aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorConor Ward <conor.ward@ericsson.com>2018-09-13 07:44:37 +0000
committerConor Ward <conor.ward@ericsson.com>2018-09-13 07:44:37 +0000
commit67cc50441de4e771ca3e0d91a2e35e0e4057a219 (patch)
tree012461e95cdada2a183f44479c27a6c6e059235c
parent8f2e78cc17997beb2cf410a26b6ff3e1d2644b4e (diff)
Fix Vulnerabilities in BaseServlet
Change-Id: If17554c146ea4decf806a13a3412f903323d1c2b Signed-off-by: Conor Ward <conor.ward@ericsson.com> Issue-ID: DMAAP-771
-rwxr-xr-xdatarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java38
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java2
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java12
3 files changed, 22 insertions, 30 deletions
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
index 047043b1..3838cadf 100755
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
@@ -121,7 +121,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
private static final int DEFAULT_POKETIMER2 = 30;
private static final String DEFAULT_DOMAIN = "onap";
private static final String DEFAULT_PROVSRVR_NAME = "dmaap-dr-prov";
- private static final String RESEARCH_SUBNET = "10.42.0.0/16";
private static final String STATIC_ROUTING_NODES = ""; //Adding new param for static Routing - Rally:US664862-1610
/**
@@ -139,11 +138,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
/**
* The set of authorized addresses and networks; pulled from the DB (PROV_AUTH_ADDRESSES)
*/
- private static Set<String> authorizedAddressesAndNetworks = new HashSet<String>();
+ private static Set<String> authorizedAddressesAndNetworks = new HashSet<>();
/**
* The set of authorized names; pulled from the DB (PROV_AUTH_SUBJECTS)
*/
- private static Set<String> authorizedNames = new HashSet<String>();
+ private static Set<String> authorizedNames = new HashSet<>();
/**
* The FQDN of the initially "active" provisioning server in this Data Router ecosystem
*/
@@ -199,19 +198,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
/**
* The standard FQDN of the provisioning server in this Data Router ecosystem
*/
- public static String provName = "feeds-drtr.web.att.com";
+ private static String provName = "feeds-drtr.web.att.com";
+
/**
* The standard FQDN of the ACTIVE provisioning server in this Data Router ecosystem
*/
- public static String activeProvName = "feeds-drtr.web.att.com";
- /**
- * Special subnet that is allowed access to /internal
- */
- private static String researchSubnet = RESEARCH_SUBNET;
- /**
- * Special subnet that is allowed access to /internal to Lab Machine
- */
- private static String researchSubnet1 = RESEARCH_SUBNET;
+ private static String activeProvName = "feeds-drtr.web.att.com";
+
private static String staticRoutingNodes = STATIC_ROUTING_NODES; //Adding new param for static Routing - Rally:US664862-1610
/**
@@ -389,13 +382,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
if (loopback != null && ip.equals(loopback)) {
return true;
}
- // Also allow the "special subnet" access
- if (addressMatchesNetwork(ip, researchSubnet1)) {
- return true;
- }
- if (addressMatchesNetwork(ip, researchSubnet)) {
- return true;
- }
} catch (UnknownHostException e) {
// ignore
}
@@ -473,7 +459,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
provDomain = getString(map, Parameters.PROV_DOMAIN, DEFAULT_DOMAIN);
provName = getString(map, Parameters.PROV_NAME, DEFAULT_PROVSRVR_NAME);
activeProvName = getString(map, Parameters.PROV_ACTIVE_NAME, provName);
- researchSubnet = getString(map, Parameters.PROV_SPECIAL_SUBNET, RESEARCH_SUBNET);
staticRoutingNodes = getString(map, Parameters.STATIC_ROUTING_NODES,
""); //Adding new param for static Routing - Rally:US664862-1610
initialActivePod = getString(map, Parameters.ACTIVE_POD, "");
@@ -630,6 +615,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
}
}
+ public static String getProvName() {
+ return provName;
+ }
+
+ public static String getActiveProvName() {
+ return activeProvName;
+ }
/**
* Get an array of all node names in the DR network.
@@ -784,7 +776,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
}
private static Set<String> getSet(Map<String, String> map, String name) {
- Set<String> set = new HashSet<String>();
+ Set<String> set = new HashSet<>();
String s = map.get(name);
if (s != null) {
String[] pp = s.split("\\|");
@@ -807,7 +799,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
public class ContentHeader {
private String type = "";
- private Map<String, String> map = new HashMap<String, String>();
+ private Map<String, String> map = new HashMap<>();
ContentHeader() {
this("", "1.0");
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java
index e1eeb786..f9d0867d 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java
@@ -302,7 +302,7 @@ public class SynchronizerTask extends TimerTask {
String thisPod = myaddr.getHostName();
Set<String> pods = new TreeSet<>(Arrays.asList(BaseServlet.getPods()));
if (pods.contains(thisPod)) {
- InetAddress pserver = InetAddress.getByName(BaseServlet.activeProvName);
+ InetAddress pserver = InetAddress.getByName(BaseServlet.getActiveProvName());
newstate = myaddr.equals(pserver) ? ACTIVE : STANDBY;
if (logger.isDebugEnabled() && System.currentTimeMillis() >= nextMsg) {
logger.debug("Active POD = " + pserver + ", Current state is " + stnames[newstate]);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
index b58ab5a0..b73c4639 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
@@ -45,7 +45,7 @@ public class URLUtilities {
* @return the URL
*/
public static String generateFeedURL(int feedid) {
- return "https://" + BaseServlet.provName + "/feed/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/feed/" + feedid;
}
/**
@@ -55,7 +55,7 @@ public class URLUtilities {
* @return the URL
*/
public static String generatePublishURL(int feedid) {
- return "https://" + BaseServlet.provName + "/publish/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/publish/" + feedid;
}
/**
@@ -65,7 +65,7 @@ public class URLUtilities {
* @return the URL
*/
public static String generateSubscribeURL(int feedid) {
- return "https://" + BaseServlet.provName + "/subscribe/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/subscribe/" + feedid;
}
/**
@@ -75,7 +75,7 @@ public class URLUtilities {
* @return the URL
*/
public static String generateFeedLogURL(int feedid) {
- return "https://" + BaseServlet.provName + "/feedlog/" + feedid;
+ return "https://" + BaseServlet.getProvName() + "/feedlog/" + feedid;
}
/**
@@ -85,7 +85,7 @@ public class URLUtilities {
* @return the URL
*/
public static String generateSubscriptionURL(int subid) {
- return "https://" + BaseServlet.provName + "/subs/" + subid;
+ return "https://" + BaseServlet.getProvName() + "/subs/" + subid;
}
/**
@@ -95,7 +95,7 @@ public class URLUtilities {
* @return the URL
*/
public static String generateSubLogURL(int subid) {
- return "https://" + BaseServlet.provName + "/sublog/" + subid;
+ return "https://" + BaseServlet.getProvName() + "/sublog/" + subid;
}
/**