From 60ec30b5f8480da7f525da5e6a9b9e2070100f1b Mon Sep 17 00:00:00 2001 From: statta Date: Mon, 26 Aug 2019 13:14:25 -0400 Subject: Portal Setup - App issue Issue-ID: PORTAL-723 Change-Id: Iff1523b2a474f56a74c9fcb9fd850e0e38f6fc68 Signed-off-by: statta --- .../portal/controller/ConsulClientController.java | 113 ----------- .../portal/service/ConsulHealthService.java | 62 ------ .../portal/service/ConsulHealthServiceImpl.java | 114 ----------- .../controller/ConsulClientControllerTest.java | 179 ----------------- .../service/ConsulHealthServiceImplTest.java | 184 ------------------ .../onap/portalapp/filter/SecurityXssFilter.java | 179 +++++++++++++++++ .../portalapp/filter/SecurityXssValidator.java | 213 +++++++++++++++++++++ .../PortalDMLMySql_2_6_Common.sql | 32 ++++ ecomp-portal-DB-os/PortalDDLMySql_2_6_OS.sql | 12 ++ ecomp-portal-DB-os/PortalDMLMySql_2_6_OS.sql | 153 +++++++++++++++ ecomp-portal-FE-os/client/configurations/dev.json | 2 +- 11 files changed, 590 insertions(+), 653 deletions(-) delete mode 100644 ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ConsulClientController.java delete mode 100644 ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthService.java delete mode 100644 ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthServiceImpl.java delete mode 100644 ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ConsulClientControllerTest.java delete mode 100644 ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ConsulHealthServiceImplTest.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java create mode 100644 ecomp-portal-DB-os/PortalDDLMySql_2_6_OS.sql create mode 100644 ecomp-portal-DB-os/PortalDMLMySql_2_6_OS.sql diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ConsulClientController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ConsulClientController.java deleted file mode 100644 index 264c95c3..00000000 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ConsulClientController.java +++ /dev/null @@ -1,113 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal - * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalapp.portal.controller; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.portalapp.controller.EPRestrictedBaseController; -import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; -import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; -import org.onap.portalapp.portal.service.ConsulHealthService; -import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RestController; - -import com.orbitz.consul.ConsulException; -import com.orbitz.consul.model.health.ServiceHealth; - -import io.searchbox.client.config.exception.NoServerConfiguredException; - -@RestController -@RequestMapping("/portalApi/consul") -public class ConsulClientController extends EPRestrictedBaseController { - private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ConsulClientController.class); - - @Autowired - private ConsulHealthService consulHealthService; - - // Get location of a healthy node running our service - @RequestMapping(value = { "/service/{service}" }, method = RequestMethod.GET, produces = "application/json") - public PortalRestResponse getServiceLocation(HttpServletRequest request, HttpServletResponse response, - @PathVariable("service") String service) { - - try { - return new PortalRestResponse(PortalRestStatusEnum.OK, "Success!", - consulHealthService.getServiceLocation(service, null)); - } catch (NoServerConfiguredException e) { - logger.error(logger.errorLogger, "No healthy service exception!"); - return new PortalRestResponse(PortalRestStatusEnum.WARN, "Warning!", - "No healthy service exception!"); - } catch (ConsulException e) { - logger.error(logger.errorLogger, "Couldn't connect ot consul - Is consul running?"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Error!", - "Couldn't connect ot consul - Is consul running?"); - } - } - - @RequestMapping(value = { "/service/healthy/{service}" }, method = RequestMethod.GET, produces = "application/json") - public PortalRestResponse> getAllHealthyNodes(HttpServletRequest request, - HttpServletResponse response, @PathVariable("service") String service) { - try { - return new PortalRestResponse>(PortalRestStatusEnum.OK, "Success!", - consulHealthService.getAllHealthyNodes(service)); - } catch (ConsulException e) { - logger.error(logger.errorLogger, "Couldn't connect to consul - shouldn't break anything."); - return new PortalRestResponse>(PortalRestStatusEnum.ERROR, "Error!", new