summaryrefslogtreecommitdiffstats
path: root/common-app-api
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2022-10-04 18:16:26 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2022-10-04 18:54:54 +0000
commit0899720f168c09d037e577109d7cab665fe1fb91 (patch)
treec6c210914a6fb029841d28de92cb760cdad6088d /common-app-api
parentca487f60c2ca67794b16c0ff0cf5cc6deca556fc (diff)
Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection'
Add new Filter (ContentSecurityPolicyHeaderFilter) Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87 Issue-ID: SDC-4192
Diffstat (limited to 'common-app-api')
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java1
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilterAbstract.java55
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java1
3 files changed, 57 insertions, 0 deletions
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
index 5a1eacdb58..da849f385c 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
@@ -147,6 +147,7 @@ public class Configuration extends BasicConfiguration {
private ExternalCsarStore externalCsarStore;
private CsarFormat csarFormat;
private String componentInstanceCounterDelimiter;
+ private String permittedAncestors; // Space separated list of permitted ancestors
@SuppressWarnings("unchecked")
private <K, V> Map<K, V> safeGetCapsInsensitiveMap(Map<K, V> map) {
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilterAbstract.java b/common-app-api/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilterAbstract.java
new file mode 100644
index 0000000000..1281f27a11
--- /dev/null
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilterAbstract.java
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2022 Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.common.filters;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
+
+public abstract class ContentSecurityPolicyHeaderFilterAbstract implements Filter {
+
+ @Override
+ public void init(final FilterConfig filterConfig) throws ServletException {
+ // nothing to override
+ }
+
+ @Override
+ public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
+ final HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+ final String permittedAncestors = getPermittedAncestors();
+ httpServletResponse.setHeader("Content-Security-Policy",
+ "frame-ancestors 'self' " + (StringUtils.isNotBlank(permittedAncestors) ? permittedAncestors : ""));
+ chain.doFilter(request, httpServletResponse);
+ }
+
+ @Override
+ public void destroy() {
+ // nothing to override
+ }
+
+ protected abstract String getPermittedAncestors();
+}
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java
index 322c57ccd6..279f183324 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/fe/config/Configuration.java
@@ -75,6 +75,7 @@ public class Configuration extends BasicConfiguration {
private List<List<String>> identificationHeaderFields;
private List<List<String>> optionalHeaderFields;
private List<String> forwardHeaderFields;
+ private String permittedAncestors; // Space separated list of permitted ancestors
public Integer getHealthCheckSocketTimeoutInMs(int defaultVal) {
return healthCheckSocketTimeoutInMs == null ? defaultVal : healthCheckSocketTimeoutInMs;