Merge "Fix security vulnerability"

author Henrik Andersson <henrik.b.andersson@est.tech>

Wed, 11 Mar 2020 15:52:00 +0000 (15:52 +0000)

committer Gerrit Code Review <gerrit@o-ran-sc.org>

Wed, 11 Mar 2020 15:52:00 +0000 (15:52 +0000)
author Henrik Andersson <henrik.b.andersson@est.tech>
Wed, 11 Mar 2020 15:52:00 +0000 (15:52 +0000)
committer Gerrit Code Review <gerrit@o-ran-sc.org>
Wed, 11 Mar 2020 15:52:00 +0000 (15:52 +0000)
diff --cc dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java

index 92c552f,32646de..a4fbcea
--- 1/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
--- 2/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
+++ b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
@@@ -42,12 -41,14 +42,13 @@@ public final class HttpsURLConnectionUt
   
       private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
   
-     private static final HostnameVerifier trivialHostnameVerifier = (hostname, sslSession) -> true;
+     private static final HostnameVerifier trivialHostnameVerifier =
+         (hostname, sslSession) -> hostname.equalsIgnoreCase(sslSession.getPeerHost());
   
       private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new X509TrustManager() {
- -        @SuppressWarnings("squid:S1168") // Must return null to get wanted behaviour.
           @Override
           public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- -            return null;
+ +            return new java.security.cert.X509Certificate[0];
           }
   
           @Override
author	Henrik Andersson <henrik.b.andersson@est.tech>
	Wed, 11 Mar 2020 15:52:00 +0000 (15:52 +0000)
committer	Gerrit Code Review <gerrit@o-ran-sc.org>
	Wed, 11 Mar 2020 15:52:00 +0000 (15:52 +0000)