BuildEdgeIndexServlet XSRF

Type atlassian
Reporter danh
Modified 2017-04-02T05:39:46


The {{BuildEdgeIndexServlet}} is responsible for rebuilding the edge index. As this is a servlet and not a Webwork action, XSRF checks must be implemented programmatically. The Servlet does not currently implement any XSRF token checks, meaning the edge index can be forced to be rebuilt when attacked.

The information at should be used to programmatically check the {{doPost}} method for the required token.

{|borderStyle=solid} public class BuildEdgeIndexServlet extends HttpServlet { ... protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { if (!permissionManager.hasPermission(AuthenticatedUserThreadLocal.getUser(), Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION)) resp.sendError(403, "Insufficient privileges."); try {; } catch (Exception e) { resp.sendError(500, "Error rebuilding edge index: " + e.getMessage()); } resp.getWriter().append("Build index completed successfully"); } {code}