diff --git a/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java b/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java index b02fb2e..b977598 100644 --- a/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java +++ b/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java @@ -41,6 +41,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.net.URI; import java.nio.charset.Charset; import java.util.List; import java.util.Map; @@ -50,6 +51,7 @@ import java.util.regex.Pattern; import java.util.stream.Collectors; + /** * A service that may delegate an incoming * agent http request ot another agent in the @@ -129,6 +131,22 @@ public DelegationResponse executeQueryRemote(String remoteUrl, String skill, Str } + /** + * URL Validation + * + * @param url URL string for validation + * @return Returns true if the URL is valid, false otherwise. + */ + public static boolean isValid(String url) { + // Try creating a valid URL + try { + new URI(url).toURL(); + return true; + } catch (Exception e) { // If there was an Exception while creating URL object + return false; + } + } + /** * route a get request * @@ -142,16 +160,21 @@ public DelegationResponse sendGetRequest(EndpointDataReference dataReference, St monitor.debug(String.format("About to delegate GET %s", url)); - var requestBuilder = new okhttp3.Request.Builder() - .url(url); + if (isValid(url.toString())) { - if (dataReference.getAuthKey() != null) { - requestBuilder = requestBuilder.addHeader(dataReference.getAuthKey(), Objects.requireNonNull(dataReference.getAuthCode())); - } + var requestBuilder = new okhttp3.Request.Builder() + .url(url); + + if (dataReference.getAuthKey() != null) { + requestBuilder = requestBuilder.addHeader(dataReference.getAuthKey(), Objects.requireNonNull(dataReference.getAuthCode())); + } - var newRequest = requestBuilder.build(); + var newRequest = requestBuilder.build(); - return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build()); + return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build()); + } else { + return null; + } } /** @@ -170,19 +193,25 @@ public DelegationResponse sendPostRequest(EndpointDataReference dataReference, S monitor.debug(String.format("About to delegate POST %s with content type %s", url, contentType)); - var requestBuilder = new okhttp3.Request.Builder() - .url(url) - .addHeader("Content-Type", contentType); + if (isValid(url.toString())) { - if (dataReference.getAuthKey() != null) { - requestBuilder = requestBuilder.addHeader(dataReference.getAuthKey(), Objects.requireNonNull(dataReference.getAuthCode())); - } + var requestBuilder = new okhttp3.Request.Builder() + .url(url) + .addHeader("Content-Type", contentType); - requestBuilder.post(okhttp3.RequestBody.create(request.getInputStream().readAllBytes(), parsedContentType)); + if (dataReference.getAuthKey() != null) { + requestBuilder = requestBuilder.addHeader(dataReference.getAuthKey(), Objects.requireNonNull(dataReference.getAuthCode())); + } - var newRequest = requestBuilder.build(); + requestBuilder.post(okhttp3.RequestBody.create(request.getInputStream().readAllBytes(), parsedContentType)); - return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build()); + var newRequest = requestBuilder.build(); + + return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build()); + + } else { + return null; + } } protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?(?!asset$)[^&?=]+)$"); diff --git a/matchmaking/src/main/java/org/eclipse/tractusx/agents/service/DataManagement.java b/matchmaking/src/main/java/org/eclipse/tractusx/agents/service/DataManagement.java index e2db94b..546ef7a 100644 --- a/matchmaking/src/main/java/org/eclipse/tractusx/agents/service/DataManagement.java +++ b/matchmaking/src/main/java/org/eclipse/tractusx/agents/service/DataManagement.java @@ -41,6 +41,7 @@ import org.eclipse.tractusx.agents.utils.TypeManager; import java.io.IOException; +import java.net.URI; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.List; @@ -425,6 +426,22 @@ public IdResponse createOrUpdateGraph(String assetId, String name, String descri return createOrUpdateAsset(assetId, assetSpec); } + /** + * URL Validation + * + * @param url URL string for validation + * @return Returns true if the URL is valid, false otherwise. + */ + public static boolean isValid(String url) { + // Try creating a valid URL + try { + new URI(url).toURL(); + return true; + } catch (Exception e) { // If there was an Exception while creating URL object + return false; + } + } + /** * deletes an existing aseet * @@ -435,19 +452,25 @@ public IdResponse createOrUpdateGraph(String assetId, String name, String descri public IdResponse deleteAsset(String assetId) throws IOException { String version = "/v3"; var url = String.format(ASSET_UPDATE_CALL, config.getControlPlaneManagementProviderUrl(), version, assetId); - var request = new Request.Builder().url(url).delete(); - config.getControlPlaneManagementHeaders().forEach(request::addHeader); - try (var response = httpClient.newCall(request.build()).execute()) { - ResponseBody body = response.body(); - if (response.isSuccessful() && body != null) { - return JsonLd.processIdResponse(body.string()); - } else { - monitor.warning(format("Failure in calling the control plane at %s. Ignoring", url)); - return null; + + if (isValid(url)) { + var request = new Request.Builder().url(url).delete(); + config.getControlPlaneManagementHeaders().forEach(request::addHeader); + try (var response = httpClient.newCall(request.build()).execute()) { + ResponseBody body = response.body(); + if (response.isSuccessful() && body != null) { + return JsonLd.processIdResponse(body.string()); + } else { + monitor.warning(format("Failure in calling the control plane at %s. Ignoring", url)); + return null; + } + } catch (Exception e) { + monitor.severe(format("Error in calling the control plane at %s", url), e); + throw e; } - } catch (Exception e) { - monitor.severe(format("Error in calling the control plane at %s", url), e); - throw e; + } else { + monitor.warning(format("Invalid URL", url)); + return null; } }