diff options
author | Ram Koya <rk541m@att.com> | 2018-09-24 15:18:44 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-09-24 15:18:44 +0000 |
commit | b2e750843b6e7b109d09fc684282b65c72bc98d7 (patch) | |
tree | 3f64d63034ec2b62e71c6030eb945f524a888012 /datarouter-prov/src/main/java/org/onap | |
parent | ca28db1f5b2b2b68b2c400fc157adabdcbd084bc (diff) | |
parent | f3813a02bcb9ff3d0fcb9ad999e0b6221ff79cdb (diff) |
Merge "Fix PublishServlet Vulnerabilities"
Diffstat (limited to 'datarouter-prov/src/main/java/org/onap')
-rw-r--r-- | datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java | 72 |
1 files changed, 38 insertions, 34 deletions
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java index 05502760..4cefdf1e 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java @@ -25,11 +25,9 @@ package org.onap.dmaap.datarouter.provisioning; import java.io.IOException; -import java.io.InputStream; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import java.util.Properties; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -98,41 +96,47 @@ public class PublishServlet extends BaseServlet { setIpAndFqdnForEelf("doPost"); eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); redirect(req, resp); + } - private void redirect(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String[] nodes = getNodes(); - if (nodes == null || nodes.length == 0) { - resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "There are no nodes defined in the DR network."); - } else { - EventLogRecord elr = new EventLogRecord(req); - int feedid = checkPath(req); - if (feedid < 0) { - String message = (feedid == -1) - ? "Invalid request - Missing or bad feed number." - : "Invalid request - Missing file ID."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); - - resp.sendError(HttpServletResponse.SC_NOT_FOUND, message); + private void redirect(HttpServletRequest req, HttpServletResponse resp) { + try { + String[] nodes = getNodes(); + if (nodes == null || nodes.length == 0) { + resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "There are no nodes defined in the DR network."); } else { - // Generate new URL - String nextnode = getRedirectNode(feedid, req); - nextnode = nextnode+":"+DB.HTTPS_PORT; - String newurl = "https://" + nextnode + "/publish" + req.getPathInfo(); - String qs = req.getQueryString(); - if (qs != null) - newurl += "?" + qs; - - // Log redirect in event log - String message = "Redirected to: "+newurl; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_MOVED_PERMANENTLY); - eventlogger.info(elr); - - resp.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); - resp.setHeader("Location", newurl); + EventLogRecord elr = new EventLogRecord(req); + int feedid = checkPath(req); + if (feedid < 0) { + String message = (feedid == -1) + ? "Invalid request - Missing or bad feed number." + : "Invalid request - Missing file ID."; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_NOT_FOUND); + eventlogger.info(elr); + + resp.sendError(HttpServletResponse.SC_NOT_FOUND, message); + } else { + // Generate new URL + String nextnode = getRedirectNode(feedid, req); + nextnode = nextnode + ":" + DB.HTTPS_PORT; + String newurl = "https://" + nextnode + "/publish" + req.getPathInfo(); + String qs = req.getQueryString(); + if (qs != null) + newurl += "?" + qs; + + // Log redirect in event log + String message = "Redirected to: " + newurl; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_MOVED_PERMANENTLY); + eventlogger.info(elr); + + resp.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); + resp.setHeader("Location", newurl); + } } + } catch (IOException ioe) { + intlogger.error("IOException" + ioe.getMessage()); + } } private String getRedirectNode(int feedid, HttpServletRequest req) { |