Skip to content

Commit

Permalink
Fix HTTP Response splitting by validating URL
Browse files Browse the repository at this point in the history
  • Loading branch information
@tdonohue
tdonohue committed Jul 27, 2020
1 parent cf7daef commit 294bb02
Showing 1 changed file with 20 additions and 11 deletions.
31 changes: 20 additions & 11 deletions dspace-api/src/main/java/org/dspace/rdf/negotiation/Negotiator.java
View file
Expand Up @@ -15,6 +15,7 @@
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang3.StringUtils;
import org.apache.commons.validator.routines.UrlValidator;
import org.apache.logging.log4j.Logger;
import org.dspace.rdf.RDFUtil;
import org.dspace.services.factory.DSpaceServicesFactory;
Expand Down Expand Up @@ -197,6 +198,7 @@ public static boolean sendRedirect(HttpServletResponse response, String handle,
if (extraPathInfo == null) {
extraPathInfo = "";
}
UrlValidator urlValidator = new UrlValidator(UrlValidator.ALLOW_LOCAL_URLS);

StringBuilder urlBuilder = new StringBuilder();
String lang = null;
Expand Down Expand Up @@ -256,12 +258,15 @@ public static boolean sendRedirect(HttpServletResponse response, String handle,
urlBuilder.append(handle).append("/").append(extraPathInfo);
}
String url = urlBuilder.toString();

log.debug("Will forward to '" + url + "'.");
response.setStatus(HttpServletResponse.SC_SEE_OTHER);
response.setHeader("Location", url);
response.flushBuffer();
return true;
if (urlValidator.isValid(url)) {
log.debug("Will forward to '" + url + "'.");
response.setStatus(HttpServletResponse.SC_SEE_OTHER);
response.setHeader("Location", url);
response.flushBuffer();
return true;
} else {
throw new IOException("Invalid URL '" + url + "', cannot redirect.");
}
}

// currently we cannot serve statistics as rdf
Expand All @@ -287,10 +292,14 @@ public static boolean sendRedirect(HttpServletResponse response, String handle,
urlBuilder.append("/handle/").append(handle);
urlBuilder.append("/").append(lang);
String url = urlBuilder.toString();
log.debug("Will forward to '" + url + "'.");
response.setStatus(HttpServletResponse.SC_SEE_OTHER);
response.setHeader("Location", url);
response.flushBuffer();
return true;
if (urlValidator.isValid(url)) {
log.debug("Will forward to '" + url + "'.");
response.setStatus(HttpServletResponse.SC_SEE_OTHER);
response.setHeader("Location", url);
response.flushBuffer();
return true;
} else {
throw new IOException("Invalid URL '" + url + "', cannot redirect.");
}
}
}

0 comments on commit 294bb02

Please sign in to comment.