catenax-ng · adkumar1 · Apr 20, 2023 · Apr 19, 2023
diff --git a/src/main/java/org/eclipse/tractusx/autosetup/config/SecurityConfig.java b/src/main/java/org/eclipse/tractusx/autosetup/config/SecurityConfig.java
@@ -20,7 +20,12 @@
 
 package org.eclipse.tractusx.autosetup.config;
 
-import lombok.SneakyThrows;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Stream;
+
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.context.annotation.Bean;
@@ -36,16 +41,12 @@
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AnyRequestMatcher;
+import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.stream.Stream;
+import lombok.SneakyThrows;
 
 @Configuration
 @EnableWebSecurity
@@ -118,9 +119,14 @@ public SecurityFilterChain filterChain(HttpSecurity http, Jwt2AuthenticationConv
             .anyRequest().authenticated();
         // @formatter:on
 
-		http.headers().xssProtection().and()
-				.contentSecurityPolicy("default-src 'self'; script-src 'self' 'unsafe-inline'").and()
-				.httpStrictTransportSecurity().requestMatcher(AnyRequestMatcher.INSTANCE);
+		http.headers().xssProtection(xssProtection -> xssProtection.headerValue(HeaderValue.ENABLED_MODE_BLOCK));
+
+		http.headers()
+		      .contentSecurityPolicy("default-src 'self'; script-src 'self'")
+		      .and()
+		      .httpStrictTransportSecurity()
+		      		.includeSubDomains(true)
+		      		.maxAgeInSeconds(15724800);
 
 		return http.build();
 	}

diff --git a/src/main/java/org/eclipse/tractusx/autosetup/controller/AppDetailsController.java b/src/main/java/org/eclipse/tractusx/autosetup/controller/AppDetailsController.java
@@ -42,6 +42,7 @@
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import jakarta.validation.Valid;
 
 @RestController
 public class AppDetailsController {
@@ -54,7 +55,7 @@ public class AppDetailsController {
 	@ApiResponses(value = {
 			@ApiResponse(responseCode = "200", description = "OK", content = @Content(schema = @Schema(implementation = AppDetails.class))) })
 	@PostMapping("/internal/app-details")
-	public AppDetails createOrUpdateAppInfo(@RequestBody AppDetailsRequest appDetailsRequest) {
+	public AppDetails createOrUpdateAppInfo(@Valid @RequestBody AppDetailsRequest appDetailsRequest) {
 		return appDetailsService.createOrUpdateAppInfo(appDetailsRequest);
 	}
 
@@ -80,7 +81,7 @@ public List<AppDetails> getAllAppInfo() {
 	@ApiResponses(value = {
 			@ApiResponse(responseCode = "200", description = "OK", content = @Content(schema = @Schema(implementation = AppServiceCatalog.class))) })
 	@PostMapping("/internal/catalog-service")
-	public AppServiceCatalog createCatalogService(@RequestBody AppServiceCatalogPojo appServiceCatalog) {
+	public AppServiceCatalog createCatalogService(@Valid @RequestBody AppServiceCatalogPojo appServiceCatalog) {
 		return appDetailsService.createCatalogService(appServiceCatalog);
 	}
 
@@ -105,7 +106,7 @@ public List<AppServiceCatalog> getAllCatalogService() {
 			@ApiResponse(responseCode = "200", description = "OK", content = @Content(schema = @Schema(implementation = AppServiceCatalogAndCustomerMapping.class))) })
 	@PostMapping("/internal/catalog-service-mapping")
 	public AppServiceCatalogAndCustomerMapping createCatalogServiceMapping(
-			@RequestBody AppServiceCatalogAndCustomerMappingPojo appServiceCatalogAndCustomerMapping) {
+			@Valid @RequestBody AppServiceCatalogAndCustomerMappingPojo appServiceCatalogAndCustomerMapping) {
 		return appDetailsService.createCatalogServiceMapping(appServiceCatalogAndCustomerMapping);
 	}
 

diff --git a/src/main/java/org/eclipse/tractusx/autosetup/model/AppDetailsRequest.java b/src/main/java/org/eclipse/tractusx/autosetup/model/AppDetailsRequest.java
@@ -20,31 +20,54 @@
 
 package org.eclipse.tractusx.autosetup.model;
 
