Telecominfraproject/wlan-cloud-base
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-base.git synced 2026-01-27 10:22:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

addressed vulnerabilities reported by sonar

Browse Source
This commit is contained in:
Dmitry Toptygin
2020-06-19 18:06:42 -04:00
parent 6a4103758c
commit 6db76a6e7c
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
base-client/src/main/java/com/telecominfraproject/wlan/core/client/RestTemplateConfigurationX509ClientCertAuth.java
View File

@@ -118,12 +118,13 @@ public class RestTemplateConfigurationX509ClientCertAuth {
Principal principal = clientCertificate.getSubjectDN();
subjectDn = principal.getName();
// Replace pattern-breaking characters
subjectDn = subjectDn.replaceAll("[\n|\r|\t]", "_");
int startPos = subjectDn.indexOf("CN=") + "CN=".length();
int endPos = subjectDn.indexOf(',', startPos);
subjectDn = subjectDn.substring(startPos, endPos);
// Replace pattern-breaking characters
subjectDn = subjectDn.replaceAll("[\n|\r|\t]", "_");
LOG.info("X509 client name {}", subjectDn);
return sslCxt;

1
base-container/src/main/java/com/telecominfraproject/wlan/core/server/security/WebSecurityConfig.java
View File

@@ -47,7 +47,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;

9
base-container/src/main/java/com/telecominfraproject/wlan/core/server/webconfig/CommonControllerAdvice.java
View File

@@ -1,5 +1,7 @@
package com.telecominfraproject.wlan.core.server.webconfig;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@@ -23,6 +25,8 @@ public class CommonControllerAdvice {
private static final Logger LOG = LoggerFactory.getLogger(CommonControllerAdvice.class);
private static Pattern securityRepacementRegexPattern = Pattern.compile("[\n|\r|\t]");
/**
* Custom exception handler, it will be applied to all methods (both sync
* and async) on all controllers
@@ -41,7 +45,7 @@ public class CommonControllerAdvice {
// String, String)
StringBuilder msg = new StringBuilder();
// Replace pattern-breaking characters
msg.append(request.getRequestURI().replaceAll("[\n|\r|\t]", "_"));
msg.append(securityRepacementRegexPattern.matcher(request.getRequestURI()).replaceAll( "_"));
String queryString = request.getQueryString();
if (queryString != null) {
@@ -60,7 +64,8 @@ public class CommonControllerAdvice {
}
String user = request.getRemoteUser();
if (user != null) {
msg.append(";user=").append(user);
// Replace pattern-breaking characters
msg.append(";user=").append(securityRepacementRegexPattern.matcher(user).replaceAll( "_"));
}
String requestDetails = msg.toString();