mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-01-09 07:33:42 +00:00
Code Issues Releases Wiki Activity

Sanitize EPP XML requests and responses

Browse Source 
Masks user credentials (tags 'pw' and 'newPW') in EPP XML messages.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=207953894
This commit is contained in:
weiminyu
2018-08-08 15:13:02 -07:00
committed by jianglai
parent 9eec70729f
commit 81fce674d2
11 changed files with 415 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/google/registry/flows/EppRequestHandler.java
View File

@@ -16,6 +16,7 @@ package google.registry.flows;
import static google.registry.flows.EppXmlTransformer.marshalWithLenientRetry;
import static google.registry.model.eppoutput.Result.Code.SUCCESS_AND_CLOSE;
import static google.registry.xml.XmlTransformer.prettyPrint;
import static java.nio.charset.StandardCharsets.UTF_8;
import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
import static javax.servlet.http.HttpServletResponse.SC_OK;
@@ -53,7 +54,10 @@ public class EppRequestHandler {
eppController.handleEppCommand(
sessionMetadata, credentials, eppRequestSource, isDryRun, isSuperuser, inputXmlBytes);
response.setContentType(APPLICATION_EPP_XML);
response.setPayload(new String(marshalWithLenientRetry(eppOutput), UTF_8));
byte[] eppResponseXmlBytes = marshalWithLenientRetry(eppOutput);
response.setPayload(new String(eppResponseXmlBytes, UTF_8));
logger.atInfo().log(
"EPP response: %s", prettyPrint(EppXmlSanitizer.sanitizeEppXml(eppResponseXmlBytes)));
// Note that we always return 200 (OK) even if the EppController returns an error response.
// This is because returning a non-OK HTTP status code will cause the proxy server to
// silently close the connection without returning any data. The only time we will ever return