HADOOP-12691. Add CSRF Filter for REST APIs to Hadoop Common. Contributed by Larry McCay.
This commit is contained in:
parent
b1ed28fa77
commit
06f4ac0ccd
|
@ -731,6 +731,9 @@ Release 2.8.0 - UNRELEASED
|
||||||
|
|
||||||
HADOOP-11262. Enable YARN to use S3A. (Pieter Reuse via lei)
|
HADOOP-11262. Enable YARN to use S3A. (Pieter Reuse via lei)
|
||||||
|
|
||||||
|
HADOOP-12691. Add CSRF Filter for REST APIs to Hadoop Common.
|
||||||
|
(Larry McCay via cnauroth)
|
||||||
|
|
||||||
IMPROVEMENTS
|
IMPROVEMENTS
|
||||||
|
|
||||||
HADOOP-12458. Retries is typoed to spell Retires in parts of
|
HADOOP-12458. Retries is typoed to spell Retires in parts of
|
||||||
|
|
|
@ -0,0 +1,89 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.apache.hadoop.security.http;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import javax.servlet.Filter;
|
||||||
|
import javax.servlet.FilterChain;
|
||||||
|
import javax.servlet.FilterConfig;
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.ServletRequest;
|
||||||
|
import javax.servlet.ServletResponse;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This filter provides protection against cross site request forgery (CSRF)
|
||||||
|
* attacks for REST APIs. Enabling this filter on an endpoint results in the
|
||||||
|
* requirement of all client to send a particular (configurable) HTTP header
|
||||||
|
* with every request. In the absense of this header the filter will reject the
|
||||||
|
* attempt as a bad request.
|
||||||
|
*/
|
||||||
|
public class RestCsrfPreventionFilter implements Filter {
|
||||||
|
public static final String CUSTOM_HEADER_PARAM = "custom-header";
|
||||||
|
public static final String CUSTOM_METHODS_TO_IGNORE_PARAM =
|
||||||
|
"methods-to-ignore";
|
||||||
|
static final String HEADER_DEFAULT = "X-XSRF-HEADER";
|
||||||
|
static final String METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
|
||||||
|
private String headerName = HEADER_DEFAULT;
|
||||||
|
private Set<String> methodsToIgnore = null;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void init(FilterConfig filterConfig) throws ServletException {
|
||||||
|
String customHeader = filterConfig.getInitParameter(CUSTOM_HEADER_PARAM);
|
||||||
|
if (customHeader != null) {
|
||||||
|
headerName = customHeader;
|
||||||
|
}
|
||||||
|
String customMethodsToIgnore =
|
||||||
|
filterConfig.getInitParameter(CUSTOM_METHODS_TO_IGNORE_PARAM);
|
||||||
|
if (customMethodsToIgnore != null) {
|
||||||
|
parseMethodsToIgnore(customMethodsToIgnore);
|
||||||
|
} else {
|
||||||
|
parseMethodsToIgnore(METHODS_TO_IGNORE_DEFAULT);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void parseMethodsToIgnore(String mti) {
|
||||||
|
String[] methods = mti.split(",");
|
||||||
|
methodsToIgnore = new HashSet<String>();
|
||||||
|
for (int i = 0; i < methods.length; i++) {
|
||||||
|
methodsToIgnore.add(methods[i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void doFilter(ServletRequest request, ServletResponse response,
|
||||||
|
FilterChain chain) throws IOException, ServletException {
|
||||||
|
HttpServletRequest httpRequest = (HttpServletRequest)request;
|
||||||
|
if (methodsToIgnore.contains(httpRequest.getMethod()) ||
|
||||||
|
httpRequest.getHeader(headerName) != null) {
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
} else {
|
||||||
|
((HttpServletResponse)response).sendError(
|
||||||
|
HttpServletResponse.SC_BAD_REQUEST,
|
||||||
|
"Missing Required Header for Vulnerability Protection");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void destroy() {
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,276 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.hadoop.security.http;
|
||||||
|
|
||||||
|
import static org.mockito.Mockito.atLeastOnce;
|
||||||
|
import static org.mockito.Mockito.verify;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import javax.servlet.FilterChain;
|
||||||
|
import javax.servlet.FilterConfig;
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.mockito.Mockito;
|
||||||
|
|
||||||
|
public class TestRestCsrfPreventionFilter {
|
||||||
|
|
||||||
|
private static final String EXPECTED_MESSAGE =
|
||||||
|
