From f19ce5f8e1d5567a9297a2b59d626f3c2f69ebbf Mon Sep 17 00:00:00 2001 From: Madawa Soysa Date: Fri, 8 Feb 2019 21:37:20 +1100 Subject: [PATCH] Adding payload validation for global proxy --- .../services/android/bean/GlobalProxy.java | 17 ++++++++++++++ .../DeviceManagementAdminServiceImpl.java | 23 ++++++++++++------- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/GlobalProxy.java b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/GlobalProxy.java index 19145af9e4..5414a14072 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/GlobalProxy.java +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/GlobalProxy.java @@ -21,6 +21,7 @@ package org.wso2.carbon.mdm.services.android.bean; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; +import org.apache.commons.lang.StringUtils; import java.io.Serializable; @@ -66,6 +67,22 @@ public class GlobalProxy extends AndroidOperation implements Serializable { ) private String proxyPacUrl; + public boolean validateRequest() { + if (ProxyType.MANUAL.equals(this.proxyConfigType)) { + if (StringUtils.isEmpty(this.proxyHost)) { + return false; + } + if (this.proxyPort < 0 || this.proxyPort > 65535) { + return false; + } + } else if (ProxyType.AUTO.equals(this.proxyConfigType)) { + if (StringUtils.isEmpty(proxyPacUrl)) { + return false; + } + } + return false; + } + public ProxyType getProxyConfigType() { return proxyConfigType; } diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/impl/DeviceManagementAdminServiceImpl.java b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/impl/DeviceManagementAdminServiceImpl.java index 37dddd71d2..0941a66a97 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/impl/DeviceManagementAdminServiceImpl.java +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/impl/DeviceManagementAdminServiceImpl.java @@ -995,14 +995,21 @@ public class DeviceManagementAdminServiceImpl implements DeviceManagementAdminSe } GlobalProxy globalProxy = globalProxyBeanWrapper.getOperation(); - ProfileOperation operation = new ProfileOperation(); - operation.setCode(AndroidConstants.OperationCodes.GLOBAL_PROXY); - operation.setType(Operation.Type.PROFILE); - operation.setPayLoad(globalProxy.toJSON()); - - Activity activity = AndroidDeviceUtils - .getOperationResponse(globalProxyBeanWrapper.getDeviceIDs(), operation); - return Response.status(Response.Status.CREATED).entity(activity).build(); + if (globalProxy.validateRequest()) { + ProfileOperation operation = new ProfileOperation(); + operation.setCode(AndroidConstants.OperationCodes.GLOBAL_PROXY); + operation.setType(Operation.Type.PROFILE); + operation.setPayLoad(globalProxy.toJSON()); + + Activity activity = AndroidDeviceUtils + .getOperationResponse(globalProxyBeanWrapper.getDeviceIDs(), operation); + return Response.status(Response.Status.CREATED).entity(activity).build(); + } else { + String errorMessage = "The payload of the global proxy operation is incorrect"; + log.error(errorMessage); + throw new BadRequestException( + new ErrorResponse.ErrorResponseBuilder().setCode(400L).setMessage(errorMessage).build()); + } } catch (InvalidDeviceException e) { String errorMessage = "Invalid Device Identifiers found."; log.error(errorMessage, e);