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Pattern;
 import lombok.Data;
 
 @Data
 public class AppDetailsRequest {
 
+	@NotBlank(message = "AppName is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "AppName should not contains special characters")
 	private String appName;
 
+	@NotBlank(message = "ContextCluster is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "ContextCluster should not contains special characters")
 	private String contextCluster;
 
+	@NotBlank(message = "ContextNamespace is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "ContextNamespace should not contains special characters")
 	private String contextNamespace;
 
+	@NotBlank(message = "PackageIdentifier is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+", message = "PackageIdentifier should not contains special characters")
 	private String packageIdentifier;
 
+	@NotBlank(message = "PluginName is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+", message = "PluginName should not contains special characters")
 	private String pluginName;
 
+	@NotBlank(message = "PluginVersion is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+", message = "PluginVersion should not contains special characters")
 	private String pluginVersion;
 
+	@NotBlank(message = "PackageVersion is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+", message = "PackageVersion should not contains special characters")
 	private String packageVersion;
-
+
+	@NotBlank(message = "ExpectedInputData is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+", message = "ExpectedInputData should not contains special characters")
 	private String expectedInputData;
-
+
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "OutputData should not contains special characters")
 	private String outputData;
-
+
+	@NotBlank(message = "RequiredYamlConfiguration is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+", message = "RequiredYamlConfiguration should not contains special characters")
 	private String requiredYamlConfiguration;
-
+
+	@NotBlank(message = "YamlValueFieldType is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+", message = "YamlValueFieldType should not contains special characters")
 	private String yamlValueFieldType;
 
 }
diff --git a/...in/java/org/eclipse/tractusx/autosetup/model/AppServiceCatalogAndCustomerMappingPojo.java b/...in/java/org/eclipse/tractusx/autosetup/model/AppServiceCatalogAndCustomerMappingPojo.java
@@ -20,6 +20,9 @@
 
 package org.eclipse.tractusx.autosetup.model;
 
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Pattern;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
@@ -31,12 +34,19 @@
 @AllArgsConstructor
 public class AppServiceCatalogAndCustomerMappingPojo {
 
+	@NotBlank(message = "Customer is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "Customer should not contains special characters")
 	private String customer;
 
+	@NotBlank(message = "ServiceId is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "ServiceId should not contains special characters")
 	private String serviceId;
 
+	@Valid
 	private AppServiceCatalogPojo serviceCatalog;
 
+	@NotBlank(message = "CanonicalId is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "CanonicalId should not contains special characters")
 	private String canonicalId;
 
 }
diff --git a/src/main/java/org/eclipse/tractusx/autosetup/model/AppServiceCatalogPojo.java b/src/main/java/org/eclipse/tractusx/autosetup/model/AppServiceCatalogPojo.java
@@ -20,6 +20,8 @@
 
 package org.eclipse.tractusx.autosetup.model;
 
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Pattern;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
@@ -31,12 +33,20 @@
 @NoArgsConstructor
 public class AppServiceCatalogPojo {
 
+	@NotBlank(message = "CanonicalServiceId is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "CanonicalServiceId should not contains special characters")
 	private String canonicalServiceId;
 
+	@NotBlank(message = "Name is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "Name should not contains special characters")
 	private String name;
 
+	@NotBlank(message = "Workflow is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+", message = "Workflow should not contains special characters")
 	private String workflow;
 
+	@NotBlank(message = "ServiceTools is mandatory")
+	@Pattern(regexp = "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+", message = "ServiceTools should not contains special characters")
 	private String serviceTools;
 
 }