Tree - rpms/pki-core - src.fedoraproject.org

rpms / pki-core

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: mharmsen
EPEL:: mharmsen
Files

Commit: b9df2fc23c893cacce0d4136403447d899197ee8
Blob Blame History Raw
From 889a9c9efce62488f098fb96fcf4a1454c0b3bc2 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 18 Aug 2017 23:05:24 +0200
Subject: [PATCH] Added banner validation in InfoService.

Previously banner was only validated during server startup. Since
banner can be modified anytime, the InfoService has been changed
such that it validates the banner on each banner retrieval.

https://pagure.io/dogtagpki/issue/2671

Change-Id: I208f4c5b4ce2ce594e92acd4792aa03c729fa2cf
---
 .../src/org/dogtagpki/server/rest/InfoService.java | 27 +++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java b/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java
index 13581dd33..5467bda9f 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java
@@ -20,12 +20,15 @@ package org.dogtagpki.server.rest;
 
 import javax.servlet.http.HttpSession;
 import javax.ws.rs.core.Response;
+import javax.xml.bind.UnmarshalException;
 
 import org.dogtagpki.common.Info;
 import org.dogtagpki.common.InfoResource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.xml.sax.SAXParseException;
 
+import com.netscape.certsrv.base.PKIException;
 import com.netscape.cms.servlet.base.PKIService;
 
 /**
@@ -42,17 +45,39 @@ public class InfoService extends PKIService implements InfoResource {
         logger.debug("InfoService.getInfo(): session: " + session.getId());
 
         Info info = new Info();
-        info.setVersion(getVersion());
 
         boolean bannerDisplayed = session.getAttribute("bannerDisplayed") != null;
         boolean bannerEnabled = isBannerEnabled();
 
         // if banner not yet displayed in this session and it's enabled, return banner
         if (!bannerDisplayed && bannerEnabled) {
+
             String banner = getBanner();
             info.setBanner(banner);
+
+            // validate banner
+            try {
+                // converting Info object into XML
+                String xmlInfo = info.toString();
+
+                // and parse it back into Info object
+                info = Info.valueOf(xmlInfo);
+
+            } catch (UnmarshalException e) {
+                Throwable cause = e.getCause();
+                logger.error("InfoService: Invalid access banner: " + cause, e);
+
+                if (cause instanceof SAXParseException) {
+                    throw new PKIException("Banner contains invalid character(s)", e);
+                } else {
+                    throw new PKIException("Invalid access banner: " + cause, e);
+                }
+            }
         }
 
+        // add other info attributes after banner validation
+        info.setVersion(getVersion());
+
         return createOKResponse(info);
     }
 }
-- 
2.13.5
rpms / pki-core

Source Code

Files
