From 67cc50441de4e771ca3e0d91a2e35e0e4057a219 Mon Sep 17 00:00:00 2001 From: Conor Ward Date: Thu, 13 Sep 2018 07:44:37 +0000 Subject: Fix Vulnerabilities in BaseServlet Change-Id: If17554c146ea4decf806a13a3412f903323d1c2b Signed-off-by: Conor Ward Issue-ID: DMAAP-771 --- .../dmaap/datarouter/provisioning/BaseServlet.java | 38 +++++++++------------- .../datarouter/provisioning/SynchronizerTask.java | 2 +- .../provisioning/utils/URLUtilities.java | 12 +++---- 3 files changed, 22 insertions(+), 30 deletions(-) (limited to 'datarouter-prov/src/main/java') diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index 047043b1..3838cadf 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -121,7 +121,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { private static final int DEFAULT_POKETIMER2 = 30; private static final String DEFAULT_DOMAIN = "onap"; private static final String DEFAULT_PROVSRVR_NAME = "dmaap-dr-prov"; - private static final String RESEARCH_SUBNET = "10.42.0.0/16"; private static final String STATIC_ROUTING_NODES = ""; //Adding new param for static Routing - Rally:US664862-1610 /** @@ -139,11 +138,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { /** * The set of authorized addresses and networks; pulled from the DB (PROV_AUTH_ADDRESSES) */ - private static Set authorizedAddressesAndNetworks = new HashSet(); + private static Set authorizedAddressesAndNetworks = new HashSet<>(); /** * The set of authorized names; pulled from the DB (PROV_AUTH_SUBJECTS) */ - private static Set authorizedNames = new HashSet(); + private static Set authorizedNames = new HashSet<>(); /** * The FQDN of the initially "active" provisioning server in this Data Router ecosystem */ @@ -199,19 +198,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { /** * The standard FQDN of the provisioning server in this Data Router ecosystem */ - public static String provName = "feeds-drtr.web.att.com"; + private static String provName = "feeds-drtr.web.att.com"; + /** * The standard FQDN of the ACTIVE provisioning server in this Data Router ecosystem */ - public static String activeProvName = "feeds-drtr.web.att.com"; - /** - * Special subnet that is allowed access to /internal - */ - private static String researchSubnet = RESEARCH_SUBNET; - /** - * Special subnet that is allowed access to /internal to Lab Machine - */ - private static String researchSubnet1 = RESEARCH_SUBNET; + private static String activeProvName = "feeds-drtr.web.att.com"; + private static String staticRoutingNodes = STATIC_ROUTING_NODES; //Adding new param for static Routing - Rally:US664862-1610 /** @@ -389,13 +382,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { if (loopback != null && ip.equals(loopback)) { return true; } - // Also allow the "special subnet" access - if (addressMatchesNetwork(ip, researchSubnet1)) { - return true; - } - if (addressMatchesNetwork(ip, researchSubnet)) { - return true; - } } catch (UnknownHostException e) { // ignore } @@ -473,7 +459,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { provDomain = getString(map, Parameters.PROV_DOMAIN, DEFAULT_DOMAIN); provName = getString(map, Parameters.PROV_NAME, DEFAULT_PROVSRVR_NAME); activeProvName = getString(map, Parameters.PROV_ACTIVE_NAME, provName); - researchSubnet = getString(map, Parameters.PROV_SPECIAL_SUBNET, RESEARCH_SUBNET); staticRoutingNodes = getString(map, Parameters.STATIC_ROUTING_NODES, ""); //Adding new param for static Routing - Rally:US664862-1610 initialActivePod = getString(map, Parameters.ACTIVE_POD, ""); @@ -630,6 +615,13 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } } + public static String getProvName() { + return provName; + } + + public static String getActiveProvName() { + return activeProvName; + } /** * Get an array of all node names in the DR network. @@ -784,7 +776,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } private static Set getSet(Map map, String name) { - Set set = new HashSet(); + Set set = new HashSet<>(); String s = map.get(name); if (s != null) { String[] pp = s.split("\\|"); @@ -807,7 +799,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { public class ContentHeader { private String type = ""; - private Map map = new HashMap(); + private Map map = new HashMap<>(); ContentHeader() { this("", "1.0"); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java index e1eeb786..f9d0867d 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java @@ -302,7 +302,7 @@ public class SynchronizerTask extends TimerTask { String thisPod = myaddr.getHostName(); Set pods = new TreeSet<>(Arrays.asList(BaseServlet.getPods())); if (pods.contains(thisPod)) { - InetAddress pserver = InetAddress.getByName(BaseServlet.activeProvName); + InetAddress pserver = InetAddress.getByName(BaseServlet.getActiveProvName()); newstate = myaddr.equals(pserver) ? ACTIVE : STANDBY; if (logger.isDebugEnabled() && System.currentTimeMillis() >= nextMsg) { logger.debug("Active POD = " + pserver + ", Current state is " + stnames[newstate]); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java index b58ab5a0..b73c4639 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java @@ -45,7 +45,7 @@ public class URLUtilities { * @return the URL */ public static String generateFeedURL(int feedid) { - return "https://" + BaseServlet.provName + "/feed/" + feedid; + return "https://" + BaseServlet.getProvName() + "/feed/" + feedid; } /** @@ -55,7 +55,7 @@ public class URLUtilities { * @return the URL */ public static String generatePublishURL(int feedid) { - return "https://" + BaseServlet.provName + "/publish/" + feedid; + return "https://" + BaseServlet.getProvName() + "/publish/" + feedid; } /** @@ -65,7 +65,7 @@ public class URLUtilities { * @return the URL */ public static String generateSubscribeURL(int feedid) { - return "https://" + BaseServlet.provName + "/subscribe/" + feedid; + return "https://" + BaseServlet.getProvName() + "/subscribe/" + feedid; } /** @@ -75,7 +75,7 @@ public class URLUtilities { * @return the URL */ public static String generateFeedLogURL(int feedid) { - return "https://" + BaseServlet.provName + "/feedlog/" + feedid; + return "https://" + BaseServlet.getProvName() + "/feedlog/" + feedid; } /** @@ -85,7 +85,7 @@ public class URLUtilities { * @return the URL */ public static String generateSubscriptionURL(int subid) { - return "https://" + BaseServlet.provName + "/subs/" + subid; + return "https://" + BaseServlet.getProvName() + "/subs/" + subid; } /** @@ -95,7 +95,7 @@ public class URLUtilities { * @return the URL */ public static String generateSubLogURL(int subid) { - return "https://" + BaseServlet.provName + "/sublog/" + subid; + return "https://" + BaseServlet.getProvName() + "/sublog/" + subid; } /** -- cgit 1.2.3-korg