diff options
author | Conor Ward <conor.ward@ericsson.com> | 2018-09-21 12:15:57 +0000 |
---|---|---|
committer | Conor Ward <conor.ward@ericsson.com> | 2018-09-21 12:15:57 +0000 |
commit | 32a143ffae69b2675e98c1d41be18defe31645b4 (patch) | |
tree | 58b6ea7bedc00ca790a6a1cf231681f7d7affdfe | |
parent | 46ef61c0fe477483be17dbf9af2ef3b1023da0d8 (diff) |
Fix NodeServlet Vulnerabilities
Change-Id: I7257eb3f65b76888098d85e4a7cad7f97f754570
Signed-off-by: Conor Ward <conor.ward@ericsson.com>
Issue-ID: DMAAP-775
-rw-r--r-- | datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java index b54068b5..51e59925 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java @@ -137,15 +137,16 @@ public class NodeServlet extends HttpServlet { /** * Handle all PUT requests */ - protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + protected void doPut(HttpServletRequest req, HttpServletResponse resp) { NodeUtils.setIpAndFqdnForEelf("doPut"); eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"), getIdFromPath(req) + ""); try { common(req, resp, true); - } - catch(IOException ioe){ + } catch(IOException ioe){ logger.error("IOException" + ioe.getMessage()); + } catch(ServletException se){ + logger.error("ServletException" + se.getMessage()); } } @@ -158,9 +159,10 @@ public class NodeServlet extends HttpServlet { getIdFromPath(req) + ""); try { common(req, resp, false); - } - catch(IOException ioe){ + } catch(IOException ioe){ logger.error("IOException" + ioe.getMessage()); + } catch(ServletException se){ + logger.error("ServletException" + se.getMessage()); } } @@ -277,9 +279,8 @@ public class NodeServlet extends HttpServlet { File data = new File(fbase); File meta = new File(fbase + ".M"); OutputStream dos = null; - Writer mw = null; InputStream is = null; - try { + try (Writer mw = new FileWriter(meta)){ StringBuffer mx = new StringBuffer(); mx.append(req.getMethod()).append('\t').append(fileid).append('\n'); Enumeration hnames = req.getHeaderNames(); @@ -353,12 +354,10 @@ public class NodeServlet extends HttpServlet { } String dbase = di.getSpool() + "/" + pubid; Files.createLink(Paths.get(dbase), dpath); - mw = new FileWriter(meta); mw.write(metadata); if (di.getSubId() == null) { mw.write("X-ATT-DR-ROUTING\t" + t.getRouting() + "\n"); } - mw.close(); meta.renameTo(new File(dbase + ".M")); } resp.setStatus(HttpServletResponse.SC_NO_CONTENT); @@ -383,12 +382,6 @@ public class NodeServlet extends HttpServlet { } catch (Exception e) { } } - if (mw != null) { - try { - mw.close(); - } catch (Exception e) { - } - } try { data.delete(); } catch (Exception e) { |