Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cs alert 1 req forgery #1316

Open
wants to merge 12 commits into
base: dev
Choose a base branch
from
Open

Cs alert 1 req forgery #1316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
580ab1d
Fjern code scanning alert " 1 Serverside request forgery"
klaramargrethehelgemo Oct 17, 2023
601fb8d
Diverse bumper
klaramargrethehelgemo Oct 17, 2023
5104579
Diverse bumper 2
klaramargrethehelgemo Oct 17, 2023
77c4c70
Tilbake til gammel pom.xml
klaramargrethehelgemo Oct 17, 2023
7927b57
Logger uri
klaramargrethehelgemo Oct 17, 2023
cab7c08
Oppgrader nav-common-library
klaramargrethehelgemo Oct 27, 2023
f484b9d
bruk docker/build-push-action versjon 5
klaramargrethehelgemo Oct 27, 2023
7e513f1
Update okhttp version
dragutin-nav Oct 27, 2023
2233e9e
Update kotlin version
dragutin-nav Oct 27, 2023
f2fbaf0
Update Spring boot starter
dragutin-nav Oct 27, 2023
40d19df
Merge remote-tracking branch 'origin/master' into cs_alert_1_req_forgery
klaramargrethehelgemo Oct 30, 2023
ffcd962
nødvendrig for å merge med dev
klaramargrethehelgemo Oct 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .intelliJ_ddl/DDL.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1002,6 +1002,13 @@ CREATE INDEX flyway_schema_history_s_idx ON public.flyway_schema_history USING b
CREATE INDEX idx_bruker_identer_person ON public.bruker_identer USING btree (person);


--
-- Name: idx_foreldreansvar_barn_ident; Type: INDEX; Schema: public; Owner: -
--

CREATE INDEX idx_foreldreansvar_barn_ident ON public.foreldreansvar USING btree (barn_ident);


--
-- Name: idx_freg_ident; Type: INDEX; Schema: public; Owner: -
--
Expand All @@ -1016,6 +1023,13 @@ CREATE INDEX idx_freg_ident ON public.bruker_statsborgerskap USING btree (freg_i
CREATE INDEX idx_gyldig_til ON public.bruker_statsborgerskap USING btree (gyldig_til);


--
-- Name: idx_oppfolging_data_oppfolging; Type: INDEX; Schema: public; Owner: -
--

CREATE INDEX idx_oppfolging_data_oppfolging ON public.oppfolging_data USING btree (oppfolging);


--
-- Name: nav_kontor_idx; Type: INDEX; Schema: public; Owner: -
--
Expand Down
5 changes: 3 additions & 2 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.5</version>
<version>3.1.5</version>
<relativePath/>
</parent>

Expand Down
33 changes: 22 additions & 11 deletions src/main/java/no/nav/pto/veilarbportefolje/opensearch/OpensearchAdminService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import lombok.extern.slf4j.Slf4j;
import no.nav.common.rest.client.RestUtils;
import no.nav.common.types.identer.AktorId;
import no.nav.pto.veilarbportefolje.config.EnvironmentProperties;
import no.nav.pto.veilarbportefolje.opensearch.domene.OpensearchClientConfig;
import okhttp3.*;
import org.apache.commons.io.IOUtils;
Expand Down Expand Up @@ -45,14 +46,15 @@ public class OpensearchAdminService {
private final OpensearchClientConfig openSearchClientConfig;
private final OkHttpClient httpClient;

private final String opensearchUri;

@Autowired
public OpensearchAdminService(RestHighLevelClient restHighLevelClient, OpensearchClientConfig openSearchClientConfig) {
public OpensearchAdminService(EnvironmentProperties environmentProperties, RestHighLevelClient restHighLevelClient, OpensearchClientConfig openSearchClientConfig) {
this.opensearchUri = environmentProperties.getOpensearchUri();
this.restHighLevelClient = restHighLevelClient;
this.openSearchClientConfig = openSearchClientConfig;

this.httpClient = baseClient();
}

@SneakyThrows
public String opprettNyIndeks() {
return opprettNyIndeks(createIndexName());
Expand Down Expand Up @@ -165,7 +167,6 @@ public String getSettingsOnIndex(String indexName) {
.url(url).get()
.addHeader("Authorization", getAuthHeaderValue(openSearchClientConfig))
.build();

return callAndGetBody(request);
}

Expand Down Expand Up @@ -239,14 +240,24 @@ private String readJsonFromFileStream(InputStream settings) {

@SneakyThrows
private String callAndGetBody(Request request) {
try (Response response = httpClient.newCall(request).execute()) {
RestUtils.throwIfNotSuccessful(response);
try (ResponseBody responseBody = response.body()) {
if (responseBody == null) {
return null;

if (Objects.equals(this.opensearchUri, request.url().uri().toString())) {
log.info("Logger uri OpensearchAdminService callAndGetBody {}", request.url().uri());
try (Response response = httpClient.newCall(request).execute()) {
RestUtils.throwIfNotSuccessful(response);
try (ResponseBody responseBody = response.body()) {
if (responseBody == null) {
return null;
}
return responseBody.string();
}
return responseBody.string();
}
}
} else {
log.error("Feil i uri OpensearchAdminService callAndGetBody {}", request.url().uri());
Response.Builder builder = new Response.Builder();
builder.code(400).message("Illegal URI");
Response responseBadUri = builder.build();
return responseBadUri.toString();
}
}
}
19 changes: 0 additions & 19 deletions src/main/java/no/nav/pto/veilarbportefolje/persononinfo/PersoninfoController.java
View file
Open in desktop

This file was deleted.