summaryrefslogtreecommitdiffstats
path: root/catalog-fe/src
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2022-10-14 13:35:39 +0100
committerMichael Morris <michael.morris@est.tech>2022-10-18 08:27:16 +0000
commitddb9d5a7637b382be9ac7a96ad023a983c41c342 (patch)
tree4e551d6ce4348aed56f42b021bbe4fcfccc3cd15 /catalog-fe/src
parentccab3629426bdc6a87ca6102db3fdb23d4419b3e (diff)
Fix security risk 'Improper Input Validation'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I6a52148aec3b567db43ec57109214e52d106f73c Issue-ID: SDC-4189
Diffstat (limited to 'catalog-fe/src')
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/DataValidatorFilter.java70
1 files changed, 70 insertions, 0 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/DataValidatorFilter.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/DataValidatorFilter.java
new file mode 100644
index 0000000000..5b82a3c15c
--- /dev/null
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/DataValidatorFilter.java
@@ -0,0 +1,70 @@
+/*
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2022 Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.fe.filters;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
+import org.openecomp.sdc.common.filters.DataValidatorFilterAbstract;
+import org.openecomp.sdc.exception.NotAllowedSpecialCharsException;
+import org.openecomp.sdc.fe.config.Configuration;
+import org.openecomp.sdc.fe.config.ConfigurationManager;
+
+/**
+ * Implement DataValidatorFilter for front-end.
+ * Extends {@link DataValidatorFilterAbstract}
+ */
+public class DataValidatorFilter extends DataValidatorFilterAbstract {
+
+ @Override
+ public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
+ throws IOException, ServletException, NotAllowedSpecialCharsException {
+ try {
+ super.doFilter(request, response, chain);
+ } catch (final NotAllowedSpecialCharsException e) {
+ // error handing to show 'Error: Special characters not allowed.'
+ ((HttpServletResponse) response).sendError(400, DataValidatorFilter.ERROR_SPECIAL_CHARACTERS_NOT_ALLOWED);
+ }
+
+ }
+
+ @Override
+ protected List<String> getDataValidatorFilterExcludedUrls() {
+ final ConfigurationManager configurationManager = ConfigurationManager.getConfigurationManager();
+ if (configurationManager != null) {
+ final Configuration configuration = configurationManager.getConfiguration();
+ if (configuration != null) {
+ final String dataValidatorFilterExcludedUrls = configuration.getDataValidatorFilterExcludedUrls();
+ if (StringUtils.isNotBlank(dataValidatorFilterExcludedUrls)) {
+ return Arrays.asList(dataValidatorFilterExcludedUrls.split(","));
+ }
+ }
+ }
+ return new ArrayList<>();
+ }
+}