summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java35
1 files changed, 33 insertions, 2 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 3e5d6df2..0f8385d8 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -114,6 +114,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
public static final String DATAURLCLIENT_MAXHOPS = "DataURLConnection.MaxHops";
+ public static final String DATAURL_WHITELIST = "DataURLConnection.Whitelist";
+
public int getMaxDataUrlHops() {
return configuration.getInt(DATAURLCLIENT_MAXHOPS, 10);
}
@@ -141,6 +143,25 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
.getBoolean(ConfigurationFactoryBean.USE_STYLESHEETURL_PROPERTY, false);
}
+ public List<String> getDataURLWhitelist() {
+ return configuration
+ .getList(DATAURL_WHITELIST);
+ }
+
+ public boolean hasDataURLWhitelist() {
+ return configuration.containsKey(DATAURL_WHITELIST);
+ }
+
+ public boolean matchesDataURLWhitelist(String dataURL) {
+ List<String> dataURLWhitelist = getDataURLWhitelist();
+ log.debug("DataURL Whitelist: " + dataURLWhitelist.toString());
+ for (String regExp : dataURLWhitelist) {
+ log.debug("Matching " + regExp);
+ if (dataURL.matches(regExp))
+ return true;
+ }
+ return false;
+ }
}
/**
@@ -323,9 +344,19 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
}
protected void handleDataUrl() {
- log.info("Entered State: {}, DataURL={}.", State.DATAURL, getDataUrl());
+ String dataURL = getDataUrl();
+ log.info("Entered State: {}, DataURL={}.", State.DATAURL, dataURL);
try {
- DataUrl dataUrl = new DataUrl(getDataUrl());
+ if (configurationFacade.hasDataURLWhitelist()) {
+ log.debug("Checking DataURL against whitelist");
+ if (!configurationFacade.matchesDataURLWhitelist(dataURL))
+ {
+ log.error("DataURL doesn't match whitelist");
+ throw new SLBindingException(2001);
+ }
+ }
+
+ DataUrl dataUrl = new DataUrl(dataURL);
HttpsDataURLConnection conn = (HttpsDataURLConnection) dataUrl.openConnection();
// set user agent and signature layout headers
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 19:53:14 +0000