ArrayList<>()); - } - } - - @RequestMapping(value = { "/service/all/{service}" }, method = RequestMethod.GET, produces = "application/json") - public PortalRestResponse> getAllNodes(HttpServletRequest request, HttpServletResponse response, - @PathVariable("service") String service) { - try { - return new PortalRestResponse>(PortalRestStatusEnum.OK, "Success!", - consulHealthService.getAllNodes(service)); - } catch (ConsulException e) { - logger.error(logger.errorLogger, "Couldn't connect to consul - shouldn't break anything."); - return new PortalRestResponse>(PortalRestStatusEnum.ERROR, "Error!", new ArrayList<>()); - } - } - -} diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthService.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthService.java deleted file mode 100644 index 15af7e0b..00000000 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthService.java +++ /dev/null @@ -1,62 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal - * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalapp.portal.service; - -import java.util.List; - -import org.onap.portalapp.portal.exceptions.NoHealthyServiceException; - -import com.ecwid.consul.ConsulException; -import com.orbitz.consul.model.health.ServiceHealth; - -public interface ConsulHealthService { - /** - * This method returns the location of one healthy node if found in Consul - - * If not found in / by Consul, it falls back to 'localhost' - * - * @param service - * @param fallbackPortOnLocalhost - * value provided by the calling service - * @return Service location - */ - public String getServiceLocation(String service, String fallbackPortOnLocalhost) throws NoHealthyServiceException; - - public List getAllHealthyNodes(String service) throws ConsulException; - - public List getAllNodes(String service) throws ConsulException; -} diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthServiceImpl.java deleted file mode 100644 index a0f0841d..00000000 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ConsulHealthServiceImpl.java +++ /dev/null @@ -1,114 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal - * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalapp.portal.service; - -import java.util.List; - -import org.onap.portalapp.portal.utils.EcompPortalUtils; -import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.springframework.stereotype.Component; - -import com.ecwid.consul.ConsulException; -import com.orbitz.consul.Consul; -import com.orbitz.consul.HealthClient; -import com.orbitz.consul.model.health.ServiceHealth; - -@Component -public class ConsulHealthServiceImpl implements ConsulHealthService { - - private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ConsulHealthServiceImpl.class); - - @Override - public String getServiceLocation(String service, String fallbackPortOnLocalHost) { - - List nodes = null; - - try { - Consul consul = Consul.builder().build(); - HealthClient healthClient = consul.healthClient(); - nodes = healthClient.getHealthyServiceInstances(service).getResponse(); - } catch (Exception e) { - String localFallbackServiceLocation = EcompPortalUtils.localOrDockerHost() + ":" + fallbackPortOnLocalHost; - logger.debug(EELFLoggerDelegate.debugLogger, - " problem getting nodes for service {1}. Defaulting to {2}. Exception: {3}", service, - localFallbackServiceLocation, e.getMessage()); - logger.error(EELFLoggerDelegate.errorLogger, - " problem getting nodes for service {1}. Defaulting to {2}. Exception: {3}", service, - localFallbackServiceLocation, e); - return localFallbackServiceLocation; - } - - if (nodes == null || nodes.size() == 0) { - logger.debug(EELFLoggerDelegate.debugLogger, "No healthy node found in the consul cluster running service " + service - + ". Defaulting to localhost"); - return EcompPortalUtils.localOrDockerHost() + ":" + fallbackPortOnLocalHost; - } else { - String locationFromConsul; - ServiceHealth node = nodes.get(0); - locationFromConsul = node.getNode().getNode() + ":" + node.getService().getPort(); - logger.debug(EELFLoggerDelegate.debugLogger, - "Found healthy service location using consul - returning location " + locationFromConsul); - - // if locationFromConsul is null for some reason (very unlikely at - // this point), default to localhost - if (null == locationFromConsul || "".equals(locationFromConsul)) { - logger.debug(EELFLoggerDelegate.debugLogger, - "Couldn't get location from consul for service " + service + ". Defaulting to