summaryrefslogtreecommitdiffstats
path: root/datarouter-node/src/main/java
diff options
context:
space:
mode:
authordavid.mcweeney <david.mcweeney@est.tech>2021-07-27 15:53:14 +0100
committerdavid.mcweeney <david.mcweeney@est.tech>2021-07-27 15:53:18 +0100
commit8df9c4d2a1ac8fcbf76a38a4bb8a2e42b590ae18 (patch)
treeb37ae89c2b0f1df54c05a7f0fa213ccce8fceb49 /datarouter-node/src/main/java
parent4916be0d1ef49873bb8f08e71502a7c0cb2233b1 (diff)
DMAAP-DR Header Injection fix
Signed-off-by: david.mcweeney <david.mcweeney@est.tech> Change-Id: I5eb00945762064a5beeb5ce9c57e24243364c238 Issue-ID: DMAAP-1624
Diffstat (limited to 'datarouter-node/src/main/java')
-rw-r--r--datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java7
1 files changed, 7 insertions, 0 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index 0d030683..27fa5f3e 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -253,6 +253,13 @@ public class NodeServlet extends HttpServlet {
return;
}
fileid = fileid.substring(18);
+ if (req.getHeader("X-DMAAP-DR-PUBLISH-ID") != null && !req.getHeader("X-DMAAP-DR-PUBLISH-ID").matches("^[a-zA-Z0-9_]+$")) {
+ String reason = "Error validating header";
+ eelfLogger.error(reason);
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, reason);
+ eelfLogger.info(EelfMsgs.EXIT);
+ return;
+ }
pubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing
targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING"));