Summary Table

Categories Total Count
PII 0
URL 0
DNS 0
EKL 0
IP 0
PORT 0
VsID 0
CF 0
AI 0
VPD 0
PL 0
Other 0

File Content

/*
* XssFilter.java
* Copyright (c) 2018 Veterans Affairs.
*/
package gov.va.security.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

/**
* Description: This filter is used to mitigate any cross site vulnerability
* passed in.
*
* @author AbleVets
*/
@Component
@Order(1)
public class XssFilter implements Filter
{

private static final Logger logger = LoggerFactory.getLogger(XssFilter.class);

/**
* {@inheritDoc}
*/
@Override
public void init(final FilterConfig filterConfig) throws ServletException
{
logger.info("Initializing XSS filter :{}", this);
}

/**
* {@inheritDoc}
*/
@Override
public void doFilter(final ServletRequest request, final ServletResponse response,
final FilterChain chain) throws IOException, ServletException
{
HttpServletRequest req = (HttpServletRequest) request;

logger.info("Starting XSS Analysis for req");
chain.doFilter(new XssRequestWrapper(req),
new XssSecurityWrapperResponse((HttpServletResponse) response));
}

/**
* {@inheritDoc}
*/
@Override
public void destroy()
{
logger.warn("Destructing XSS filter :{}", this);
}
}