localhost"); - return "localhost:" + fallbackPortOnLocalHost; - } else { - logger.debug(EELFLoggerDelegate.debugLogger, "Found service location from consul for service " + service - + ". Location is " + locationFromConsul); - return locationFromConsul; - } - } - } - - @Override - public List getAllHealthyNodes(String service) throws ConsulException { - Consul consul = Consul.builder().build(); - HealthClient healthClient = consul.healthClient(); - return healthClient.getHealthyServiceInstances(service).getResponse(); - } - - @Override - public List getAllNodes(String service) { - Consul consul = Consul.builder().build(); - HealthClient healthClient = consul.healthClient(); - return healthClient.getAllServiceInstances(service).getResponse(); - } -} diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ConsulClientControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ConsulClientControllerTest.java deleted file mode 100644 index 8db66b01..00000000 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ConsulClientControllerTest.java +++ /dev/null @@ -1,179 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal - * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalapp.portal.controller; - -import static org.junit.Assert.assertTrue; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.junit.Before; -import org.junit.Test; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.MockitoAnnotations; -import org.onap.portalapp.portal.controller.ConsulClientController; -import org.onap.portalapp.portal.domain.BEProperty; -import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; -import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; -import org.onap.portalapp.portal.framework.MockitoTestSuite; -import org.onap.portalapp.portal.service.ConsulHealthService; -import org.onap.portalapp.portal.service.ConsulHealthServiceImpl; - -import com.orbitz.consul.ConsulException; -import com.orbitz.consul.model.health.ServiceHealth; - -import io.searchbox.client.config.exception.NoServerConfiguredException; - -public class ConsulClientControllerTest { - - @Mock - ConsulHealthService consulHealthService = new ConsulHealthServiceImpl(); - - @InjectMocks - ConsulClientController consulClientController = new ConsulClientController(); - - NoServerConfiguredException noServerConfiguredException = new NoServerConfiguredException(null); - - String service = "Test"; - - @Before - public void setup() { - MockitoAnnotations.initMocks(this); - } - - MockitoTestSuite mockitoTestSuite = new MockitoTestSuite(); - - HttpServletRequest mockedRequest = mockitoTestSuite.getMockedRequest(); - HttpServletResponse mockedResponse = mockitoTestSuite.getMockedResponse(); - NullPointerException nullPointerException = new NullPointerException(); - ConsulException consulException = new ConsulException(nullPointerException); - - @Test - public void getServiceLocationTest() { - PortalRestResponse ecpectedPortalRestResponse = new PortalRestResponse(); - ecpectedPortalRestResponse.setMessage("Success!"); - ecpectedPortalRestResponse.setResponse(null); - ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK); - PortalRestResponse actualPortalRestRespone = new PortalRestResponse(); - actualPortalRestRespone = consulClientController.getServiceLocation(mockedRequest, mockedResponse, service); - assertTrue(actualPortalRestRespone.equals(ecpectedPortalRestResponse)); - } - - @Test - public void getServiceLocationExceptionTest() { - PortalRestResponse ecpectedPortalRestResponse = new PortalRestResponse(); - ecpectedPortalRestResponse.setMessage("Warning!"); - ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.WARN); - PortalRestResponse actualPortalRestRespone = new PortalRestResponse(); - Mockito.when(consulHealthService.getServiceLocation(service, null)).thenThrow(noServerConfiguredException); - actualPortalRestRespone = consulClientController.getServiceLocation(mockedRequest, mockedResponse, service); - assertTrue(actualPortalRestRespone.getMessage().equals(ecpectedPortalRestResponse.getMessage())); - assertTrue(actualPortalRestRespone.getStatus().equals(ecpectedPortalRestResponse.getStatus())); - - } - - @Test - public void getServiceLocationExceptionConsulExceptionTest() { - PortalRestResponse ecpectedPortalRestResponse = new PortalRestResponse(); - ecpectedPortalRestResponse.setMessage("Error!"); - ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); - PortalRestResponse actualPortalRestRespone = new