Skip to content

Commit 5245d4c

Browse files
committed
Improved: Check parameters passed in URLs (OFBIZ-13295)
Prevents possible stream exploitation
1 parent 501fa88 commit 5245d4c

1 file changed

Lines changed: 31 additions & 0 deletions

File tree

framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,9 @@
2525
import java.util.ArrayList;
2626
import java.util.Arrays;
2727
import java.util.Collections;
28+
import java.util.LinkedList;
2829
import java.util.List;
30+
import java.util.Map;
2931
import java.util.Set;
3032
import java.util.stream.Collectors;
3133

@@ -161,6 +163,35 @@ public void doFilter(HttpServletRequest req, HttpServletResponse resp, FilterCha
161163
String context = req.getContextPath();
162164
HttpSession session = req.getSession();
163165

166+
// Prevents stream exploitation
167+
Map<String, Object> parameters = UtilHttp.getParameterMap(req);
168+
boolean reject = false;
169+
if (!parameters.isEmpty()) {
170+
for (String key : parameters.keySet()) {
171+
Object object = parameters.get(key);
172+
if (object.getClass().equals(String.class)) {
173+
String val = (String) object;
174+
if (val.contains("<")) {
175+
reject = true;
176+
}
177+
} else {
178+
@SuppressWarnings("unchecked")
179+
LinkedList<String> vals = (LinkedList<String>) parameters.get(key);
180+
for (String aVal : vals) {
181+
if (aVal.contains("<")) {
182+
reject = true;
183+
}
184+
}
185+
}
186+
}
187+
if (reject) {
188+
Debug.logError("For security reason this URL is not accepted", MODULE);
189+
throw new RuntimeException("For security reason this URL is not accepted");
190+
}
191+
}
192+
193+
194+
164195
// Check if we are told to redirect everything.
165196
if (redirectAll) {
166197
// little trick here so we don't loop on ourselves

0 commit comments

Comments
 (0)