Fix security vulnerability

Change-Id: I7e07370f8a3f5ae4f20f535f805c672c43047aa8
Issue-ID: NONRTRIC-141
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>

diff --git a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
index b86bbfe..32646de 100644 (file)
--- a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
+++ b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
@@ -41,7 +41,8 @@ public final class HttpsURLConnectionUtils {
 
     private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
 
-    private static final HostnameVerifier trivialHostnameVerifier = (hostname, sslSession) -> true;
+    private static final HostnameVerifier trivialHostnameVerifier =
+        (hostname, sslSession) -> hostname.equalsIgnoreCase(sslSession.getPeerHost());
 
     private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new X509TrustManager() {
         @SuppressWarnings("squid:S1168") // Must return null to get wanted behaviour.