PortalRestResponse(); - Mockito.when(consulHealthService.getServiceLocation(service, null)).thenThrow(consulException); - actualPortalRestRespone = consulClientController.getServiceLocation(mockedRequest, mockedResponse, service); - assertTrue(actualPortalRestRespone.getMessage().equals(ecpectedPortalRestResponse.getMessage())); - assertTrue(actualPortalRestRespone.getStatus().equals(ecpectedPortalRestResponse.getStatus())); - } - - public PortalRestResponse> successResponse() { - PortalRestResponse> ecpectedPortalRestResponse = new PortalRestResponse>(); - List healths = new ArrayList(); - ecpectedPortalRestResponse.setMessage("Success!"); - ecpectedPortalRestResponse.setResponse(healths); - ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK); - return ecpectedPortalRestResponse; - } - - public PortalRestResponse> errorResponse() { - PortalRestResponse> ecpectedPortalRestResponse = new PortalRestResponse>(); - List healths = new ArrayList(); - ecpectedPortalRestResponse.setMessage("Error!"); - ecpectedPortalRestResponse.setResponse(healths); - ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); - return ecpectedPortalRestResponse; - } - - @Test - public void getAllHealthyNodesTest() { - PortalRestResponse> ecpectedPortalRestResponse = successResponse(); - PortalRestResponse> actualPortalRestRespone = new PortalRestResponse>(); - actualPortalRestRespone = consulClientController.getAllHealthyNodes(mockedRequest, mockedResponse, service); - assertTrue(actualPortalRestRespone.equals(ecpectedPortalRestResponse)); - - } - - @Test - public void getAllHealthyNodesExceptionTest() { - PortalRestResponse> ecpectedPortalRestResponse = errorResponse(); - PortalRestResponse> actualPortalRestRespone = new PortalRestResponse>(); - Mockito.when(consulHealthService.getAllHealthyNodes(service)).thenThrow(consulException); - actualPortalRestRespone = consulClientController.getAllHealthyNodes(mockedRequest, mockedResponse, service); - assertTrue(actualPortalRestRespone.equals(ecpectedPortalRestResponse)); - } - - @Test - public void getAllNodesTest() { - PortalRestResponse> ecpectedPortalRestResponse = successResponse(); - PortalRestResponse> actualPortalRestRespone = new PortalRestResponse>(); - actualPortalRestRespone = consulClientController.getAllNodes(mockedRequest, mockedResponse, service); - assertTrue(actualPortalRestRespone.equals(ecpectedPortalRestResponse)); - } - - @Test - public void getAllNodesExceptionTest() { - PortalRestResponse> ecpectedPortalRestResponse = errorResponse(); - PortalRestResponse> actualPortalRestRespone = new PortalRestResponse>(); - Mockito.when(consulHealthService.getAllNodes(service)).thenThrow(consulException); - actualPortalRestRespone = consulClientController.getAllNodes(mockedRequest, mockedResponse, service); - assertTrue(actualPortalRestRespone.equals(ecpectedPortalRestResponse)); - } -} diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ConsulHealthServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ConsulHealthServiceImplTest.java deleted file mode 100644 index 71bdb7c0..00000000 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ConsulHealthServiceImplTest.java +++ /dev/null @@ -1,184 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal - * =================================================================== - * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalapp.portal.service; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.mockito.Mockito.*; - -import java.math.BigDecimal; -import java.util.ArrayList; -import java.util.List; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.MockitoAnnotations; -import org.onap.portalapp.portal.utils.EcompPortalUtils; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -import com.orbitz.consul.Consul; -import com.orbitz.consul.HealthClient; -import com.orbitz.consul.model.ConsulResponse; -import com.orbitz.consul.model.health.ServiceHealth; -import com.orbitz.consul.Consul.Builder; -import com.orbitz.consul.model.health.Node; -import com.orbitz.consul.model.health.Service; -@RunWith(PowerMockRunner.class) -@PrepareForTest({ Consul.class ,EcompPortalUtils.class}) -public class ConsulHealthServiceImplTest { - - private static final String TEST="test"; - @InjectMocks - ConsulHealthServiceImpl consulHealthServiceImpl; - - @Mock - Builder builder; - @Mock - Consul consul ; - @Mock - HealthClient healthClient; - @Mock - ServiceHealth serviceHealth; - @Mock - ConsulResponse> response; - @Mock - Node node; - @Mock - Service