Skip to content

Commit 461db91

Browse files
AngledLuffaAngledLuffa
committed
Only allow the contextRoot to process annotations. Should make it so the server no longer appears to have a WordPress blog for the automated security checks
1 parent cfa4349 commit 461db91

File tree

1 file changed

+14
-2
lines changed

1 file changed

+14
-2
lines changed

src/edu/stanford/nlp/pipeline/StanfordCoreNLPServer.java

+14-2
Original file line numberDiff line numberDiff line change
@@ -910,17 +910,21 @@ protected class CoreNLPHandler implements HttpHandler {
910910

911911
private final FileHandler homepage;
912912

913+
private final String contextRoot;
914+
913915
/**
914916
* Create a handler for accepting annotation requests.
915917
* @param props The properties file to use as the default if none were sent by the client.
916918
*/
917919
public CoreNLPHandler(Properties props, Predicate<Properties> authenticator,
918920
Consumer<FinishedRequest> callback,
919-
FileHandler homepage) {
921+
FileHandler homepage,
922+
String contextRoot) {
920923
this.defaultProps = props;
921924
this.callback = callback;
922925
this.authenticator = authenticator;
923926
this.homepage = homepage;
927+
this.contextRoot = contextRoot;
924928
}
925929

926930
/**
@@ -961,6 +965,14 @@ public void handle(HttpExchange httpExchange) throws IOException {
961965
}
962966
setHttpExchangeResponseHeaders(httpExchange);
963967

968+
if (!this.contextRoot.equals(httpExchange.getRequestURI().getRawPath())) {
969+
String response = "URI " + httpExchange.getRequestURI().getRawPath() + " not handled";
970+
httpExchange.getResponseHeaders().add("Content-type", "text/plain");
971+
httpExchange.sendResponseHeaders(HTTP_NOT_FOUND, response.length());
972+
httpExchange.getResponseBody().write(response.getBytes());
973+
httpExchange.close();
974+
return;
975+
}
964976
// Get sentence.
965977
Properties props;
966978
Annotation ann;
@@ -1739,7 +1751,7 @@ public void run(Optional<Pair<String,String>> basicAuth,
17391751
if (contextRoot.isEmpty()) {
17401752
contextRoot = "/";
17411753
}
1742-
withAuth(server.createContext(contextRoot, new CoreNLPHandler(defaultProps, authenticator, callback, homepage)), basicAuth);
1754+
withAuth(server.createContext(contextRoot, new CoreNLPHandler(defaultProps, authenticator, callback, homepage, contextRoot)), basicAuth);
17431755
withAuth(server.createContext(uriContext+"/tokensregex", new TokensRegexHandler(authenticator, callback)), basicAuth);
17441756
withAuth(server.createContext(uriContext+"/semgrex", new SemgrexHandler(authenticator, callback)), basicAuth);
17451757
withAuth(server.createContext(uriContext+"/tregex", new TregexHandler(authenticator, callback)), basicAuth);

0 commit comments

Comments
 (0)