[tomcat] 03/03: Refactor calls to getNonceCache() so only called when necessary.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d0971c3f0781b37c2f3b3e0092587c69dd4e6fbd
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 10 16:33:51 2022 +0100

    Refactor calls to getNonceCache() so only called when necessary.
---
 java/org/apache/catalina/filters/CsrfPreventionFilter.java | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java 
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index 26c0fe3a5c..cde762e76b 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -120,9 +120,10 @@ public class CsrfPreventionFilter extends 
CsrfPreventionFilterBase {
 
             HttpSession session = req.getSession(false);
 
-            NonceCache<String> nonceCache = getNonceCache(req, session);
+            boolean skipNonceCheck = skipNonceCheck(req);
+            NonceCache<String> nonceCache = null;
 
-            if (!skipNonceCheck(req)) {
+            if (!skipNonceCheck) {
                 String previousNonce = 
req.getParameter(nonceRequestParameterName);
 
                 if (previousNonce == null) {
@@ -135,7 +136,10 @@ public class CsrfPreventionFilter extends 
CsrfPreventionFilterBase {
 
                     res.sendError(getDenyStatus());
                     return;
-                } else if (nonceCache == null) {
+                }
+
+                nonceCache = getNonceCache(req, session);
+                if (nonceCache == null) {
                     if (log.isDebugEnabled()) {
                         log.debug("Rejecting request for " + 
getRequestedPath(req)
                                   + ", session "
@@ -163,6 +167,10 @@ public class CsrfPreventionFilter extends 
CsrfPreventionFilterBase {
             }
 
             if (!skipNonceGeneration(req)) {
+                if (skipNonceCheck) {
+                    // Didn't look up nonce cache earlier so look it up now.
+                    nonceCache = getNonceCache(req, session);
+                }
                 if (nonceCache == null) {
                     if (log.isDebugEnabled()) {
                         log.debug("Creating new CSRF nonce cache with size=" + 
nonceCacheSize + " for session " + (null == session ? "(will create)" : 
session.getId()));


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org