Code Review / integration / simulators / pnf-simulator.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 833b1a0) | patch
Fix security vulnerable 26/106326/1
authorBogumil Zebek <bogumil.zebek@nokia.com>
Tue, 21 Apr 2020 09:24:14 +0000 (11:24 +0200)
committerZebek Bogumil <bogumil.zebek@nokia.com>
Tue, 21 Apr 2020 09:24:14 +0000 (11:24 +0200)
commit7fc63309a08cfee169c4643b108aa2a8f41d692b
treeba5fb35bdde2088c60547fc878cfaafb339139a5tree | snapshot
parent833b1a0f2f768efe73be794d0685a766609970fdcommit | diff
Fix security vulnerable

User provided data, such as URL parameters, POST data payloads or cookies, should always be considered untrusted and tainted. Applications logging tainted data could enable an attacker to inject characters that would break the log file pattern. This could be used to block monitors and SIEM (Security Information and Event Management) systems from detecting other malicious events.

This problem could be mitigated by sanitizing the user provided data before logging it.

Issue-ID: INT-1517
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Change-Id: Ifc4cd24daba49c3fe2e41a5709a87d5cf3daa642
pnfsimulator/src/main/java/org/onap/pnfsimulator/rest/SimulatorController.java diff | blob | history
"integration_simulators_pnf_simulator"