There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact forum-support@opengroup.org

Commit 859c33c7 authored by neelesh thakur's avatar neelesh thakur
Browse files

Merge branch 'handle-incorrect-path' into 'master'

handle double slash in path

See merge request osdu/platform/system/search-service!100
parents 91d8b2e6 9134e7bc
package org.opengroup.osdu.search.provider.azure.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import org.opengroup.osdu.azure.logging.CoreLoggerFactory;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.web.firewall.RequestRejectedException;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class RequestRejectedExceptionFilter extends GenericFilterBean {
private static final String LOGGER_NAME = RequestRejectedExceptionFilter.class.getName();
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
try {
chain.doFilter(req, res);
} catch (RequestRejectedException e) {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
CoreLoggerFactory.getInstance().getLogger(LOGGER_NAME).error(String.format("Invalid URL: %s | message: %s", this.getRequestURL(request), e.getMessage()), e);
this.handleRequestRejectedException(request, response);
}
}
private void handleRequestRejectedException(HttpServletRequest request, HttpServletResponse response) throws IOException {
ObjectMapper mapper = new ObjectMapper();
ObjectNode node = mapper.createObjectNode();
node.put("code", HttpStatus.BAD_REQUEST.value());
node.put("reason", "Bad Request");
node.put("message", "Invalid URL was given on request");
String jsonErrorResponse = mapper.writeValueAsString(node);
response.setStatus(HttpStatus.BAD_REQUEST.value());
response.setContentType(MediaType.APPLICATION_JSON.toString());
response.getWriter().append(jsonErrorResponse);
}
private String getRequestURL(HttpServletRequest request) {
StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
String queryString = request.getQueryString();
return queryString == null ? requestURL.toString() : requestURL.append('?').append(queryString).toString();
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment