diff --git a/matchmaking/src/main/java/org/eclipse/tractusx/agents/AgentConfig.java b/matchmaking/src/main/java/org/eclipse/tractusx/agents/AgentConfig.java
index f58ecf3..ab191ec 100644
--- a/matchmaking/src/main/java/org/eclipse/tractusx/agents/AgentConfig.java
+++ b/matchmaking/src/main/java/org/eclipse/tractusx/agents/AgentConfig.java
@@ -93,6 +93,11 @@ public class AgentConfig {
public static final String SERVICE_DENY_ASSET_PROPERTY = "cx.agent.service.asset.deny";
public static final String DEFAULT_SERVICE_DENY_ASSET_PATTERN = "^$";
+ public static final String SERVICE_ALLOW_CONNECTOR_PROPERTY = "cx.agent.service.connector.allow";
+ public static final String DEFAULT_SERVICE_ALLOW_CONNECTOR_PATTERN = "https://.*";
+ public static final String SERVICE_DENY_CONNECTOR_PROPERTY = "cx.agent.service.connector.deny";
+ public static final String DEFAULT_SERVICE_DENY_CONNECTOR_PATTERN = "^$";
+
public static final String MATCHMAKING_PORT = "web.http.internal.port";
public static final String MATCHMAKING_PATH = "web.http.internal.path";
@@ -110,6 +115,11 @@ public class AgentConfig {
protected final Pattern serviceAssetAllowPattern;
protected final Pattern serviceAssetDenyPattern;
protected final Pattern assetReferencePattern;
+ protected final Pattern connectorAllowPattern;
+ protected final Pattern connectorDenyPattern;
+
+ public static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?(?!asset$)[^&?=]+)$");
+ public static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^(?[^&]+)$");
/**
* references to EDC services
@@ -130,6 +140,8 @@ public AgentConfig(Monitor monitor, Config config) {
serviceDenyPattern = Pattern.compile(config.getString(SERVICE_DENY_PROPERTY, DEFAULT_SERVICE_DENY_PATTERN));
serviceAssetAllowPattern = Pattern.compile(config.getString(SERVICE_ALLOW_ASSET_PROPERTY, DEFAULT_SERVICE_ALLOW_ASSET_PATTERN));
serviceAssetDenyPattern = Pattern.compile(config.getString(SERVICE_DENY_ASSET_PROPERTY, DEFAULT_SERVICE_DENY_ASSET_PATTERN));
+ connectorAllowPattern = Pattern.compile(config.getString(SERVICE_ALLOW_CONNECTOR_PROPERTY, DEFAULT_SERVICE_ALLOW_CONNECTOR_PATTERN));
+ connectorDenyPattern = Pattern.compile(config.getString(SERVICE_DENY_CONNECTOR_PROPERTY, DEFAULT_SERVICE_DENY_CONNECTOR_PATTERN));
assetReferencePattern = Pattern.compile("((?[^#]+)#)?(?.+)");
}
@@ -183,7 +195,11 @@ public String getAccessPoint() {
* @return uri of the control plane management endpoint (without concrete api)
*/
public String getControlPlaneManagementUrl() {
- return config.getString(CONTROL_PLANE_MANAGEMENT, null);
+ String url = config.getString(CONTROL_PLANE_MANAGEMENT, null);
+ if (url != null && connectorAllowPattern.matcher(url).matches() && !connectorDenyPattern.matcher(url).matches()) {
+ return url;
+ }
+ return null;
}
/**
@@ -192,7 +208,11 @@ public String getControlPlaneManagementUrl() {
* @return uri of the control plane management endpoint (without concrete api)
*/
public String getControlPlaneManagementProviderUrl() {
- return config.getString(CONTROL_PLANE_MANAGEMENT_PROVIDER, config.getString(CONTROL_PLANE_MANAGEMENT, null));
+ String url = config.getString(CONTROL_PLANE_MANAGEMENT_PROVIDER, config.getString(CONTROL_PLANE_MANAGEMENT, null));
+ if (url != null && connectorAllowPattern.matcher(url).matches() && !connectorDenyPattern.matcher(url).matches()) {
+ return url;
+ }
+ return null;
}
/**
@@ -201,7 +221,11 @@ public String getControlPlaneManagementProviderUrl() {
* @return uri of the control plane ids endpoint (without concrete api)
*/
public String getControlPlaneIdsUrl() {
- return config.getString(CONTROL_PLANE_IDS, null);
+ String url = config.getString(CONTROL_PLANE_IDS, null);
+ if (url != null && connectorAllowPattern.matcher(url).matches() && !connectorDenyPattern.matcher(url).matches()) {
+ return url;
+ }
+ return null;
}
/**
@@ -212,7 +236,7 @@ public String getControlPlaneIdsUrl() {
public Map getControlPlaneManagementHeaders() {
String key = config.getString(CONTROL_PLANE_AUTH_HEADER, "X-Api-Key");
String value = config.getString(CONTROL_PLANE_AUTH_VALUE, null);
- if (key != null && value != null) {
+ if (key != null && PARAMETER_KEY_ALLOW.matcher(key).matches() && value != null && PARAMETER_VALUE_ALLOW.matcher(value).matches()) {
return Map.of(key, value);
}
return Map.of();
diff --git a/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java b/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java
index b02fb2e..f7a7313 100644
--- a/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java
+++ b/matchmaking/src/main/java/org/eclipse/tractusx/agents/http/DelegationServiceImpl.java
@@ -185,8 +185,7 @@ public DelegationResponse sendPostRequest(EndpointDataReference dataReference, S
return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build());
}
- protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?(?!asset$)[^&?=]+)$");
- protected static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^(?[^&]+)$");
+
/**
* computes the url to target the given data plane
@@ -211,11 +210,11 @@ protected HttpUrl getUrl(String connectorUrl, String subUrl, HttpHeaders headers
HttpUrl.Builder httpBuilder = Objects.requireNonNull(okhttp3.HttpUrl.parse(url)).newBuilder();
for (Map.Entry> param : uri.getQueryParameters().entrySet()) {
String key = param.getKey();
- Matcher keyMatcher = PARAMETER_KEY_ALLOW.matcher(key);
+ Matcher keyMatcher = AgentConfig.PARAMETER_KEY_ALLOW.matcher(key);
if (keyMatcher.matches()) {
String recodeKey = HttpUtils.urlEncodeParameter(keyMatcher.group("param"));
for (String value : param.getValue()) {
- Matcher valueMatcher = PARAMETER_VALUE_ALLOW.matcher(value);
+ Matcher valueMatcher = AgentConfig.PARAMETER_VALUE_ALLOW.matcher(value);
if (valueMatcher.matches()) {
String recodeValue = HttpUtils.urlEncodeParameter(valueMatcher.group("value"));
httpBuilder = httpBuilder.addQueryParameter(recodeKey, recodeValue);