Skip to content

Commit

Permalink
fix: important code smells/forgery threats as of codeql results 2024-…
Browse files Browse the repository at this point in the history 
…05-16
  • Loading branch information
@drcgjung
drcgjung committed May 16, 2024
1 parent 6c10395 commit ac9f68e
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,8 +185,8 @@ public DelegationResponse sendPostRequest(EndpointDataReference dataReference, S
return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build());
}

protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?!asset$)[^&?=]+$");
protected static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^.+$");
protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?<param>(?!asset$)[^&?=]+)$");
protected static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^(?<value>[^&]+)$");

/**
* computes the url to target the given data plane
Expand All @@ -213,11 +213,11 @@ protected HttpUrl getUrl(String connectorUrl, String subUrl, HttpHeaders headers
String key = param.getKey();
Matcher keyMatcher = PARAMETER_KEY_ALLOW.matcher(key);
if (keyMatcher.matches()) {
String recodeKey = HttpUtils.urlEncodeParameter(keyMatcher.group("param"));
for (String value : param.getValue()) {
Matcher valueMatcher = PARAMETER_VALUE_ALLOW.matcher(value);
if (valueMatcher.matches()) {
String recodeKey = HttpUtils.urlEncodeParameter(keyMatcher.group());
String recodeValue = HttpUtils.urlEncodeParameter(valueMatcher.group());
String recodeValue = HttpUtils.urlEncodeParameter(valueMatcher.group("value"));
httpBuilder = httpBuilder.addQueryParameter(recodeKey, recodeValue);
}
}
Expand Down
2 changes: 1 addition & 1 deletion matchmaking/src/main/java/org/eclipse/tractusx/agents/http/GraphController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ public Response deleteAsset(@QueryParam("asset") String asset,
try {
Matcher assetMatcher = config.getAssetReferencePattern().matcher(asset);
if (assetMatcher.matches()) {
management.deleteAsset(assetMatcher.group());
management.deleteAsset(assetMatcher.group("asset"));
return Response.ok(store.deleteAsset(asset), MediaType.APPLICATION_JSON_TYPE).build();
} else {
return Response.status(Response.Status.NOT_ACCEPTABLE).build();
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
<guava.version>32.1.2-jre</guava.version>
<tomcat.version>9.0.83</tomcat.version>
<netty.version>4.1.101.Final</netty.version>
<jetty.version>9.4.53.v20231009</jetty.version>
<jetty.version>9.4.54.v20240208</jetty.version>
<org.yaml.snakeyaml.version>2.2</org.yaml.snakeyaml.version>
<snappy.version>1.1.10.5</snappy.version>
<postgres.version>42.7.2</postgres.version>
Expand Down

0 comments on commit ac9f68e

Please sign in to comment.