[cometvisu] Security fixes & cleanup for cometvisu backend (#2671)

add required authentication for some rest endpoints, add some sanity
checks to improve security.

Remove code that has been marked as deprecated.

---------

Signed-off-by: Tobias Bräutigam <[email protected]>

Author: peuter

bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/ManagerSettings.java

@@ -109,16 +109,18 @@ private void refreshMounts() {
         for (final String target : Config.mountPoints.keySet()) {
             if (!target.contains("..") && !"demo".equalsIgnoreCase(target)) {
                 String value = (String) Config.mountPoints.get(target);
-                String[] parts = value.split(":");
-                String source = parts[0];
-                if (!source.contains("..") || (allowLookup && lookupMount.matcher(source).find())) {
-                    boolean writeable = parts.length > 1 && parts[1].contains("w");
-                    boolean showSubDirs = parts.length > 1 && parts[1].contains("s");
-                    if (source.startsWith(File.separator)) {
-                        source = source.substring(1);
+                if (value != null) {
+                    String[] parts = value.split(":");
+                    String source = parts[0];
+                    if (!source.contains("..") || (allowLookup && lookupMount.matcher(source).find())) {
+                        boolean writeable = parts.length > 1 && parts[1].contains("w");
+                        boolean showSubDirs = parts.length > 1 && parts[1].contains("s");
+                        if (source.startsWith(File.separator)) {
+                            source = source.substring(1);
+                        }
+                        MountPoint mount = new MountPoint(Paths.get(target), Paths.get(source), showSubDirs, writeable);
+                        mounts.add(mount);
                     }
-                    MountPoint mount = new MountPoint(Paths.get(target), Paths.get(source), showSubDirs, writeable);
-                    mounts.add(mount);
                 }
             }
         }

bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/StateBeanMessageBodyWriter.java

@@ -12,6 +12,7 @@
  */
 package org.openhab.ui.cometvisu.internal.backend.model.rest;
 
+import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.openhab.core.OpenHAB;
 
 /**
@@ -21,16 +22,18 @@
  * @author Tobias Bräutigam - Initial contribution
  *
  */
+@NonNullByDefault
 public class RestBackendEnvironmentState {
     // as we are just simulating we use a fixed version here to tell that we are compatible
     public int PHP_VERSION_ID = 80100;
     public String phpversion = "8.1.0";
 
-    public String SERVER_SIGNATURE;
-    public String SERVER_SOFTWARE;
+    public String SERVER_SIGNATURE = "";
+    public String SERVER_SOFTWARE = "";
     public String required_php_version = ">=7.4";
 
     // openHAB specific values
     public boolean isOpenHab = true;
+    public boolean requiresAuth = true;
     public String server_release = "openHAB " + OpenHAB.getVersion();
 }