-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Add missing encoded characters filter for services (#3701)
* Fixed encoded slashes filter and added missing encoded characters filter Signed-off-by: Elena Kubantseva <[email protected]> * Added and fixed some tests Signed-off-by: Elena Kubantseva <[email protected]> * Added description to the filter Signed-off-by: Elena Kubantseva <[email protected]> * Addressed review comments Signed-off-by: Elena Kubantseva <[email protected]> * changed default value for enableUrlEncodedCharacters Signed-off-by: Elena Kubantseva <[email protected]> * removed unneeded annotations Signed-off-by: Elena Kubantseva <[email protected]> * removed public from tests Signed-off-by: Elena Kubantseva <[email protected]> --------- Signed-off-by: Elena Kubantseva <[email protected]> Co-authored-by: Pavel Jareš <[email protected]>
- Loading branch information
Showing
11 changed files
with
380 additions
and
90 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
gateway-service/src/main/java/org/zowe/apiml/gateway/config/UrlTomcatCustomizer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| /* | ||
| * This program and the accompanying materials are made available under the terms of the | ||
| * Eclipse Public License v2.0 which accompanies this distribution, and is available at | ||
| * https://www.eclipse.org/legal/epl-v20.html | ||
| * | ||
| * SPDX-License-Identifier: EPL-2.0 | ||
| * | ||
| * Copyright Contributors to the Zowe Project. | ||
| */ | ||
|
|
||
| package org.zowe.apiml.gateway.config; | ||
|
|
||
| import lombok.extern.slf4j.Slf4j; | ||
| import org.apache.catalina.connector.Connector; | ||
| import org.apache.tomcat.util.buf.EncodedSolidusHandling; | ||
| import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer; | ||
| import org.springframework.stereotype.Component; | ||
|
|
||
| @Slf4j | ||
| @Component | ||
| public class UrlTomcatCustomizer implements TomcatConnectorCustomizer { | ||
|
|
||
| @Override | ||
| public void customize(Connector connector) { | ||
| connector.setAllowBackslash(true); | ||
| connector.setEncodedSolidusHandling(EncodedSolidusHandling.PASS_THROUGH.getValue()); | ||
| } | ||
|
|
||
| } |
80 changes: 80 additions & 0 deletions
80
.../src/main/java/org/zowe/apiml/gateway/filters/AbstractEncodedCharactersFilterFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| /* | ||
| * This program and the accompanying materials are made available under the terms of the | ||
| * Eclipse Public License v2.0 which accompanies this distribution, and is available at | ||
| * https://www.eclipse.org/legal/epl-v20.html | ||
| * | ||
| * SPDX-License-Identifier: EPL-2.0 | ||
| * | ||
| * Copyright Contributors to the Zowe Project. | ||
| */ | ||
|
|
||
| package org.zowe.apiml.gateway.filters; | ||
|
|
||
| import com.fasterxml.jackson.core.JsonProcessingException; | ||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||
| import lombok.AccessLevel; | ||
| import lombok.RequiredArgsConstructor; | ||
| import org.springframework.cloud.gateway.filter.GatewayFilter; | ||
| import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory; | ||
| import org.springframework.core.io.buffer.DataBuffer; | ||
| import org.springframework.http.HttpHeaders; | ||
| import org.springframework.http.codec.ServerCodecConfigurer; | ||
| import org.springframework.web.server.adapter.DefaultServerWebExchange; | ||
| import org.springframework.web.server.i18n.LocaleContextResolver; | ||
| import org.springframework.web.server.session.DefaultWebSessionManager; | ||
| import org.springframework.web.server.session.WebSessionManager; | ||
| import org.zowe.apiml.message.core.Message; | ||
| import org.zowe.apiml.message.core.MessageService; | ||
| import org.zowe.apiml.message.log.ApimlLogger; | ||
| import org.zowe.apiml.product.logging.annotations.InjectApimlLogger; | ||
| import reactor.core.publisher.Flux; | ||
|
|
||
| import static org.apache.hc.core5.http.HttpStatus.SC_BAD_REQUEST; | ||
| import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; | ||
|
|
||
| @RequiredArgsConstructor(access = AccessLevel.PROTECTED) | ||
| public abstract class AbstractEncodedCharactersFilterFactory extends AbstractGatewayFilterFactory<Object> { | ||
|
|
||
| private final MessageService messageService; | ||
| private final ObjectMapper mapper; | ||
| private final LocaleContextResolver localeContextResolver; | ||
| private final String messageKey; | ||
| private final WebSessionManager sessionManager = new DefaultWebSessionManager(); | ||
| private final ServerCodecConfigurer serverCodecConfigurer = ServerCodecConfigurer.create(); | ||
|
|
||
| @InjectApimlLogger | ||
| private final ApimlLogger apimlLog = ApimlLogger.empty(); | ||
|
|
||
