FIX-11364 Proxy Controller and Monkifier #11365
Conversation
|
|
These 2 security issues and 4 new vulnerabilities are from legacy code that was renamed in this project. I am not sure of how much those methods are used. The third security issue is an introduced one but sonarcube does not like all HTTP requests to go into a single method. However, this is what is required of the proxy. |
| String service = proxy.path("/proxy/").toString(); | ||
|
|
||
| int endPosition = service.indexOf("/"); | ||
| if (endPosition >= 0) { | ||
| service = service.substring(0, endPosition); | ||
| } | ||
|
|
||
| if (!routes.containsKey(service)) { | ||
| throw new UnknownServiceException(); | ||
| } | ||
|
|
||
| String updatedPath = proxy.path("/proxy/" + service).trim(); | ||
|
|
||
| String proxyServerHost = routes.get(service).trim(); |
There was a problem hiding this comment.
Might be better to extract this logic to a separate method, something like getValidatedService
There was a problem hiding this comment.
Seems like the indentation in this file is using tabs instead of spaces. I suspect deleting ProxyController and adding a brand new file caused this issue. I think just renaming the file and modifying the contents would be better. That way we can still keep the change history.
Fix #11364
Updates the proxy controller to be able to handle multiple proxy accounts in a secure manner. Updates the Monkifier to be a static utility class instead of a component.