diff options
| author |  Kristóf Marussy <kristof@marussy.com> | 2024-02-24 21:25:57 +0100 |
|---|---|---|
| committer | Kristóf Marussy <kristof@marussy.com> | 2024-02-24 21:28:15 +0100 |
| commit | 9bd982b1054c5e9f4a11c4788644e9e15bb23558 (patch) | |
| tree | 05441cef8cd5e77ac951471ea4de57b648fb8f9d | |
| parent | Merge pull request #55 from kris7t/svg-export (diff) | |
| download | refinery-9bd982b1054c5e9f4a11c4788644e9e15bb23558.tar.gz refinery-9bd982b1054c5e9f4a11c4788644e9e15bb23558.tar.zst refinery-9bd982b1054c5e9f4a11c4788644e9e15bb23558.zip | |
fix(web): Sonar security issue
See
https://sonarcloud.io/organizations/graphs4value/rules?open=java%3AS1989&rule_key=java%3AS1989
| -rw-r--r-- | subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java b/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java index 7d0a5122..5a57ad71 100644 --- a/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java +++ b/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java | |||
| @@ -12,10 +12,14 @@ import jakarta.servlet.http.HttpServlet; | |||
| 12 | import jakarta.servlet.http.HttpServletRequest; | 12 | import jakarta.servlet.http.HttpServletRequest; |
| 13 | import jakarta.servlet.http.HttpServletResponse; | 13 | import jakarta.servlet.http.HttpServletResponse; |
| 14 | import org.eclipse.jetty.http.HttpStatus; | 14 | import org.eclipse.jetty.http.HttpStatus; |
| 15 | import org.slf4j.Logger; | ||
| 16 | import org.slf4j.LoggerFactory; | ||
| 15 | 17 | ||
| 16 | import java.io.IOException; | 18 | import java.io.IOException; |
| 17 | 19 | ||
| 18 | public class BackendConfigServlet extends HttpServlet { | 20 | public class BackendConfigServlet extends HttpServlet { |
| 21 | private static final Logger LOG = LoggerFactory.getLogger(BackendConfigServlet.class); | ||
| 22 | |||
| 19 | public static final String WEBSOCKET_URL_INIT_PARAM = "tools.refinery.language.web.config.BackendConfigServlet" + | 23 | public static final String WEBSOCKET_URL_INIT_PARAM = "tools.refinery.language.web.config.BackendConfigServlet" + |
| 20 | ".webSocketUrl"; | 24 | ".webSocketUrl"; |
| 21 | 25 | ||
| @@ -31,11 +35,19 @@ public class BackendConfigServlet extends HttpServlet { | |||
| 31 | } | 35 | } |
| 32 | 36 | ||
| 33 | @Override | 37 | @Override |
| 34 | protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { | 38 | protected void doGet(HttpServletRequest req, HttpServletResponse resp) { |
| 35 | resp.setStatus(HttpStatus.OK_200); | 39 | resp.setStatus(HttpStatus.OK_200); |
| 36 | resp.setContentType("application/json"); | 40 | resp.setContentType("application/json"); |
| 37 | var writer = resp.getWriter(); | 41 | try { |
| 38 | writer.write(serializedConfig); | 42 | var writer = resp.getWriter(); |
| 39 | writer.flush(); | 43 | writer.write(serializedConfig); |
| 44 | writer.flush(); | ||
| 45 | } catch (IOException e) { | ||
| 46 | LOG.error("Failed to write backend config", e); | ||
| 47 | if (!resp.isCommitted()) { | ||
| 48 | resp.reset(); | ||
| 49 | resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); | ||
| 50 | } | ||
| 51 | } | ||
| 40 | } | 52 | } |
| 41 | } | 53 | } |