fix: forging attacks vulnerability

InseeFr · Feb 21, 2024 · 156e01f · 156e01f
1 parent 6b9166f
commit 156e01f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/main/java/fr/insee/rmes/ToColecticaApi/service/ColecticaServiceImpl.java b/src/main/java/fr/insee/rmes/ToColecticaApi/service/ColecticaServiceImpl.java
@@ -306,6 +306,9 @@ private ResponseEntity<String> searchColecticaInstanceByUuid(String uuid) {
     }
 
     private ResponseEntity<String> getStringResponseEntity(String uuid, CloseableHttpClient httpClient) throws ExceptionColecticaUnreachable, JsonProcessingException {
+        if (!uuid.matches("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89ABab][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$")) {
+            throw new IllegalArgumentException("UUID invalide");
+        }
         HttpGet httpGet = getHttpGet(uuid);
 
         try (CloseableHttpResponse response = httpClient.execute(httpGet)) {