From f681b221ab78d4b0e3d47c2c35328e0d31627d88 Mon Sep 17 00:00:00 2001 From: Vojtech Knaisl Date: Wed, 11 Dec 2019 09:59:19 +0100 Subject: [PATCH] Restrict HTTP redirects to max 10 attempts --- .../entity/exception/HttpRedirectException.java | 9 +++++++++ .../service/deployment/DeploymentService.java | 4 ++-- .../service/instance/InstanceService.java | 17 ++++++++++++++--- 3 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 src/main/java/nl/dtls/adminpanel/entity/exception/HttpRedirectException.java diff --git a/src/main/java/nl/dtls/adminpanel/entity/exception/HttpRedirectException.java b/src/main/java/nl/dtls/adminpanel/entity/exception/HttpRedirectException.java new file mode 100644 index 0000000..2d786e5 --- /dev/null +++ b/src/main/java/nl/dtls/adminpanel/entity/exception/HttpRedirectException.java @@ -0,0 +1,9 @@ +package nl.dtls.adminpanel.entity.exception; + +public class HttpRedirectException extends Exception { + + public HttpRedirectException(String message) { + super(message); + } + +} diff --git a/src/main/java/nl/dtls/adminpanel/service/deployment/DeploymentService.java b/src/main/java/nl/dtls/adminpanel/service/deployment/DeploymentService.java index 4061571..410346e 100644 --- a/src/main/java/nl/dtls/adminpanel/service/deployment/DeploymentService.java +++ b/src/main/java/nl/dtls/adminpanel/service/deployment/DeploymentService.java @@ -63,12 +63,12 @@ public void dispose(Pipeline pipeline) throws IOException { } private void createDirectory(Pipeline pipeline) throws IOException { - log(pipeline, "1. Creating directory - started"); + log(pipeline, "1. Create directory - started"); Instance instance = pipeline.getInstance(); Server server = instance.getServer(); String createDirCommand = format("mkdir %s", instance.getPath()); sshService.ssh(server, createDirCommand); - log(pipeline, "1. Creating directory - ended"); + log(pipeline, "1. Create directory - ended"); } private void copyBinaryFiles(Pipeline pipeline) throws IOException { diff --git a/src/main/java/nl/dtls/adminpanel/service/instance/InstanceService.java b/src/main/java/nl/dtls/adminpanel/service/instance/InstanceService.java index abd8d75..46e73ee 100644 --- a/src/main/java/nl/dtls/adminpanel/service/instance/InstanceService.java +++ b/src/main/java/nl/dtls/adminpanel/service/instance/InstanceService.java @@ -15,6 +15,7 @@ import nl.dtls.adminpanel.database.repository.instance.InstanceRepository; import nl.dtls.adminpanel.database.repository.server.ServerRepository; import nl.dtls.adminpanel.entity.application.Application; +import nl.dtls.adminpanel.entity.exception.HttpRedirectException; import nl.dtls.adminpanel.entity.exception.ValidationException; import nl.dtls.adminpanel.entity.instance.Instance; import nl.dtls.adminpanel.entity.instance.InstanceStatus; @@ -32,6 +33,8 @@ @Service public class InstanceService { + private static final int MAX_HTTP_REDIRECT_ATTEMPTS = 10; + @Autowired private InstanceRepository instanceRepository; @@ -126,10 +129,14 @@ public boolean deleteInstance(String uuid) { private InstanceStatus computeInstanceStatus(Instance instance) { try { - doHttpCall(instance.getUrl()); + doHttpCall(instance.getUrl(), 0); return InstanceStatus.RUNNING; } catch (ResourceAccessException e) { return InstanceStatus.NOT_RUNNING; + } catch (HttpRedirectException e) { + log.info("Instance {} ({}, status: {})", instance.getUrl(), + e.getMessage(), InstanceStatus.ERROR); + return InstanceStatus.ERROR; } catch (HttpClientErrorException e) { log.info("Instance {} (http: {}, status: {})", instance.getUrl(), e.getStatusCode().toString(), InstanceStatus.ERROR); @@ -137,13 +144,17 @@ private InstanceStatus computeInstanceStatus(Instance instance) { } } - private ResponseEntity doHttpCall(String url) { + private ResponseEntity doHttpCall(String url, int attempts) + throws HttpRedirectException { + if (attempts >= MAX_HTTP_REDIRECT_ATTEMPTS) { + throw new HttpRedirectException("Too many HTTP redirect attempts"); + } ResponseEntity response = restTemplate.getForEntity(url, String.class); if (response.getStatusCode() == HttpStatus.FOUND || response.getStatusCode() == HttpStatus.MOVED_PERMANENTLY) { List locations = response.getHeaders().get(HttpHeaders.LOCATION); if (locations != null && locations.size() == 1) { - return doHttpCall(locations.get(0)); + return doHttpCall(locations.get(0), attempts + 1); } } return response;