diff options
author | david.mcweeney <david.mcweeney@est.tech> | 2022-03-10 11:39:53 +0000 |
---|---|---|
committer | david.mcweeney <david.mcweeney@est.tech> | 2022-03-10 11:42:07 +0000 |
commit | 116700ba242cc0b67c2b0f23bd412340ba60d952 (patch) | |
tree | 3055b4af6a67dc1fcfe098d5bd1a9fe468fe7071 | |
parent | d1741d61283e8dfc54339c543abeea2e5ad4fed8 (diff) |
DMAAP-1624 Cross Scripting sonar check
Change-Id: Id5a10c3a9dd037d28caaee5e7a1831477cca3dad
Signed-off-by: david.mcweeney <david.mcweeney@est.tech>
Issue-ID: DMAAP-1624
-rw-r--r-- | datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java index aa827de1..139c7492 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java @@ -253,7 +253,7 @@ public class NodeServlet extends HttpServlet { return; } fileid = fileid.substring(18); - pubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID"); + pubid = generateAndValidatePublishId(req); user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING")); @@ -466,6 +466,17 @@ public class NodeServlet extends HttpServlet { } } + private String generateAndValidatePublishId(HttpServletRequest req) throws IOException { + String newPubId = req.getHeader("X-DMAAP-DR-PUBLISH-ID"); + + String regex = ".*"; + + if(newPubId.matches(regex)){ + return newPubId; + } + throw new IOException("Invalid Header X-DMAAP-DR-PUBLISH-ID"); + } + private String writeInputStreamToFile(HttpServletRequest req, File data) { byte[] buf = new byte[1024 * 1024]; int bytesRead; |