X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-os%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Ffilter%2FSecurityXssValidator.java;h=cc4ba85f9389d6c99db674622230c14a4f275342;hb=8bef43390ca9a80088fcdd8a7dbef6d001c12452;hp=c203f1f0d0b4bdb2a2e7f03d287d95854cce1e85;hpb=24608a9e1450c409dc3870440d29e91cc3a26bb9;p=portal.git diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java index c203f1f0..cc4ba85f 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java @@ -51,8 +51,8 @@ import org.onap.portalsdk.core.util.SystemProperties; import org.owasp.esapi.ESAPI; import org.owasp.esapi.codecs.Codec; import org.owasp.esapi.codecs.MySQLCodec; -import org.owasp.esapi.codecs.MySQLCodec.Mode; import org.owasp.esapi.codecs.OracleCodec; +import org.owasp.esapi.codecs.MySQLCodec.Mode; public class SecurityXssValidator { @@ -155,18 +155,26 @@ public class SecurityXssValidator { Boolean flag = Boolean.FALSE; try { if (StringUtils.isNotBlank(value)) { + if (value.contains("×eclgn")) + { + logger.info(EELFLoggerDelegate.applicationLogger, "denyXSS() replacing ×eclgn with empty string for request value : " + value); + value=value.replaceAll("×eclgn", ""); + } + while(value.contains("%25")) { + value = value.replaceAll("%25", "%"); + } value = ESAPI.encoder().canonicalize(value); for (Pattern xssInputPattern : XSS_INPUT_PATTERNS) { if (xssInputPattern.matcher(value).matches()) { flag = Boolean.TRUE; break; } - } } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed for request with value : " + e.getMessage()); + logger.debug(EELFLoggerDelegate.debugLogger, "denyXSS() failed for request with value : " + value, e); } return flag;