service; - - @Before - public void setup() { - MockitoAnnotations.initMocks(this); - } - - @Test - public void getServiceLocation_Error() { - - PowerMockito.mockStatic(Consul.class); - PowerMockito.mockStatic(EcompPortalUtils.class); - PowerMockito.when(Consul.builder()).thenReturn(builder); - PowerMockito.when(EcompPortalUtils.localOrDockerHost()).thenReturn(TEST); - when(builder.build()).thenReturn(consul); - when(consul.healthClient()).thenReturn(healthClient); - String location= consulHealthServiceImpl.getServiceLocation(TEST, TEST); - assertNotNull(location); - - } - - @Test - public void getServiceLocation_Empty() { - - List nodes=new ArrayList<>(); - nodes.add(serviceHealth); - - PowerMockito.mockStatic(Consul.class); - PowerMockito.mockStatic(EcompPortalUtils.class); - PowerMockito.when(Consul.builder()).thenReturn(builder); - PowerMockito.when(EcompPortalUtils.localOrDockerHost()).thenReturn(TEST); - when(builder.build()).thenReturn(consul); - when(consul.healthClient()).thenReturn(healthClient); - when( healthClient.getHealthyServiceInstances(TEST)).thenReturn(null); - - - String location= consulHealthServiceImpl.getServiceLocation(TEST, TEST); - assertNotNull(location); - - } - - - @Test - public void getServiceLocation() { - - List nodes=new ArrayList<>(); - nodes.add(serviceHealth); - - PowerMockito.mockStatic(Consul.class); - PowerMockito.mockStatic(EcompPortalUtils.class); - PowerMockito.when(Consul.builder()).thenReturn(builder); - PowerMockito.when(EcompPortalUtils.localOrDockerHost()).thenReturn(TEST); - when(builder.build()).thenReturn(consul); - when(consul.healthClient()).thenReturn(healthClient); - when( healthClient.getHealthyServiceInstances(TEST)).thenReturn(response); - when(response.getResponse()).thenReturn(nodes); - when(serviceHealth.getNode()).thenReturn(node); - when(serviceHealth.getService()).thenReturn(service); - - String location= consulHealthServiceImpl.getServiceLocation(TEST, TEST); - assertNotNull(location); - - } - - @Test - public void getAllHealthyNodes() { - List nodes=new ArrayList<>(); - nodes.add(serviceHealth); - - PowerMockito.mockStatic(Consul.class); - PowerMockito.when(Consul.builder()).thenReturn(builder); - - when(builder.build()).thenReturn(consul); - when(consul.healthClient()).thenReturn(healthClient); - when( healthClient.getHealthyServiceInstances(TEST)).thenReturn(response); - when(response.getResponse()).thenReturn(nodes); - List list= consulHealthServiceImpl.getAllHealthyNodes(TEST); - assertEquals(1, list.size()); - - } - - @Test - public void getAllNodes() { - List nodes=new ArrayList<>(); - nodes.add(serviceHealth); - - PowerMockito.mockStatic(Consul.class); - PowerMockito.when(Consul.builder()).thenReturn(builder); - - when(builder.build()).thenReturn(consul); - when(consul.healthClient()).thenReturn(healthClient); - when( healthClient.getAllServiceInstances(TEST)).thenReturn(response); - when(response.getResponse()).thenReturn(nodes); - List list= consulHealthServiceImpl.getAllNodes(TEST); - assertEquals(1, list.size()); - } - -} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java new file mode 100644 index 00000000..4bb48a3a --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java @@ -0,0 +1,179 @@ + +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ +package org.onap.portalapp.filter; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.Enumeration; + +import javax.servlet.FilterChain; +import javax.servlet.ReadListener; +import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.http.HttpStatus; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.springframework.web.filter.OncePerRequestFilter; + +public class SecurityXssFilter extends OncePerRequestFilter { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class); + + private static final String APPLICATION_JSON = "application/json"; + + private static final String ERROR_BAD_REQUEST = "{\"error\":\"BAD_REQUEST\"}"; + + private SecurityXssValidator validator = SecurityXssValidator.getInstance(); + + public class RequestWrapper extends HttpServletRequestWrapper { + + private ByteArrayOutputStream cachedBytes; + + public RequestWrapper(HttpServletRequest request) { + super(request); + } + + @Override + public ServletInputStream getInputStream() throws IOException { + if (cachedBytes == null) + cacheInputStream(); + + return new CachedServletInputStream(); + } + + @Override + public BufferedReader getReader() throws IOException { + return new BufferedReader(new