"Missing Required Header for Vulnerability Protection";
|
||||||
|
private static final String X_CUSTOM_HEADER = "X-CUSTOM_HEADER";
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testNoHeaderDefaultConfig_badRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn(null);
|
||||||
|
|
||||||
|
// CSRF has not been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
|
||||||
|
thenReturn(null);
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
verify(mockRes, atLeastOnce()).sendError(
|
||||||
|
HttpServletResponse.SC_BAD_REQUEST, EXPECTED_MESSAGE);
|
||||||
|
Mockito.verifyZeroInteractions(mockChain);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testHeaderPresentDefaultConfig_goodRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn(null);
|
||||||
|
|
||||||
|
// CSRF HAS been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
|
||||||
|
thenReturn("valueUnimportant");
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testHeaderPresentCustomHeaderConfig_goodRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).
|
||||||
|
thenReturn(X_CUSTOM_HEADER);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn(null);
|
||||||
|
|
||||||
|
// CSRF HAS been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(X_CUSTOM_HEADER)).
|
||||||
|
thenReturn("valueUnimportant");
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testMissingHeaderWithCustomHeaderConfig_badRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).
|
||||||
|
thenReturn(X_CUSTOM_HEADER);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn(null);
|
||||||
|
|
||||||
|
// CSRF has not been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
|
||||||
|
thenReturn(null);
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
Mockito.verifyZeroInteractions(mockChain);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testMissingHeaderNoMethodsToIgnoreConfig_badRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn("");
|
||||||
|
|
||||||
|
// CSRF has not been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
|
||||||
|
thenReturn(null);
|
||||||
|
Mockito.when(mockReq.getMethod()).
|
||||||
|
thenReturn("GET");
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
Mockito.verifyZeroInteractions(mockChain);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testMissingHeaderIgnoreGETMethodConfig_goodRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn("GET");
|
||||||
|
|
||||||
|
// CSRF has not been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
|
||||||
|
thenReturn(null);
|
||||||
|
Mockito.when(mockReq.getMethod()).
|
||||||
|
thenReturn("GET");
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testMissingHeaderMultipleIgnoreMethodsConfig_goodRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn("GET,OPTIONS");
|
||||||
|
|
||||||
|
// CSRF has not been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
|
||||||
|
thenReturn(null);
|
||||||
|
Mockito.when(mockReq.getMethod()).
|
||||||
|
thenReturn("OPTIONS");
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testMissingHeaderMultipleIgnoreMethodsConfig_badRequest()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
// Setup the configuration settings of the server
|
||||||
|
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
|
||||||
|
Mockito.when(filterConfig.getInitParameter(
|
||||||
|
RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).
|
||||||
|
thenReturn("GET,OPTIONS");
|
||||||
|
|
||||||
|
// CSRF has not been sent
|
||||||
|
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
|
||||||
|
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
|
||||||
|
thenReturn(null);
|
||||||
|
Mockito.when(mockReq.getMethod()).
|
||||||
|
thenReturn("PUT");
|
||||||
|
|
||||||
|
// Objects to verify interactions based on request
|
||||||
|
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
|
||||||
|
FilterChain mockChain = Mockito.mock(FilterChain.class);
|
||||||
|
|
||||||
|
// Object under test
|
||||||
|
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
|
||||||
|
filter.init(filterConfig);
|
||||||
|
filter.doFilter(mockReq, mockRes, mockChain);
|
||||||
|
|
||||||
|
Mockito.verifyZeroInteractions(mockChain);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue