Merge "Don't give the user the exact stack trace of the exception"

author: Manoop Talasila <talasila@research.att.com> 2019-05-30 14:44:42 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2019-05-30 14:44:42 +0000
commit: 88f48d47dc427e73842c0b65a6b544c8229c2773 (patch)
tree: 9ab4730f29755a87ecdde9f01e483129731d8ffe /ecomp-portal-BE-os/src/main
parent: ee8d6a877f7709f28da43b0f10baf659876c4bed (diff)
parent: 3101e7778575b6425d47321685105d0272286598 (diff)
1 files changed, 26 insertions, 20 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
index 25eee828..703019f9 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -1,9 +1,9 @@
-
 /*-
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (c) 2019 Samsung
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -36,6 +36,7 @@
  *
  * 
  */
+
 package org.onap.portalapp.filter;
 
 import java.io.BufferedReader;
@@ -48,7 +49,6 @@ import java.util.Enumeration;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ReadListener;
-import javax.servlet.ServletException;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
@@ -62,7 +62,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
 
 public class SecurityXssFilter extends OncePerRequestFilter {
 
-	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
+	private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
 
 	private static final String APPLICATION_JSON = "application/json";
 
@@ -120,40 +120,47 @@ public class SecurityXssFilter extends OncePerRequestFilter {
 
 			@Override
 			public void setReadListener(ReadListener readListener) {
-
+				// do nothing
 			}
-
 		}
 	}
 
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-			throws ServletException, IOException {
+			throws IOException {
 		StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
-	    String queryString = request.getQueryString();
-	    String requestUrl = "";
-	    if (queryString == null) {
-	    	requestUrl = requestURL.toString();
-	    } else {
-	    	requestUrl = requestURL.append('?').append(queryString).toString();
-	    }
-	    validateRequest(requestUrl, response);
+		String queryString = request.getQueryString();
+		String requestUrl;
+
+		if (queryString == null) {
+			requestUrl = requestURL.toString();
+		} else {
+			requestUrl = requestURL.append('?').append(queryString).toString();
+		}
+
+		validateRequest(requestUrl, response);
 		StringBuilder headerValues = new StringBuilder();
 		Enumeration<String> headerNames = request.getHeaderNames();
+
 		while (headerNames.hasMoreElements()) {
-			String key = (String) headerNames.nextElement();
+			String key = headerNames.nextElement();
 			String value = request.getHeader(key);
 			headerValues.append(value);
 		}
+
 		validateRequest(headerValues.toString(), response);
+
 		if (validateRequestType(request)) {
 			request = new RequestWrapper(request);
 			String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
 			validateRequest(requestData, response);
-			filterChain.doFilter(request, response);
+		}
 
-		} else {
+		try {
 			filterChain.doFilter(request, response);
+		} catch (Exception e) {
+			sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
+			response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request");
 		}
 	}
 
@@ -171,9 +178,8 @@ public class SecurityXssFilter extends OncePerRequestFilter {
 				throw new SecurityException(ERROR_BAD_REQUEST);
 			}
 		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+			sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
 			response.getWriter().close();
-			return;
 		}
 	}
-}
-\ No newline at end of file
+}
author	Manoop Talasila <talasila@research.att.com>	2019-05-30 14:44:42 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2019-05-30 14:44:42 +0000
commit	88f48d47dc427e73842c0b65a6b544c8229c2773 (patch)
tree	9ab4730f29755a87ecdde9f01e483129731d8ffe /ecomp-portal-BE-os/src/main
parent	ee8d6a877f7709f28da43b0f10baf659876c4bed (diff)
parent	3101e7778575b6425d47321685105d0272286598 (diff)