public CheckResult isSafe()

in saml-authentication-server/src/main/java/jetbrains/buildServer/web/SamlCsrfCheck.java [27:72]

• 34 lines of code
• 10 McCabe index (conditional complexity)

    public CheckResult isSafe(@NotNull HttpServletRequest request) {

        if (!scheme.isConfigured()) return UNKNOWN;

        try {
            if (!this.settingsStorage.load().isSamlCorsFilter()) {
                Loggers.AUTH.debug("SAML CORS filter is disabled by plugin configuration - skipping");
                return UNKNOWN;
            }

            Loggers.AUTH.debug("Evaluating SAML CORS filter conditions for " + request.getRequestURL());

            URL callbackUrl = scheme.getCallbackUrl();
            var requestURL = new URL(request.getRequestURL().toString());

            if (callbackUrl == null ) {
                Loggers.AUTH.debug("Callback URL is not set");
                return UNKNOWN;
            }

            if (!requestURL.toString().endsWith("/")) {
                requestURL = new URL(requestURL.toString() + "/");
            }

            if (!callbackUrl.toString().endsWith("/")) {
                callbackUrl = new URL(callbackUrl.toString() + "/");
            }

            if ("POST".equals(request.getMethod()) && callbackUrl.getPath().equals(requestURL.getPath())) {
                var parameter = request.getParameter(SamlPluginConstants.SAML_RESPONSE_REQUEST_PARAMETER);
                if (StringUtils.isEmpty(parameter)) {
                    LOG.debug("SAML CORS Check: " + SamlPluginConstants.SAML_RESPONSE_REQUEST_PARAMETER + " is not found in the request - responding with UNKNOWN result");
                    return UNKNOWN;
                }

                LOG.info(String.format("CSRF is marked safe via SAML callback target for %s", request.getRequestURL()));

                return CheckResult.safe();
            }

        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }

        return UNKNOWN;
    }