Skip to content

Commit

Permalink
Fix reflected XSS attack when hitting getCookie endpoint
Browse files Browse the repository at this point in the history
This patch sanitizes the Server generated error message, to escape
the HTML tags if any present.

Resolves: BZ#1789907

Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
  • Loading branch information
SilleBille committed Jun 19, 2020
1 parent 6c43dd3 commit 56b8375
Showing 1 changed file with 5 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringEscapeUtils;

import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.common.ICMSRequest;
Expand Down Expand Up @@ -116,7 +118,7 @@ protected void processImpl(CMSRequest cmsReq) throws EBaseException {
u = new URL(url_e);
} catch (Exception eee) {
throw new ECMSGWException(
"Unable to parse URL: " + url);
"Unable to parse URL: " + StringEscapeUtils.escapeHtml(url));
}

int index2 = url_e.indexOf("subsystem=");
Expand All @@ -139,7 +141,7 @@ protected void processImpl(CMSRequest cmsReq) throws EBaseException {
header.addStringValue("host", u.getHost());
header.addStringValue("sdhost", engine.getEESSLHost());
header.addStringValue("subsystem", subsystem);
header.addStringValue("url", url_e);
header.addStringValue("url", StringEscapeUtils.escapeHtml(url_e));
header.addStringValue("errorString", "Failed Authentication");
String sdname = cs.getString("securitydomain.name", "");
header.addStringValue("sdname", sdname);
Expand Down Expand Up @@ -202,7 +204,7 @@ protected void processImpl(CMSRequest cmsReq) throws EBaseException {
*/
}

header.addStringValue("url", url);
header.addStringValue("url", StringEscapeUtils.escapeHtml(url));
header.addStringValue("session_id", cookie);

try {
Expand Down

0 comments on commit 56b8375

Please sign in to comment.