InputStreamReader(getInputStream())); + } + + private void cacheInputStream() throws IOException { + cachedBytes = new ByteArrayOutputStream(); + IOUtils.copy(super.getInputStream(), cachedBytes); + } + + public class CachedServletInputStream extends ServletInputStream { + private ByteArrayInputStream input; + + public CachedServletInputStream() { + input = new ByteArrayInputStream(cachedBytes.toByteArray()); + } + + @Override + public int read() throws IOException { + return input.read(); + } + + @Override + public boolean isFinished() { + return false; + } + + @Override + public boolean isReady() { + return false; + } + + @Override + public void setReadListener(ReadListener readListener) { + + } + + } + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString()); + String queryString = request.getQueryString(); + String requestUrl = ""; + if (queryString == null) { + requestUrl = requestURL.toString(); + } else { + requestUrl = requestURL.append('?').append(queryString).toString(); + } + validateRequest(requestUrl, response); + StringBuilder headerValues = new StringBuilder(); + Enumeration headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String key = (String) headerNames.nextElement(); + String value = request.getHeader(key); + headerValues.append(key + ":" + value + ";"); + } + validateRequest(headerValues.toString(), response); + if (validateRequestType(request)) { + request = new RequestWrapper(request); + String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString()); + validateRequest(requestData, response); + filterChain.doFilter(request, response); + + } else { + filterChain.doFilter(request, response); + } + } + + private boolean validateRequestType(HttpServletRequest request) { + return (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT") + || request.getMethod().equalsIgnoreCase("DELETE")); + } + + private void validateRequest(String text, HttpServletResponse response) throws IOException { + try { + if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) { + response.setContentType(APPLICATION_JSON); + response.setStatus(HttpStatus.SC_BAD_REQUEST); + response.getWriter().write(ERROR_BAD_REQUEST); + throw new SecurityException(ERROR_BAD_REQUEST); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); + response.getWriter().close(); + return; + } + } +} \ No newline at end of file diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java new file mode 100644 index 00000000..3adc313a --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java @@ -0,0 +1,213 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ +package org.onap.portalapp.filter; + +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReentrantLock; +import java.util.regex.Pattern; + +import org.apache.commons.lang.NotImplementedException; +import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang3.StringEscapeUtils; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.util.SystemProperties; +import org.owasp.esapi.ESAPI; +import org.owasp.esapi.codecs.Codec; +import org.owasp.esapi.codecs.MySQLCodec; +import org.owasp.esapi.codecs.OracleCodec; +import org.owasp.esapi.codecs.MySQLCodec.Mode; + +public class SecurityXssValidator { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssValidator.class); + + private static final String MYSQL_DB = "mysql"; + private static final String ORACLE_DB = "oracle"; + private static final String MARIA_DB = "mariadb"; + private static final int FLAGS = Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL; + static SecurityXssValidator validator = null; + private static Codec instance; + private static final Lock lock = new ReentrantLock(); + + public static SecurityXssValidator getInstance() { + + if (validator == null) { + lock.lock(); + try { + if (validator == null) + validator = new SecurityXssValidator(); + } finally { + lock.unlock(); + } + } + + return validator; + } + + private SecurityXssValidator() { + // Avoid anything between script tags + XSS_INPUT_PATTERNS.add(Pattern.compile("", FLAGS)); + + // avoid iframes + XSS_INPUT_PATTERNS.add(Pattern.compile("(.*?)", FLAGS)); + + // Avoid anything in a src='...' type of expression + XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*([^>]+)", FLAGS)); + + // Remove any lonesome tag + XSS_INPUT_PATTERNS.add(Pattern.compile("", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile(".*().*", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile(".*().*", FLAGS)); + + // Remove any lonesome