From 8851e73cb349f7aca9aee1b52f80aa5659823802 Mon Sep 17 00:00:00 2001
From: Suman Das <59254445+sumandas0@users.noreply.github.com>
Date: Fri, 29 Mar 2024 13:37:08 +0530
Subject: [PATCH] feat: improve API whitelisting by adding more into the
 picture

---
 .../atlas/web/filters/ActiveServerFilter.java     | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/ActiveServerFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/ActiveServerFilter.java
index c3353f19c4..cedf9c201a 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/ActiveServerFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/ActiveServerFilter.java
@@ -57,6 +57,9 @@ public class ActiveServerFilter implements Filter {
     private static final Logger LOG = LoggerFactory.getLogger(ActiveServerFilter.class);
     private static final String MIGRATION_STATUS_STATIC_PAGE = "migration-status.html";
 
+    private static final String[] WHITELISTED_APIS_SIGNATURE = {"search", "lineage", "auditSearch", "accessors"
+        , "evaluator"};
+
     private final ActiveInstanceState activeInstanceState;
     private ServiceState serviceState;
 
@@ -88,8 +91,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
             // Block all the POST, PUT, DELETE operations
             HttpServletRequest request = (HttpServletRequest) servletRequest;
             HttpServletResponse response = (HttpServletResponse) servletResponse;
-            if (isBlockedMethod(request.getMethod()) && !request.getRequestURI().contains("search") &&
-                    !request.getRequestURI().contains("lineage")) {
+            if (isBlockedMethod(request.getMethod()) && !isWhitelistedAPI(request.getRequestURI())) {
                 LOG.error("Maintenance mode enabled. Blocking request: {}", request.getRequestURI());
                 sendMaintenanceModeResponse(response);
                 return; // Stop further processing
@@ -148,6 +150,15 @@ private boolean isFilteredURI(ServletRequest servletRequest) {
         }
     }
 
+    private boolean isWhitelistedAPI(String requestURI) {
+        for (String api : WHITELISTED_APIS_SIGNATURE) {
+            if (requestURI.contains(api)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     private void sendMaintenanceModeResponse(HttpServletResponse response) throws IOException {
         response.setStatus(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
         response.setContentType("application/json");