUBJECTS) */ - private static Set<String> authorizedNames = new HashSet<String>(); + private static Set<String> authorizedNames = new HashSet<>(); /** * The FQDN of the initially "active" provisioning server in this Data Router ecosystem */ @@ -199,19 +198,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { /** * The standard FQDN of the provisioning server in this Data Router ecosystem */ - public static String provName = "feeds-drtr.web.att.com"; + private static String provName = "feeds-drtr.web.att.com"; + /** * The standard FQDN of the ACTIVE provisioning server in this Data Router ecosystem */ - public static String activeProvName = "feeds-drtr.web.att.com"; - /** - * Special subnet that is allowed access to /internal - */ - private static String researchSubnet = RESEARCH_SUBNET; - /** - * Special subnet that is allowed access to /internal to Lab Machine - */ - private static String researchSubnet1 = RESEARCH_SUBNET; + private static String activeProvName = "feeds-drtr.web.att.com"; + private static String staticRoutingNodes = STATIC_ROUTING_NODES; //Adding new param for static Routing - Rally:US664862-1610 /** @@ -389,13 +382,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { if (loopback != null && ip.equals(loopback)) { return true; } - // Also allow the "special subnet" access - if (addressMatchesNetwork(ip, researchSubnet1)) { - return true; - } - if (addressMatchesNetwork(ip, researchSubnet)) { - return true; - } } catch (UnknownHostException e) { // ignore } @@ -473,7 +459,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { provDomain = getString(map, Parameters.PROV_DOMAIN, DEFAULT_DOMAIN); provName = getString(map, Parameters.PROV_NAME, DEFAULT_PROVSRVR_NAME); activeProvName = getString(map, Parameters.PROV_ACTIVE_NAME, provName); - researchSubnet = getString(map, Parameters.PROV_SPECIAL_SUBNET, RESEARCH_SUBNET); staticRoutingNodes = getString(map, Parameters.STATIC_ROUTING_NODES, ""); //Adding new param for static Routing - Rally:US664862-1610 initialActivePod = getString(map, Parameters.ACTIVE_POD, ""); @@ -630,6 +615,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } } + public static String getProvName() { + return provName; + } + + public static String getActiveProvName() { + return activeProvName; + } /** * Get an array of all node names in the DR network. @@ -784,7 +776,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } private static Set<String> getSet(Map<String, String> map, String name) { - Set<String> set = new HashSet<String>(); + Set<String> set = new HashSet<>(); String s = map.get(name); if (s != null) { String[] pp = s.split("\\|"); @@ -807,7 +799,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { public class ContentHeader { private String type = ""; - private Map<String, String> map = new HashMap<String, String>(); + private Map<String, String> map = new HashMap<>(); ContentHeader() { this("", "1.0"); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java index e1eeb786..f9d0867d 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java @@ -302,7 +302,7 @@ public class SynchronizerTask extends TimerTask { String thisPod = myaddr.getHostName(); Set<String> pods = new TreeSet<>(Arrays.asList(BaseServlet.getPods())); if (pods.contains(thisPod)) { - InetAddress pserver = InetAddress.getByName(BaseServlet.activeProvName); + InetAddress pserver = InetAddress.getByName(BaseServlet.getActiveProvName()); newstate = myaddr.equals(pserver) ? ACTIVE : STANDBY; if (logger.isDebugEnabled() && System.currentTimeMillis() >= nextMsg) { logger.debug("Active POD = " + pserver + ", Current state is " + stnames[newstate]); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java index b58ab5a0..b73c4639 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java @@ -45,7 +45,7 @@ public class URLUtilities { * @return the URL
*/
public static String generateFeedURL(int feedid) {
- return "https://" + BaseServlet.provName + "/feed/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/feed/" + feedid;
}
/**
@@ -55,7 +55,7 @@ public class URLUtilities { * @return the URL
*/
public static String generatePublishURL(int feedid) {
- return "https://" + BaseServlet.provName + "/publish/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/publish/" + feedid;
}
/**
@@ -65,7 +65,7 @@ public class URLUtilities { * @return the URL
*/
public static String generateSubscribeURL(int feedid) {
- return "https://" + BaseServlet.provName + "/subscribe/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/subscribe/" + feedid;
}
/**
@@ -75,7 +75,7 @@ public class URLUtilities { * @return the URL
*/
public static String generateFeedLogURL(int feedid) {
- return "https://" + BaseServlet.provName + "/feedlog/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/feedlog/" + feedid;
}
/**
@@ -85,7 +85,7 @@ public class URLUtilities { * @return the URL
*/
public static String generateSubscriptionURL(int subid) {
- return "https://" + BaseServlet.provName + "/subs/" + subid;
+ return "https://" + BaseServlet.getProvName() + "/subs/" + subid;
}
/**
@@ -95,7 +95,7 @@ public class URLUtilities { * @return the URL
*/
public static String generateSubLogURL(int subid) {
- return "https://" + BaseServlet.provName + "/sublog/" + subid;
+ return "https://" + BaseServlet.getProvName() + "/sublog/" + subid;
}
/**
|