From: RehanRaza <muhammad.rehan.raza@est.tech>
Date: Wed, 11 Mar 2020 15:24:21 +0000 (+0100)
Subject: Fix security vulnerability
X-Git-Tag: 2.0.0~125^2
X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=06b7efdf86bf7b22a7dceee2de722c3f5c84c692;p=nonrtric.git

Fix security vulnerability

Change-Id: I7e07370f8a3f5ae4f20f535f805c672c43047aa8
Issue-ID: NONRTRIC-141
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
---

diff --git a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
index b86bbfe1..32646de4 100644
--- a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
+++ b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
@@ -41,7 +41,8 @@ public final class HttpsURLConnectionUtils {
 
     private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
 
-    private static final HostnameVerifier trivialHostnameVerifier = (hostname, sslSession) -> true;
+    private static final HostnameVerifier trivialHostnameVerifier =
+        (hostname, sslSession) -> hostname.equalsIgnoreCase(sslSession.getPeerHost());
 
     private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new X509TrustManager() {
         @SuppressWarnings("squid:S1168") // Must return null to get wanted behaviour.