From 32a143ffae69b2675e98c1d41be18defe31645b4 Mon Sep 17 00:00:00 2001 From: Conor Ward Date: Fri, 21 Sep 2018 12:15:57 +0000 Subject: Fix NodeServlet Vulnerabilities Change-Id: I7257eb3f65b76888098d85e4a7cad7f97f754570 Signed-off-by: Conor Ward Issue-ID: DMAAP-775 --- .../onap/dmaap/datarouter/node/NodeServlet.java | 23 ++++++++-------------- 1 file changed, 8 insertions(+), 15 deletions(-) (limited to 'datarouter-node/src/main/java/org') diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java index b54068b5..51e59925 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java @@ -137,15 +137,16 @@ public class NodeServlet extends HttpServlet { /** * Handle all PUT requests */ - protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + protected void doPut(HttpServletRequest req, HttpServletResponse resp) { NodeUtils.setIpAndFqdnForEelf("doPut"); eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"), getIdFromPath(req) + ""); try { common(req, resp, true); - } - catch(IOException ioe){ + } catch(IOException ioe){ logger.error("IOException" + ioe.getMessage()); + } catch(ServletException se){ + logger.error("ServletException" + se.getMessage()); } } @@ -158,9 +159,10 @@ public class NodeServlet extends HttpServlet { getIdFromPath(req) + ""); try { common(req, resp, false); - } - catch(IOException ioe){ + } catch(IOException ioe){ logger.error("IOException" + ioe.getMessage()); + } catch(ServletException se){ + logger.error("ServletException" + se.getMessage()); } } @@ -277,9 +279,8 @@ public class NodeServlet extends HttpServlet { File data = new File(fbase); File meta = new File(fbase + ".M"); OutputStream dos = null; - Writer mw = null; InputStream is = null; - try { + try (Writer mw = new FileWriter(meta)){ StringBuffer mx = new StringBuffer(); mx.append(req.getMethod()).append('\t').append(fileid).append('\n'); Enumeration hnames = req.getHeaderNames(); @@ -353,12 +354,10 @@ public class NodeServlet extends HttpServlet { } String dbase = di.getSpool() + "/" + pubid; Files.createLink(Paths.get(dbase), dpath); - mw = new FileWriter(meta); mw.write(metadata); if (di.getSubId() == null) { mw.write("X-ATT-DR-ROUTING\t" + t.getRouting() + "\n"); } - mw.close(); meta.renameTo(new File(dbase + ".M")); } resp.setStatus(HttpServletResponse.SC_NO_CONTENT); @@ -383,12 +382,6 @@ public class NodeServlet extends HttpServlet { } catch (Exception e) { } } - if (mw != null) { - try { - mw.close(); - } catch (Exception e) { - } - } try { data.delete(); } catch (Exception e) { -- cgit 1.2.3-korg