summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-os/src/main/java
diff options
context:
space:
mode:
authorMuni Mohan Kunchi <munmohan@att.com>2020-02-06 13:51:45 -0500
committerMuni Mohan Kunchi <munmohan@att.com>2020-02-06 13:54:22 -0500
commite3636b96e9938cb89bb90672cf70fff3ae790186 (patch)
tree89dd47a4a95150f70e83556a3280cf4cd02daf89 /ecomp-sdk/epsdk-app-os/src/main/java
parent35d028274a61ce8e77a9fa409877d93d0fce05a8 (diff)
adding sdk changes
adding sdk changes Issue-ID: PORTAL-830 Signed-off-by: Muni Mohan Kunchi <munmohan@att.com> Change-Id: I0c99d3ab15fcf4c3b34d84658b64114dadbe2577
Diffstat (limited to 'ecomp-sdk/epsdk-app-os/src/main/java')
-rw-r--r--ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java45
1 files changed, 33 insertions, 12 deletions
diff --git a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
index 91025d14..41251e50 100644
--- a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -146,21 +146,27 @@ public class SecurityXssFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
+ StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
+ String queryString = request.getQueryString();
+ String requestUrl = "";
+ if (queryString == null) {
+ requestUrl = requestURL.toString();
+ } else {
+ requestUrl = requestURL.append('?').append(queryString).toString();
+ }
+ validateRequest(requestUrl, response);
+ StringBuilder headerValues = new StringBuilder();
+ Enumeration<String> headerNames = request.getHeaderNames();
+ while (headerNames.hasMoreElements()) {
+ String key = (String) headerNames.nextElement();
+ String value = request.getHeader(key);
+ headerValues.append(key + ":" + value + ";");
+ }
+ validateRequest(headerValues.toString(), response);
if (validateRequestType(request)) {
request = new RequestWrapper(request);
String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
- try {
- if (StringUtils.isNotBlank(requestData) && validator.denyXSS(requestData)) {
- response.setContentType(APPLICATION_JSON);
- response.setStatus(HttpStatus.SC_BAD_REQUEST);
- response.getWriter().write(ERROR_BAD_REQUEST);
- throw new SecurityException(ERROR_BAD_REQUEST);
- }
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
- response.getWriter().close();
- return;
- }
+ validateRequest(requestData, response);
filterChain.doFilter(request, response);
} else {
@@ -174,4 +180,19 @@ public class SecurityXssFilter extends OncePerRequestFilter {
"PUT".equalsIgnoreCase( request.getMethod() ) ||
"DELETE".equalsIgnoreCase( request.getMethod() ) );
}
+
+ private void validateRequest(String text, HttpServletResponse response) throws IOException {
+ try {
+ if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) {
+ response.setContentType(APPLICATION_JSON);
+ response.setStatus(HttpStatus.SC_BAD_REQUEST);
+ response.getWriter().write(ERROR_BAD_REQUEST);
+ throw new SecurityException(ERROR_BAD_REQUEST);
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+ response.getWriter().close();
+ return;
+ }
+ }
} \ No newline at end of file