Commit ff173192 authored by Jorge Moratinos's avatar Jorge Moratinos
Browse files

Merge branch 'OCF195-denial-of-service-via-missing-http-header-validation' into 'staging' 

Resolve "Denial of Service via Missing HTTP Header Validation"

See merge request !180
parents e68b9b4e efa2f244

services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/individual_on_boarded_api_invoker_document_controller.py

+7 −1
Original line number Original line Diff line number Diff line
@@ -6,6 +6,8 @@ from cryptography import x509 
from cryptography.hazmat.backends import default_backend

from cryptography.hazmat.backends import default_backend

from flask import current_app, request

from flask import current_app, request





from ..core.responses import unauthorized_error



from ..core.apiinvokerenrolmentdetails import InvokerManagementOperations

from ..core.apiinvokerenrolmentdetails import InvokerManagementOperations

from ..core.validate_user import ControlAccess

from ..core.validate_user import ControlAccess

from ..models.api_invoker_enrolment_details import \

from ..models.api_invoker_enrolment_details import \
@@ -20,7 +22,11 @@ def cert_validation(): 
        def __cert_validation(*args, **kwargs):

        def __cert_validation(*args, **kwargs):





            args = request.view_args

            args = request.view_args

            cert_tmp = request.headers['X-Ssl-Client-Cert']

            cert_tmp = request.headers.get('X-Ssl-Client-Cert')

            

            if not cert_tmp:

                return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing")

            

            cert_raw = cert_tmp.replace('\t', '')

            cert_raw = cert_tmp.replace('\t', '')





            cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

            cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py

+8 −1
Original line number Original line Diff line number Diff line
@@ -33,7 +33,7 @@ def bad_request_error(detail, cause, invalid_params): 
    prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params)

    prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params)

    prob = serialize_clean_camel_case(prob)

    prob = serialize_clean_camel_case(prob)





    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause)

    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype)









def not_found_error(detail, cause):

def not_found_error(detail, cause):
@@ -41,3 +41,10 @@ def not_found_error(detail, cause): 
    prob = serialize_clean_camel_case(prob)

    prob = serialize_clean_camel_case(prob)





    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype)

    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype)





def unauthorized_error(detail, cause):

    prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause)

    prob = serialize_clean_camel_case(prob)



    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype)

services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py

+7 −1
Original line number Original line Diff line number Diff line
@@ -9,6 +9,8 @@ from cryptography.hazmat.backends import default_backend 
from flask import current_app, request

from flask import current_app, request

from flask_jwt_extended import get_jwt_identity, jwt_required

from flask_jwt_extended import get_jwt_identity, jwt_required





from ..core.responses import unauthorized_error



from ..core.provider_enrolment_details_api import ProviderManagementOperations

from ..core.provider_enrolment_details_api import ProviderManagementOperations

from ..core.validate_user import ControlAccess

from ..core.validate_user import ControlAccess
@@ -21,7 +23,11 @@ def cert_validation(): 
        def __cert_validation(*args, **kwargs):

        def __cert_validation(*args, **kwargs):





            args = request.view_args

            args = request.view_args

            cert_tmp = request.headers['X-Ssl-Client-Cert']

            cert_tmp = request.headers.get('X-Ssl-Client-Cert')

            

            if not cert_tmp:

                return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing")

            

            cert_raw = cert_tmp.replace('\t', '')

            cert_raw = cert_tmp.replace('\t', '')





            cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

            cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py

+7 −1
Original line number Original line Diff line number Diff line
@@ -3,6 +3,8 @@ from flask import current_app, request 
from cryptography import x509

from cryptography import x509

from cryptography.hazmat.backends import default_backend

from cryptography.hazmat.backends import default_backend





from ..core.responses import unauthorized_error



from ..core.provider_enrolment_details_api import ProviderManagementOperations

from ..core.provider_enrolment_details_api import ProviderManagementOperations

from ..core.validate_user import ControlAccess

from ..core.validate_user import ControlAccess

from ..models.api_provider_enrolment_details_patch import \

from ..models.api_provider_enrolment_details_patch import \
@@ -17,7 +19,11 @@ def cert_validation(): 
        def __cert_validation(*args, **kwargs):

        def __cert_validation(*args, **kwargs):





            args = request.view_args

            args = request.view_args

            cert_tmp = request.headers['X-Ssl-Client-Cert']

            cert_tmp = request.headers.get('X-Ssl-Client-Cert')

            

            if not cert_tmp:

                return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing")

            

            cert_raw = cert_tmp.replace('\t', '')

            cert_raw = cert_tmp.replace('\t', '')





            cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

            cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py

+8 −1
Original line number Original line Diff line number Diff line
@@ -33,7 +33,7 @@ def bad_request_error(detail, cause, invalid_params): 
    prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params)

    prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params)

    prob = serialize_clean_camel_case(prob)

    prob = serialize_clean_camel_case(prob)





    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause)

    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype)









def not_found_error(detail, cause):

def not_found_error(detail, cause):
@@ -41,3 +41,10 @@ def not_found_error(detail, cause): 
    prob = serialize_clean_camel_case(prob)

    prob = serialize_clean_camel_case(prob)





    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype)

    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype)





def unauthorized_error(detail, cause):

    prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause)

    prob = serialize_clean_camel_case(prob)



    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype)