FINERACT-1872: Template request fix for 1.8.x
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java
index fb888cb..2775297 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java
@@ -19,6 +19,7 @@
package org.apache.fineract.infrastructure.core.config;
+import java.util.List;
import lombok.Getter;
import lombok.Setter;
import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -36,6 +37,8 @@
private FineractCorrelationProperties correlation;
+ private FineractTemplateProperties template;
+
@Getter
@Setter
public static class FineractTenantProperties {
@@ -72,4 +75,12 @@
private boolean enabled;
private String headerName;
}
+
+ @Getter
+ @Setter
+ public static class FineractTemplateProperties {
+
+ private boolean regexWhitelistEnabled;
+ private List<String> regexWhitelist;
+ }
}
diff --git a/fineract-provider/src/main/java/org/apache/fineract/template/exception/TemplateForbiddenException.java b/fineract-provider/src/main/java/org/apache/fineract/template/exception/TemplateForbiddenException.java
new file mode 100644
index 0000000..1a8049d
--- /dev/null
+++ b/fineract-provider/src/main/java/org/apache/fineract/template/exception/TemplateForbiddenException.java
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.template.exception;
+
+import org.apache.fineract.infrastructure.core.exception.AbstractPlatformException;
+
+public class TemplateForbiddenException extends AbstractPlatformException {
+
+ public TemplateForbiddenException(final String url) {
+ super("error.msg.template.url.forbidden", "Template with url " + url + " not allowed");
+ }
+}
diff --git a/fineract-provider/src/main/java/org/apache/fineract/template/service/TemplateMergeService.java b/fineract-provider/src/main/java/org/apache/fineract/template/service/TemplateMergeService.java
index f24bd4e..e2778b9 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/template/service/TemplateMergeService.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/template/service/TemplateMergeService.java
@@ -38,19 +38,24 @@
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.fineract.infrastructure.core.config.FineractProperties;
import org.apache.fineract.template.domain.Template;
import org.apache.fineract.template.domain.TemplateFunctions;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.fineract.template.exception.TemplateForbiddenException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
+@Slf4j
+@RequiredArgsConstructor
@Service
public class TemplateMergeService {
- private static final Logger LOG = LoggerFactory.getLogger(TemplateMergeService.class);
+ private final FineractProperties fineractProperties;
- // private final FromJsonHelper fromApiJsonHelper;
private Map<String, Object> scopes;
private String authToken;
@@ -92,7 +97,7 @@
try {
this.scopes.put(entry.getKey(), getMapFromUrl(url));
} catch (final IOException e) {
- LOG.error("getCompiledMapFromMappers() failed", e);
+ log.error("getCompiledMapFromMappers() failed", e);
}
}
}
@@ -114,6 +119,26 @@
}
private HttpURLConnection getConnection(final String url) {
+ if (fineractProperties.getTemplate() != null && fineractProperties.getTemplate().isRegexWhitelistEnabled()) {
+ boolean whitelisted = false;
+
+ if (fineractProperties.getTemplate().getRegexWhitelist() != null
+ && !fineractProperties.getTemplate().getRegexWhitelist().isEmpty()) {
+ for (String urlPattern : fineractProperties.getTemplate().getRegexWhitelist()) {
+ Pattern pattern = Pattern.compile(urlPattern);
+ Matcher matcher = pattern.matcher(url);
+ if (matcher.matches()) {
+ whitelisted = true;
+ break;
+ }
+ }
+ }
+
+ if (!whitelisted) {
+ throw new TemplateForbiddenException(url);
+ }
+ }
+
if (this.authToken == null) {
final String name = SecurityContextHolder.getContext().getAuthentication().getName();
final String password = SecurityContextHolder.getContext().getAuthentication().getCredentials().toString();
@@ -138,7 +163,7 @@
connection.setDoInput(true);
} catch (IOException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
- LOG.error("getConnection() failed, return null", e);
+ log.error("getConnection() failed, return null", e);
}
return connection;
@@ -158,13 +183,13 @@
}
} catch (final IOException e) {
- LOG.error("getStringFromInputStream() failed", e);
+ log.error("getStringFromInputStream() failed", e);
} finally {
if (br != null) {
try {
br.close();
} catch (final IOException e) {
- LOG.error("Problem occurred in getStringFromInputStream function", e);
+ log.error("Problem occurred in getStringFromInputStream function", e);
}
}
}
diff --git a/fineract-provider/src/main/resources/application.properties b/fineract-provider/src/main/resources/application.properties
index 15ee11e..1d47970 100644
--- a/fineract-provider/src/main/resources/application.properties
+++ b/fineract-provider/src/main/resources/application.properties
@@ -48,6 +48,9 @@
fineract.content.mime-whitelist-enabled=${FINERACT_CONTENT_MIME_WHITELIST_ENABLED:true}
fineract.content.mime-whitelist=${FINERACT_CONTENT_MIME_WHITELIST:application/pdf,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,image/jpeg,image/png}
+fineract.template.regex-whitelist-enabled=${FINERACT_TEMPLATE_REGEX_WHITELIST_ENABLED:true}
+fineract.template.regex-whitelist=${FINERACT_TEMPLATE_REGEX_WHITELIST:}
+
# Logging pattern for the console
logging.pattern.console=${CONSOLE_LOG_PATTERN:%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(%replace([%X{correlationId}]){'\\[\\]', ''}) %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}}
diff --git a/fineract-provider/src/test/java/org/apache/fineract/template/service/TemplateServiceStepDefinitions.java b/fineract-provider/src/test/java/org/apache/fineract/template/service/TemplateServiceStepDefinitions.java
index 0cf4fd1..0b1819d 100644
--- a/fineract-provider/src/test/java/org/apache/fineract/template/service/TemplateServiceStepDefinitions.java
+++ b/fineract-provider/src/test/java/org/apache/fineract/template/service/TemplateServiceStepDefinitions.java
@@ -34,11 +34,12 @@
import org.apache.commons.io.IOUtils;
import org.apache.fineract.template.domain.Template;
import org.apache.fineract.template.domain.TemplateMapper;
+import org.springframework.beans.factory.annotation.Autowired;
public class TemplateServiceStepDefinitions implements En {
- private TemplateMergeService tms = new TemplateMergeService();
-
+ @Autowired
+ private TemplateMergeService tms;
private String template;
private Map<String, Object> data;
