diff options
| author |   Muni Mohan Kunchi <munmohan@att.com> | 2020-02-06 13:51:45 -0500 |
|---|---|---|
| committer | Muni Mohan Kunchi <munmohan@att.com> | 2020-02-06 13:54:22 -0500 |
| commit | e3636b96e9938cb89bb90672cf70fff3ae790186 (patch) | |
| tree | 89dd47a4a95150f70e83556a3280cf4cd02daf89 /ecomp-sdk/epsdk-app-os/src | |
| parent | 35d028274a61ce8e77a9fa409877d93d0fce05a8 (diff) | |
adding sdk changes
adding sdk changes
Issue-ID: PORTAL-830
Signed-off-by: Muni Mohan Kunchi <munmohan@att.com>
Change-Id: I0c99d3ab15fcf4c3b34d84658b64114dadbe2577
Diffstat (limited to 'ecomp-sdk/epsdk-app-os/src')
| -rw-r--r-- | ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java index 91025d14..41251e50 100644 --- a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java +++ b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java @@ -146,21 +146,27 @@ public class SecurityXssFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString()); + String queryString = request.getQueryString(); + String requestUrl = ""; + if (queryString == null) { + requestUrl = requestURL.toString(); + } else { + requestUrl = requestURL.append('?').append(queryString).toString(); + } + validateRequest(requestUrl, response); + StringBuilder headerValues = new StringBuilder(); + Enumeration<String> headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String key = (String) headerNames.nextElement(); + String value = request.getHeader(key); + headerValues.append(key + ":" + value + ";"); + } + validateRequest(headerValues.toString(), response); if (validateRequestType(request)) { request = new RequestWrapper(request); String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString()); - try { - if (StringUtils.isNotBlank(requestData) && validator.denyXSS(requestData)) { - response.setContentType(APPLICATION_JSON); - response.setStatus(HttpStatus.SC_BAD_REQUEST); - response.getWriter().write(ERROR_BAD_REQUEST); - throw new SecurityException(ERROR_BAD_REQUEST); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); - response.getWriter().close(); - return; - } + validateRequest(requestData, response); filterChain.doFilter(request, response); } else { @@ -174,4 +180,19 @@ public class SecurityXssFilter extends OncePerRequestFilter { "PUT".equalsIgnoreCase( request.getMethod() ) || "DELETE".equalsIgnoreCase( request.getMethod() ) ); } + + private void validateRequest(String text, HttpServletResponse response) throws IOException { + try { + if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) { + response.setContentType(APPLICATION_JSON); + response.setStatus(HttpStatus.SC_BAD_REQUEST); + response.getWriter().write(ERROR_BAD_REQUEST); + throw new SecurityException(ERROR_BAD_REQUEST); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); + response.getWriter().close(); + return; + } + } }
\ No newline at end of file |