Xinwen Deng / aem-src

SlingGetServletHealthCheck.java 5.34 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  org.apache.felix.scr.annotations.Component
 *  org.apache.felix.scr.annotations.Properties
 *  org.apache.felix.scr.annotations.Property
 *  org.apache.felix.scr.annotations.PropertyUnbounded
 *  org.apache.felix.scr.annotations.Reference
 *  org.apache.felix.scr.annotations.Service
 *  org.apache.sling.commons.osgi.PropertiesUtil
 *  org.apache.sling.hc.api.HealthCheck
 *  org.apache.sling.hc.api.Result
 *  org.apache.sling.hc.api.ResultLog
 *  org.apache.sling.hc.util.FormattingResultLog
 *  org.osgi.framework.InvalidSyntaxException
 *  org.osgi.service.cm.Configuration
 *  org.osgi.service.cm.ConfigurationAdmin
 */
package com.adobe.granite.bundles.hc.impl;

import java.io.IOException;
import java.util.Dictionary;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.api.ResultLog;
import org.apache.sling.hc.util.FormattingResultLog;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;

@Component(metatype=1, label="Adobe Granite Sling Get Servlet Health Check", description="Checks if the default Sling Get Servlet configuration follows the security guidelines.")
@Properties(value={@Property(name="hc.name", value={"Sling Get Servlet"}, label="Name", description="Name of the health check."), @Property(name="hc.tags", unbounded=PropertyUnbounded.ARRAY, value={"dos", "sling", "security", "production"}, label="Tags", description="Tags for the health check."), @Property(name="hc.mbean.name", value={"defaultSlingGetServletConfig"}, label="MBean Name", description="Name of the JMX mbean to register for this check.")})
@Service(value={HealthCheck.class})
public class SlingGetServletHealthCheck
implements HealthCheck {
    @Reference
    private ConfigurationAdmin configurationAdmin;
    private static final String GET_SERVLET_PID = "org.apache.sling.servlets.get.DefaultGetServlet";

    public Result execute() {
        FormattingResultLog resultLog = new FormattingResultLog();
        boolean success = true;
        String filter = "(service.pid=org.apache.sling.servlets.get.DefaultGetServlet)";
        try {
            Configuration[] slingGetServletCfgs = this.configurationAdmin.listConfigurations(filter);
            if (slingGetServletCfgs == null) {
                resultLog.warn("The Sling Get Servlet configuration has not been changed.", new Object[0]);
                success = false;
            } else {
                for (Configuration config : slingGetServletCfgs) {
                    Dictionary properties = config.getProperties();
                    boolean htmlEnabled = PropertiesUtil.toBoolean(properties.get("enable.html"), (boolean)false);
                    boolean textEnabled = PropertiesUtil.toBoolean(properties.get("enable.txt"), (boolean)false);
                    boolean xmlEnabled = PropertiesUtil.toBoolean(properties.get("enable.xml"), (boolean)false);
                    if (htmlEnabled) {
                        resultLog.warn("The default HTML renderer is enabled.", new Object[0]);
                    }
                    if (textEnabled) {
                        resultLog.warn("The default plain text renderer is enabled.", new Object[0]);
                    }
                    if (xmlEnabled) {
                        resultLog.warn("The default XML renderer is enabled.", new Object[0]);
                    }
                    success = !htmlEnabled && !textEnabled && !xmlEnabled;
                }
            }
            resultLog.debug("[The default HTML, plain text and XML renderers of the Sling Get Servlet should be disabled. Otherwise, the system might be exposed to DoS attacks.]( )", new Object[0]);
            if (success) {
                resultLog.debug("The Sling Get Servlet is configured properly.", new Object[0]);
            } else {
                resultLog.debug("[You can configure the Sling GET Servlet via the configuration manager.]({})", new Object[]{"/system/console/configMgr/org.apache.sling.servlets.get.DefaultGetServlet"});
                resultLog.debug("[Check the 'Configuring Sling to Prevent DoS' section of the security guidelines.](https://www.adobe.com/go/aem6_2_docs_security_slingdos_en)", new Object[0]);
            }
        }
        catch (IOException e) {
            resultLog.warn("Could not access the Sling Get Servlet configuration.", new Object[0]);
        }
        catch (InvalidSyntaxException e) {
            resultLog.warn("Could not access the Sling Get Servlet configuration.", new Object[0]);
        }
        return new Result((ResultLog)resultLog);
    }

    protected void bindConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.configurationAdmin = configurationAdmin;
    }

    protected void unbindConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        if (this.configurationAdmin == configurationAdmin) {
            this.configurationAdmin = null;
        }
    }
}