summaryrefslogtreecommitdiffstats
path: root/datarouter-node/src
diff options
context:
space:
mode:
authorRam Koya <rk541m@att.com>2018-09-20 15:44:26 +0000
committerGerrit Code Review <gerrit@onap.org>2018-09-20 15:44:26 +0000
commit46ef61c0fe477483be17dbf9af2ef3b1023da0d8 (patch)
tree8b90efd9a4ac62748fc4a39f67dfdf77e5dae3e6 /datarouter-node/src
parent7db6b77e880c77da2489eedd5bfa85524c5b6e72 (diff)
parent527f8c01aab421811407a0dbe4868370e53cd7a2 (diff)
Merge "Fix NodeServlet Vulnerabilities"
Diffstat (limited to 'datarouter-node/src')
-rw-r--r--datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java79
-rw-r--r--datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java10
-rw-r--r--datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java18
3 files changed, 36 insertions, 71 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index 5f851398..b54068b5 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -27,14 +27,12 @@ package org.onap.dmaap.datarouter.node;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import java.io.File;
-import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
-import java.net.Socket;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
@@ -44,9 +42,12 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import org.apache.log4j.Logger;
import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
+import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError;
+
/**
* Servlet for handling all http and https requests to the data router node
* <p>
@@ -59,11 +60,9 @@ import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
* PUT/DELETE https://<i>node</i>/publish/<i>feedid</i>/<i>fileid</i> - publsh request
*/
public class NodeServlet extends HttpServlet {
-
private static Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.node.NodeServlet");
private static NodeConfigManager config;
private static Pattern MetaDataPattern;
- private static SubnetMatcher internalsubnet = new SubnetMatcher("135.207.136.128/25");
//Adding EELF Logger Rally:US664892
private static EELFLogger eelflogger = EELFManager.getInstance()
.getLogger("org.onap.dmaap.datarouter.node.NodeServlet");
@@ -90,7 +89,7 @@ public class NodeServlet extends HttpServlet {
private boolean down(HttpServletResponse resp) throws IOException {
if (config.isShutdown() || !config.isConfigured()) {
- resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
+ sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, logger);
logger.info("NODE0102 Rejecting request: Service is being quiesced");
return (true);
}
@@ -100,12 +99,17 @@ public class NodeServlet extends HttpServlet {
/**
* Handle a GET for /internal/fetchProv
*/
- protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp){
NodeUtils.setIpAndFqdnForEelf("doGet");
eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
getIdFromPath(req) + "");
- if (down(resp)) {
- return;
+ try{
+ if (down(resp)) {
+ return;
+ }
+
+ } catch (IOException ioe) {
+ logger.error("IOException" + ioe.getMessage());
}
String path = req.getPathInfo();
String qs = req.getQueryString();
@@ -125,50 +129,9 @@ public class NodeServlet extends HttpServlet {
return;
}
}
- if (internalsubnet.matches(NodeUtils.getInetAddress(ip))) {
- if (path.startsWith("/internal/logs/")) {
- String f = path.substring(15);
- File fn = new File(config.getLogDir() + "/" + f);
- if (f.indexOf('/') != -1 || !fn.isFile()) {
- logger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip);
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
- return;
- }
- byte[] buf = new byte[65536];
- resp.setContentType("text/plain");
- resp.setContentLength((int) fn.length());
- resp.setStatus(200);
- try (InputStream is = new FileInputStream(fn)) {
- OutputStream os = resp.getOutputStream();
- int i;
- while ((i = is.read(buf)) > 0) {
- os.write(buf, 0, i);
- }
- }
- return;
- }
- if (path.startsWith("/internal/rtt/")) {
- String xip = path.substring(14);
- long st = System.currentTimeMillis();
- String status = " unknown";
- try {
- Socket s = new Socket(xip, 443);
- s.close();
- status = " connected";
- } catch (Exception e) {
- status = " error " + e.toString();
- }
- long dur = System.currentTimeMillis() - st;
- resp.setContentType("text/plain");
- resp.setStatus(200);
- byte[] buf = (dur + status + "\n").getBytes();
- resp.setContentLength(buf.length);
- resp.getOutputStream().write(buf);
- return;
- }
- }
+
logger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip);
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, logger);
}
/**
@@ -178,7 +141,12 @@ public class NodeServlet extends HttpServlet {
NodeUtils.setIpAndFqdnForEelf("doPut");
eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
getIdFromPath(req) + "");
- common(req, resp, true);
+ try {
+ common(req, resp, true);
+ }
+ catch(IOException ioe){
+ logger.error("IOException" + ioe.getMessage());
+ }
}
/**
@@ -188,7 +156,12 @@ public class NodeServlet extends HttpServlet {
NodeUtils.setIpAndFqdnForEelf("doDelete");
eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
getIdFromPath(req) + "");
- common(req, resp, false);
+ try {
+ common(req, resp, false);
+ }
+ catch(IOException ioe){
+ logger.error("IOException" + ioe.getMessage());
+ }
}
private void common(HttpServletRequest req, HttpServletResponse resp, boolean isput)
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java
index d5b15bca..cc21992c 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java
@@ -45,6 +45,8 @@ import org.apache.log4j.Logger;
import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
import org.slf4j.MDC;
+import javax.servlet.http.HttpServletResponse;
+
/**
* Utility functions for the data router node
*/
@@ -257,5 +259,13 @@ public class NodeUtils {
}
+ public static void sendResponseError(HttpServletResponse response, int errorCode, Logger intlogger) {
+ try {
+ response.sendError(errorCode);
+ } catch (IOException ioe) {
+ intlogger.error("IOException" + ioe.getMessage());
+ }
+ }
+
}
diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
index 048c44fa..fbdd9230 100644
--- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
+++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
@@ -87,24 +87,6 @@ public class NodeServletTest {
}
@Test
- public void Given_Request_Is_HTTP_GET_And_Endpoint_Is_Internal_Logs_And_File_Does_Not_Exist_Then_Not_Found_Response_Is_Generated() throws Exception {
- when(request.getPathInfo()).thenReturn("/internal/logs/fileName");
- when(request.getRemoteAddr()).thenReturn("135.207.136.128");
- nodeServlet.doGet(request, response);
- verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND));
- }
-
- @Test
- public void Given_Request_Is_HTTP_GET_And_Endpoint_Is_Internal_Rtt_And_Error_Connecting_To_Socket_Occurs_Then_Ok_Response_Is_Generated() throws Exception {
- when(request.getPathInfo()).thenReturn("/internal/rtt/0.0.0.0");
- when(request.getRemoteAddr()).thenReturn("135.207.136.128");
- ServletOutputStream outStream = mock(ServletOutputStream.class);
- when(response.getOutputStream()).thenReturn(outStream);
- nodeServlet.doGet(request, response);
- verify(response).setStatus(eq(200));
- }
-
- @Test
public void Given_Request_Is_HTTP_GET_To_Invalid_Endpoint_Then_Not_Found_Response_Is_Generated() throws Exception {
when(request.getPathInfo()).thenReturn("/incorrect");
nodeServlet.doGet(request, response);