From 06b7efdf86bf7b22a7dceee2de722c3f5c84c692 Mon Sep 17 00:00:00 2001
From: RehanRaza <muhammad.rehan.raza@est.tech>
Date: Wed, 11 Mar 2020 16:24:21 +0100
Subject: [PATCH] Fix security vulnerability

Change-Id: I7e07370f8a3f5ae4f20f535f805c672c43047aa8
Issue-ID: NONRTRIC-141
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
---
 .../org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
index b86bbfe1..32646de4 100644
--- a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
+++ b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
@@ -41,7 +41,8 @@ public final class HttpsURLConnectionUtils {
 
     private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
 
-    private static final HostnameVerifier trivialHostnameVerifier = (hostname, sslSession) -> true;
+    private static final HostnameVerifier trivialHostnameVerifier =
+        (hostname, sslSession) -> hostname.equalsIgnoreCase(sslSession.getPeerHost());
 
     private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new X509TrustManager() {
         @SuppressWarnings("squid:S1168") // Must return null to get wanted behaviour.
-- 
2.16.6