From 40a0551e4a0ab4d322269b0dc95978a2ed8eb3f9 Mon Sep 17 00:00:00 2001
From: Hank Fisher <fisherh@ucar.edu>
Date: Thu, 27 Jun 2024 10:59:09 -0600
Subject: [PATCH] 	Fixed vulnerabilities

---
 java/edu/ucar/metviewer/MVServlet.java | 44 ++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 7 deletions(-)

diff --git a/java/edu/ucar/metviewer/MVServlet.java b/java/edu/ucar/metviewer/MVServlet.java
index 42ad54a5..4e2cb995 100644
--- a/java/edu/ucar/metviewer/MVServlet.java
+++ b/java/edu/ucar/metviewer/MVServlet.java
@@ -1326,12 +1326,19 @@ else if (nodeCall.tag.equalsIgnoreCase("db_con")) {
 
           //  <list_val>
           else if (nodeCall.tag.equalsIgnoreCase("list_val")) {
-            strResp.append(handleListVal(nodeCall, requestBody.toString(), currentDbName));
+            try { 
+              strResp.append(handleListVal(nodeCall, requestBody.toString(), currentDbName));
+            } catch (ValidationException e) {
+              logger.info(e.getMessage()); 
           }
 
           //  <list_stat>
           else if (nodeCall.tag.equalsIgnoreCase("list_stat")) {
-            strResp.append(handleListStat(nodeCall, requestBody.toString(), currentDbName));
+            try {
+              strResp.append(handleListStat(nodeCall, requestBody.toString(), currentDbName));
+            } catch (ParserConfigurationException e) {
+              logger.error( e.getMessage());
+            }
           }
           //  <list_val_clear_cache>
           try {
@@ -1340,30 +1347,48 @@ else if (nodeCall.tag.equalsIgnoreCase("list_stat")) {
             logger.info(e.getMessage());
           }
           else if (isClearCache) {
-
+            try {
             strResp.append(handleClearListValCache());
+            } catch (ParserConfigurationException e) {
+              logger.error( e.getMessage());
+            }
           }
 
           //  <list_val_cache_keys>
           else if (nodeCall.tag.equalsIgnoreCase("list_val_cache_keys")) {
-
+            try {
             strResp.append(handleListValCacheKeys());
+            } catch (ParserConfigurationException e) {
+              logger.error( e.getMessage());
+            }
           }
 
           //  <list_stat_clear_cache>
           else if (nodeCall.tag.equalsIgnoreCase("list_stat_clear_cache")) {
-
+            try {
             strResp.append(handleClearListStatCache());
+            } catch (ParserConfigurationException e) {
+              logger.error( e.getMessage());
+            }
           }
 
           //  <list_stat_cache_keys>
           else if (nodeCall.tag.equalsIgnoreCase("list_stat_cache_keys")) {
+            try {
             strResp.append(handleListStatCacheKeys());
+            } catch (ParserConfigurationException e) {
+              logger.error( e.getMessage());
+            }
           }
 
           //  <plot>
           else if (nodeCall.tag.equalsIgnoreCase("plot")) {
+            try {
             strResp.append(handlePlot(requestBody.toString(), currentDbName));
+            } catch (ParserConfigurationException | DatabaseException | ValidationException | IOException | SAXException e) {
+              logger.error( e.getMessage());
+            }
+
           }
 
 
@@ -1382,7 +1407,11 @@ else if (nodeCall.tag.equalsIgnoreCase("xml_upload")) {
 
           } else if (nodeCall.tag.equalsIgnoreCase("history")) {
             String isShowAll = nodeCall.children[0].value;
-            strResp.append(getAvailableResults(isShowAll));
+            try {
+              strResp.append(getAvailableResults(isShowAll));
+            } catch (ParserConfigurationException e) {
+              logger.error( e.getMessage());
+            }
 
           }
 
@@ -1405,7 +1434,8 @@ else if (nodeCall.tag.equalsIgnoreCase("xml_upload")) {
         response.setContentType("application/xml;charset=UTF-8");
         try (PrintWriter printWriter = response.getWriter()) {
           printWriter.append(strResp);
-        }
+        } catch (IOException e) {
+          logger.info( e.getMessage());
       }