From c1e00806ad095694a1fa24b672ad1d1ee9941ef9 Mon Sep 17 00:00:00 2001 From: Gokulraj C <110164849+GOKULRAJ136@users.noreply.github.com> Date: Mon, 1 Apr 2024 18:02:24 +0530 Subject: [PATCH] MOSIP-21009 : Sonar Security Hotspots Of Admin Module (#947) * Update KeyManagerProxyController.java Signed-off-by: Gokulraj C <110164849+GOKULRAJ136@users.noreply.github.com> * Segregated HTTP methods in MasterData & KeyManager ProxyControllers Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com> * Updated new changes Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com> --------- Signed-off-by: Gokulraj C <110164849+GOKULRAJ136@users.noreply.github.com> Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com> --- .../controller/KeyManagerProxyController.java | 84 +++++++++++++++---- .../controller/MasterdataProxyController.java | 81 ++++++++++++++---- 2 files changed, 135 insertions(+), 30 deletions(-) diff --git a/admin/admin-service/src/main/java/io/mosip/admin/controller/KeyManagerProxyController.java b/admin/admin-service/src/main/java/io/mosip/admin/controller/KeyManagerProxyController.java index b160e76f80e..0f36594da87 100644 --- a/admin/admin-service/src/main/java/io/mosip/admin/controller/KeyManagerProxyController.java +++ b/admin/admin-service/src/main/java/io/mosip/admin/controller/KeyManagerProxyController.java @@ -1,7 +1,7 @@ package io.mosip.admin.controller; -import javax.servlet.http.HttpServletRequest; - +import io.mosip.admin.packetstatusupdater.util.AuditUtil; +import io.mosip.admin.packetstatusupdater.util.EventEnum; import io.mosip.admin.service.AdminProxyService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.Content; @@ -15,8 +15,8 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; -import io.mosip.admin.packetstatusupdater.util.AuditUtil; -import io.mosip.admin.packetstatusupdater.util.EventEnum; + +import javax.servlet.http.HttpServletRequest; @RestController @RequestMapping("/keymanager/") @@ -32,16 +32,70 @@ public class KeyManagerProxyController { @Value("${mosip.admin.keymanager.service.url}") private String url; - @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = { RequestMethod.GET, - RequestMethod.POST, RequestMethod.DELETE,RequestMethod.PATCH,RequestMethod.PUT }) - @Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller") - @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "OK"), - @ApiResponse(responseCode = "401", description = "Unauthorized" ,content = @Content(schema = @Schema(hidden = true))), - @ApiResponse(responseCode = "403", description = "Forbidden" ,content = @Content(schema = @Schema(hidden = true))), - @ApiResponse(responseCode = "404", description = "Not Found" ,content = @Content(schema = @Schema(hidden = true)))}) - public ResponseEntity keyManagerProxyController(@RequestBody(required = false) String body, - HttpServletRequest request) { - auditUtil.setAuditRequestDto(EventEnum.KEYMANAGER_PROXY_API_CALLED,null); - return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request,url)); + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET) + @Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity getKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.KEYMANAGER_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url)); + } + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST) + @Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity postKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url)); + } + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.DELETE) + @Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity deleteKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url)); + } + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PUT) + @Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity putKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url)); } + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PATCH) + @Operation(summary = "KeyManager proxy", description = "KeyManager proxy for PATCH requests", tags = "KeyManager-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity patchKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url)); + } + } + diff --git a/admin/admin-service/src/main/java/io/mosip/admin/controller/MasterdataProxyController.java b/admin/admin-service/src/main/java/io/mosip/admin/controller/MasterdataProxyController.java index fac69ce775d..d647b7695da 100644 --- a/admin/admin-service/src/main/java/io/mosip/admin/controller/MasterdataProxyController.java +++ b/admin/admin-service/src/main/java/io/mosip/admin/controller/MasterdataProxyController.java @@ -14,10 +14,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletRequest; @@ -35,17 +32,71 @@ public class MasterdataProxyController { @Value("${mosip.admin.masterdata.service.url}") private String url; - @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = { RequestMethod.GET, - RequestMethod.POST, RequestMethod.DELETE,RequestMethod.PATCH,RequestMethod.PUT }) - @Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller") - @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "OK"), - @ApiResponse(responseCode = "401", description = "Unauthorized" ,content = @Content(schema = @Schema(hidden = true))), - @ApiResponse(responseCode = "403", description = "Forbidden" ,content = @Content(schema = @Schema(hidden = true))), - @ApiResponse(responseCode = "404", description = "Not Found" ,content = @Content(schema = @Schema(hidden = true)))}) - public ResponseEntity masterDataProxyController(@RequestBody(required = false) String body, - HttpServletRequest request) { - auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED,null); - return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request,url)); + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET) + @Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity getMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url)); + } + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST) + @Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity postMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url)); + } + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.DELETE) + @Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity deleteMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url)); + } + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PUT) + @Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity putMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url)); + } + + + @RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PATCH) + @Operation(summary = "Master data proxy", description = "Master data proxy for PATCH requests", tags = "proxy-masterdata-controller") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "OK"), + @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))), + @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) + }) + public ResponseEntity patchMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) { + auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null); + return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url)); } } +