From cc5b64989fab288bf756342e9bd3b1493ce36099 Mon Sep 17 00:00:00 2001
From: "Bhatt, Prema" <prema.bhatt@att.com>
Date: Fri, 10 May 2019 09:55:00 -0400
Subject: APIH should ensure valid requestId UUID

Added logic to check if the requestId sent in GET orchestrationRequest
query is a valid UUID. Updated existing unit tests and added a new test
for invalid UUID scenario.

Change-Id: I424bef8aa75dd7e47de8145603899820dfb99725
Issue-ID: SO-1865
Signed-off-by: Benjamin, Max (mb388a) <mb388a@us.att.com>
---
 .../org/onap/so/apihandlerinfra/OrchestrationRequests.java     | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'mso-api-handlers/mso-api-handler-infra/src/main/java')

diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java
index fc407bd167..ff8b5d14cd 100644
--- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java
@@ -63,6 +63,7 @@ import org.onap.so.serviceinstancebeans.RequestDetails;
 import org.onap.so.serviceinstancebeans.RequestList;
 import org.onap.so.serviceinstancebeans.RequestStatus;
 import org.onap.so.serviceinstancebeans.ServiceInstancesRequest;
+import org.onap.so.utils.UUIDChecker;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -101,6 +102,15 @@ public class OrchestrationRequests {
 
         InfraActiveRequests infraActiveRequest = null;
         List<org.onap.so.db.request.beans.RequestProcessingData> requestProcessingData = null;
+
+        if (!UUIDChecker.isValidUUID(requestId)) {
+
+            ErrorLoggerInfo errorLoggerInfo =
+                    new ErrorLoggerInfo.Builder(MessageEnum.APIH_VALIDATION_ERROR, ErrorCode.SchemaError)
+                            .errorSource(Constants.MODIFIED_BY_APIHANDLER).build();
+            throw new ValidateException.Builder("Request Id " + requestId + " is not a valid UUID",
+                    HttpStatus.SC_BAD_REQUEST, ErrorNumbers.SVC_BAD_PARAMETER).errorInfo(errorLoggerInfo).build();
+        }
         try {
             infraActiveRequest = requestsDbClient.getInfraActiveRequestbyRequestId(requestId);
             requestProcessingData = requestsDbClient.getRequestProcessingDataBySoRequestId(requestId);
-- 
cgit 1.2.3-korg