DDF-3606 Prevents low-risk XSS reflection attack from a remote SP by …

…validating RelayState. (#2940) (cherry picked from commit dce113c)
codice · Feb 7, 2018 · 83e64ca · 83e64ca
1 parent 99fb6e6
commit 83e64ca
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/...-idp-server/src/main/java/org/codice/ddf/security/idp/binding/api/impl/ValidatorImpl.java b/...-idp-server/src/main/java/org/codice/ddf/security/idp/binding/api/impl/ValidatorImpl.java
@@ -101,6 +101,10 @@ public void validateRelayState(String relayState) {
     if (relayState != null && relayState.length() > 80) {
       LOGGER.warn("RelayState has invalid size: {}", relayState.length());
     }
+
+    if (relayState != null && (relayState.contains("<") || relayState.contains(">"))) {
+      throw new IllegalArgumentException("RelayState cannot contain '<' or '>'");
+    }
   }
 
   protected void checkDestination(AuthnRequest authnRequest) throws ValidationException {