diff options
author | vasraz <vasyl.razinkov@est.tech> | 2022-10-04 18:16:26 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2022-10-04 18:54:54 +0000 |
commit | 0899720f168c09d037e577109d7cab665fe1fb91 (patch) | |
tree | c6c210914a6fb029841d28de92cb760cdad6088d /common-app-api/src/main | |
parent | ca487f60c2ca67794b16c0ff0cf5cc6deca556fc (diff) |
Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection'
Add new Filter (ContentSecurityPolicyHeaderFilter)
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87
Issue-ID: SDC-4192
Diffstat (limited to 'common-app-api/src/main')
3 files changed, 57 insertions, 0 deletions
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java index 5a1eacdb58..da849f385c 100644 --- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java +++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java @@ -147,6 +147,7 @@ public class Configuration extends BasicConfiguration { private ExternalCsarStore externalCsarStore; private CsarFormat csarFormat; private String componentInstanceCounterDelimiter; + private String permittedAncestors; // Space separated list of permitted ancestors @SuppressWarnings("unchecked") private <K, V> Map<K, V> safeGetCapsInsensitiveMap(Map<K, V> map) { diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilterAbstract.java b/common-app-api/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilterAbstract.java new file mode 100644 index 0000000000..1281f27a11 --- /dev/null +++ b/common-app-api/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilterAbstract.java @@ -0,0 +1,55 @@ +/* + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2022 Nordix Foundation. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.common.filters; + +import java.io.IOException; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; + +public abstract class ContentSecurityPolicyHeaderFilterAbstract implements Filter { + + @Override + public void init(final FilterConfig filterConfig) throws ServletException { + // nothing to override + } + + @Override + public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { + final HttpServletResponse httpServletResponse = (HttpServletResponse) response; + final String permittedAncestors = getPermittedAncestors(); + httpServletResponse.setHeader("Content-Security-Policy", + "frame-ancestors 'self' " + (StringUtils.isNotBlank(permittedAncestors) ? permittedAncestors : "")); + chain.doFilter(request, httpServletResponse); + } + + @Override + public void destroy() { + // nothing to override + } + + protected abstract String getPermittedAncestors(); +} diff --git a/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java index 322c57ccd6..279f183324 100644 --- a/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java +++ b/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java @@ -75,6 +75,7 @@ public class Configuration extends BasicConfiguration { private List<List<String>> identificationHeaderFields; private List<List<String>> optionalHeaderFields; private List<String> forwardHeaderFields; + private String permittedAncestors; // Space separated list of permitted ancestors public Integer getHealthCheckSocketTimeoutInMs(int defaultVal) { return healthCheckSocketTimeoutInMs == null ? defaultVal : healthCheckSocketTimeoutInMs; |