| protected abstract boolean shouldFilter(String uri); | ||
|
|
||
| /** | ||
| * Filters requests by checking for encoded characters in the URI. | ||
| * If encoded characters are not allowed and found, returns a BAD_REQUEST response. | ||
| * Otherwise, proceeds with the filter chain. | ||
| * | ||
| * @return GatewayFilter | ||
| */ | ||
| @Override | ||
| public GatewayFilter apply(Object routeId) { | ||
| return ((exchange, chain) -> { | ||
| String uri = exchange.getRequest().getURI().toString(); | ||
|
|
||
| if (!shouldFilter(uri)) { | ||
| return chain.filter(exchange); | ||
| } | ||
|
|
||
| var serverWebExchange = new DefaultServerWebExchange(exchange.getRequest(), exchange.getResponse(), sessionManager, serverCodecConfigurer, localeContextResolver); | ||
| serverWebExchange.getResponse().setRawStatusCode(SC_BAD_REQUEST); | ||
| serverWebExchange.getResponse().getHeaders().add(HttpHeaders.CONTENT_TYPE, APPLICATION_JSON_VALUE); | ||
|
|
||
| Message message = messageService.createMessage(messageKey, uri); | ||
| try { | ||
| DataBuffer buffer = serverWebExchange.getResponse().bufferFactory().wrap(mapper.writeValueAsBytes(message.mapToView())); | ||
| return serverWebExchange.getResponse().writeWith(Flux.just(buffer)); | ||
| } catch (JsonProcessingException e) { | ||
| apimlLog.log("org.zowe.apiml.security.errorWritingResponse", e.getMessage()); | ||
| throw new RuntimeException(e); | ||
| } | ||
| }); | ||
| } | ||
| } |
41 changes: 41 additions & 0 deletions
41
...ce/src/main/java/org/zowe/apiml/gateway/filters/ForbidEncodedCharactersFilterFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| /* | ||
| * This program and the accompanying materials are made available under the terms of the | ||
| * Eclipse Public License v2.0 which accompanies this distribution, and is available at | ||
| * https://www.eclipse.org/legal/epl-v20.html | ||
| * | ||
| * SPDX-License-Identifier: EPL-2.0 | ||
| * | ||
| * Copyright Contributors to the Zowe Project. | ||
| */ | ||
|
|
||
| package org.zowe.apiml.gateway.filters; | ||
|
|
||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||
| import org.apache.commons.lang3.StringUtils; | ||
| import org.springframework.stereotype.Component; | ||
| import org.springframework.web.server.i18n.LocaleContextResolver; | ||
| import org.zowe.apiml.message.core.MessageService; | ||
|
|
||
| /** | ||
| * This filter should run on all requests for services, which do not have enabled encoded characters in URL | ||
| * <p> | ||
| * Special characters encoding is enabled on Tomcat so this filter takes over responsibility | ||
| * for filtering them. | ||
| * Encoded characters in URL are allowed by default. | ||
| */ | ||
|
|
||
| @Component | ||
| public class ForbidEncodedCharactersFilterFactory extends AbstractEncodedCharactersFilterFactory { | ||
|
|
||
| private static final char[] PROHIBITED_CHARACTERS = {'%', ';', '\\'}; | ||
|
|
||
| public ForbidEncodedCharactersFilterFactory(MessageService messageService, ObjectMapper mapper, LocaleContextResolver localeContextResolver) { | ||
| super(messageService, mapper, localeContextResolver, "org.zowe.apiml.gateway.requestContainEncodedCharacter"); | ||
| } | ||
|
|
||
| @Override | ||
| protected boolean shouldFilter(String uri) { | ||
| return StringUtils.containsAny(uri, PROHIBITED_CHARACTERS); | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
gateway-service/src/test/java/org/zowe/apiml/gateway/config/UrlTomcatCustomizerTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| /* | ||
| * This program and the accompanying materials are made available under the terms of the | ||
| * Eclipse Public License v2.0 which accompanies this distribution, and is available at | ||
| * https://www.eclipse.org/legal/epl-v20.html | ||
| * | ||
| * SPDX-License-Identifier: EPL-2.0 | ||
| * | ||
| * Copyright Contributors to the Zowe Project. | ||
| */ | ||
|
|
||
| package org.zowe.apiml.gateway.config; | ||
|
|
||
| import org.apache.catalina.connector.Connector; | ||
| import org.apache.tomcat.util.buf.EncodedSolidusHandling; | ||
| import org.junit.jupiter.api.Test; | ||
|
|
||
| import static org.junit.jupiter.api.Assertions.assertEquals; | ||
| import static org.junit.jupiter.api.Assertions.assertTrue; | ||
|
|
||
| class UrlTomcatCustomizerTest { | ||
|
|
||
| private final Connector connector = new Connector(); | ||
|
|
||
| @Test | ||
| void givenConnector_whenCustomize_thenCustomized() { | ||
| UrlTomcatCustomizer urlTomcatCustomizer = new UrlTomcatCustomizer(); | ||
| urlTomcatCustomizer.customize(connector); | ||
| assertTrue(connector.getAllowBackslash()); | ||
| assertEquals(EncodedSolidusHandling.PASS_THROUGH.getValue(), connector.getEncodedSolidusHandling()); | ||
| } | ||
| } |
Oops, something went wrong.