diff options
author | Ram Koya <rk541m@att.com> | 2018-09-20 15:44:26 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-09-20 15:44:26 +0000 |
commit | 46ef61c0fe477483be17dbf9af2ef3b1023da0d8 (patch) | |
tree | 8b90efd9a4ac62748fc4a39f67dfdf77e5dae3e6 /datarouter-node/src | |
parent | 7db6b77e880c77da2489eedd5bfa85524c5b6e72 (diff) | |
parent | 527f8c01aab421811407a0dbe4868370e53cd7a2 (diff) |
Merge "Fix NodeServlet Vulnerabilities"
Diffstat (limited to 'datarouter-node/src')
3 files changed, 36 insertions, 71 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java index 5f851398..b54068b5 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java @@ -27,14 +27,12 @@ package org.onap.dmaap.datarouter.node; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.io.File; -import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.FileWriter; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.Writer; -import java.net.Socket; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -44,9 +42,12 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.apache.log4j.Logger; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; +import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError; + /** * Servlet for handling all http and https requests to the data router node * <p> @@ -59,11 +60,9 @@ import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; * PUT/DELETE https://<i>node</i>/publish/<i>feedid</i>/<i>fileid</i> - publsh request */ public class NodeServlet extends HttpServlet { - private static Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.node.NodeServlet"); private static NodeConfigManager config; private static Pattern MetaDataPattern; - private static SubnetMatcher internalsubnet = new SubnetMatcher("135.207.136.128/25"); //Adding EELF Logger Rally:US664892 private static EELFLogger eelflogger = EELFManager.getInstance() .getLogger("org.onap.dmaap.datarouter.node.NodeServlet"); @@ -90,7 +89,7 @@ public class NodeServlet extends HttpServlet { private boolean down(HttpServletResponse resp) throws IOException { if (config.isShutdown() || !config.isConfigured()) { - resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); + sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, logger); logger.info("NODE0102 Rejecting request: Service is being quiesced"); return (true); } @@ -100,12 +99,17 @@ public class NodeServlet extends HttpServlet { /** * Handle a GET for /internal/fetchProv */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + protected void doGet(HttpServletRequest req, HttpServletResponse resp){ NodeUtils.setIpAndFqdnForEelf("doGet"); eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"), getIdFromPath(req) + ""); - if (down(resp)) { - return; + try{ + if (down(resp)) { + return; + } + + } catch (IOException ioe) { + logger.error("IOException" + ioe.getMessage()); } String path = req.getPathInfo(); String qs = req.getQueryString(); @@ -125,50 +129,9 @@ public class NodeServlet extends HttpServlet { return; } } - if (internalsubnet.matches(NodeUtils.getInetAddress(ip))) { - if (path.startsWith("/internal/logs/")) { - String f = path.substring(15); - File fn = new File(config.getLogDir() + "/" + f); - if (f.indexOf('/') != -1 || !fn.isFile()) { - logger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip); - resp.sendError(HttpServletResponse.SC_NOT_FOUND); - return; - } - byte[] buf = new byte[65536]; - resp.setContentType("text/plain"); - resp.setContentLength((int) fn.length()); - resp.setStatus(200); - try (InputStream is = new FileInputStream(fn)) { - OutputStream os = resp.getOutputStream(); - int i; - while ((i = is.read(buf)) > 0) { - os.write(buf, 0, i); - } - } - return; - } - if (path.startsWith("/internal/rtt/")) { - String xip = path.substring(14); - long st = System.currentTimeMillis(); - String status = " unknown"; - try { - Socket s = new Socket(xip, 443); - s.close(); - status = " connected"; - } catch (Exception e) { - status = " error " + e.toString(); - } - long dur = System.currentTimeMillis() - st; - resp.setContentType("text/plain"); - resp.setStatus(200); - byte[] buf = (dur + status + "\n").getBytes(); - resp.setContentLength(buf.length); - resp.getOutputStream().write(buf); - return; - } - } + logger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip); - resp.sendError(HttpServletResponse.SC_NOT_FOUND); + sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, logger); } /** @@ -178,7 +141,12 @@ public class NodeServlet extends HttpServlet { NodeUtils.setIpAndFqdnForEelf("doPut"); eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"), getIdFromPath(req) + ""); - common(req, resp, true); + try { + common(req, resp, true); + } + catch(IOException ioe){ + logger.error("IOException" + ioe.getMessage()); + } } /** @@ -188,7 +156,12 @@ public class NodeServlet extends HttpServlet { NodeUtils.setIpAndFqdnForEelf("doDelete"); eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"), getIdFromPath(req) + ""); - common(req, resp, false); + try { + common(req, resp, false); + } + catch(IOException ioe){ + logger.error("IOException" + ioe.getMessage()); + } } private void common(HttpServletRequest req, HttpServletResponse resp, boolean isput) diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java index d5b15bca..cc21992c 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java @@ -45,6 +45,8 @@ import org.apache.log4j.Logger; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; import org.slf4j.MDC; +import javax.servlet.http.HttpServletResponse; + /** * Utility functions for the data router node */ @@ -257,5 +259,13 @@ public class NodeUtils { } + public static void sendResponseError(HttpServletResponse response, int errorCode, Logger intlogger) { + try { + response.sendError(errorCode); + } catch (IOException ioe) { + intlogger.error("IOException" + ioe.getMessage()); + } + } + } diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java index 048c44fa..fbdd9230 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java @@ -87,24 +87,6 @@ public class NodeServletTest { } @Test - public void Given_Request_Is_HTTP_GET_And_Endpoint_Is_Internal_Logs_And_File_Does_Not_Exist_Then_Not_Found_Response_Is_Generated() throws Exception { - when(request.getPathInfo()).thenReturn("/internal/logs/fileName"); - when(request.getRemoteAddr()).thenReturn("135.207.136.128"); - nodeServlet.doGet(request, response); - verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND)); - } - - @Test - public void Given_Request_Is_HTTP_GET_And_Endpoint_Is_Internal_Rtt_And_Error_Connecting_To_Socket_Occurs_Then_Ok_Response_Is_Generated() throws Exception { - when(request.getPathInfo()).thenReturn("/internal/rtt/0.0.0.0"); - when(request.getRemoteAddr()).thenReturn("135.207.136.128"); - ServletOutputStream outStream = mock(ServletOutputStream.class); - when(response.getOutputStream()).thenReturn(outStream); - nodeServlet.doGet(request, response); - verify(response).setStatus(eq(200)); - } - - @Test public void Given_Request_Is_HTTP_GET_To_Invalid_Endpoint_Then_Not_Found_Response_Is_Generated() throws Exception { when(request.getPathInfo()).thenReturn("/incorrect"); nodeServlet.doGet(request, response); |