Harden code

author robertlo <wl849v@att.com>

Mon, 8 Jan 2018 22:08:00 +0000 (17:08 -0500)

committer robertlo <wl849v@att.com>

Mon, 8 Jan 2018 22:08:00 +0000 (17:08 -0500)
author robertlo <wl849v@att.com>
Mon, 8 Jan 2018 22:08:00 +0000 (17:08 -0500)
committer robertlo <wl849v@att.com>
Mon, 8 Jan 2018 22:08:00 +0000 (17:08 -0500)
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/jsp/webrtc/collaboration.jsp b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/jsp/webrtc/collaboration.jsp

index f392ed5..42b7d9b 100644 (file)
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/jsp/webrtc/collaboration.jsp
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/jsp/webrtc/collaboration.jsp
@@ -477,12 +477,6 @@
                           <input type="text" id="chat-input" style="font-size: 1.2em;visibility:collapse;" placeholder="type here.."/>
                           <div id="chat-output"></div>
                      </td>
-                    <!-- 
-                    <td style="background: white;">
-                        <input type="file" id="file">
-                        <div id="file-progress"></div>
-                    </td>
-                     -->
                  </tr>
              </tbody>
      </table>
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/collaboration.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/collaboration.html

index cca54a6..f2bd0bc 100644 (file)
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/collaboration.html
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/collaboration.html
@@ -149,12 +149,6 @@
                           <input type="text" id="chat-input" style="font-size: 1.2em;visibility:collapse;" placeholder="type here.."/>
                           <div id="chat-output"></div>
                      </td>
-                    <!-- 
-                    <td style="background: white;">
-                        <input type="file" id="file">
-                        <div id="file-progress"></div>
-                    </td>
-                     -->
                  </tr>
              </tbody>
      </table>
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/view-models/reportdashboard-page/src/components/directives/dashboard/WidgetSettingsRaptorReportCtrl.js b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/view-models/reportdashboard-page/src/components/directives/dashboard/WidgetSettingsRaptorReportCtrl.js

index fd6a0b0..4aabe3a 100644 (file)
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/view-models/reportdashboard-page/src/components/directives/dashboard/WidgetSettingsRaptorReportCtrl.js
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/view-models/reportdashboard-page/src/components/directives/dashboard/WidgetSettingsRaptorReportCtrl.js
@@ -173,8 +173,9 @@ angular.module('ui.dashboard')
                                                 function(response) {
                                                         console.log(response.data);
                                                         $scope.showChart =  true;
-                                                       document.getElementById('chartiframe').contentWindow.document.write(response.data);
-                                                       document.getElementById('chartiframe').contentWindow.document.close();
+                                var chartiframe = document.getElementById('chartiframe');
+                                chartiframe.contentWindow.document.write(response.data);
+                                chartiframe.contentWindow.document.close();
                                                 });
                         } else {
                                                         $scope.showChart =  false;
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java

index a6b98fd..1c32ad8 100644 (file)
--- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java
@@ -102,7 +102,6 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
                                                 // "/context/single_signon.htm"
                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix
                                                                 + "redirectToPortal=Yes&" + forwardUrlParm;
-                                               validateDomain(redirectUrl);
                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: session is expired, redirecting to {}",
                                                                 redirectUrl);
                                                 response.sendRedirect(redirectUrl);
@@ -112,7 +111,6 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
                                                 // Redirect to an absolute path in the webapp; e.g.,
                                                 // "/context/single_signon.htm"
                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix + forwardUrlParm;
-                                               validateDomain(redirectUrl);
                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: took exception {}, redirecting to {}",
                                                                 ex.getMessage(), redirectUrl);
                                                 response.sendRedirect(redirectUrl);
@@ -125,7 +123,7 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
                 return super.preHandle(request, response, handler);
         }
  
-       private void validateDomain(final String redirectUrl) throws MalformedURLException {
+       public void validateDomain(final String redirectUrl) throws MalformedURLException {
                 if (StringUtils.isNotBlank(redirectUrl)) {
                         String hostName = new URL(redirectUrl).getHost();
                         if (StringUtils.isNotBlank(hostName)
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java

index 1303aad..2ceb8e7 100644 (file)
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
@@ -61,6 +61,7 @@ import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
  import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
  import org.onap.portalsdk.core.restful.domain.EcompRole;
  import org.onap.portalsdk.core.restful.domain.EcompUser;
+import org.owasp.esapi.ESAPI;
  
  import com.fasterxml.jackson.core.JsonProcessingException;
  import com.fasterxml.jackson.core.type.TypeReference;
@@ -305,12 +306,12 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
                                 }
                         } else {
                                 String msg = "doPost: no match for request " + requestUri;
-                               logger.warn(msg);
+                               logger.warn( ESAPI.encoder().encodeForHTML(msg));
                                 responseJson = buildJsonResponse(false, msg);
                                 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
                         }
                 } catch (Exception ex) {
-                       logger.error("doPost: Failed to process request " + requestUri, ex);
+                       logger.error("doPost: Failed to process request " + ESAPI.encoder().encodeForHTML(requestUri), ex);
                         response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                         responseJson = buildJsonResponse(ex);
                 }
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java

index 2d491cf..c177695 100644 (file)
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java
@@ -45,6 +45,7 @@ import javax.servlet.http.HttpServletResponse;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
+import org.owasp.esapi.ESAPI;
  
  public class SSOUtil {
  
@@ -69,7 +70,7 @@ public class SSOUtil {
                 try {
                         encodedAppURL = URLEncoder.encode(appURL, "UTF-8");
                 } catch (UnsupportedEncodingException ex) {
-                       logger.error("getECOMPSSORedirectURL: Failed to encode app URL " + appURL, ex);
+                       logger.error("getECOMPSSORedirectURL: Failed to encode app URL " + ESAPI.encoder().encodeForHTML(appURL), ex);
                 }
                 String portalURL = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
                 if (portalURL == null || portalURL.length() == 0) {
diff --git a/ecomp-sdk/epsdk-workflow/src/main/java/org/onap/portalsdk/workflow/controllers/WorkflowController.java b/ecomp-sdk/epsdk-workflow/src/main/java/org/onap/portalsdk/workflow/controllers/WorkflowController.java

index b4ceb6f..8df42ed 100644 (file)
--- a/ecomp-sdk/epsdk-workflow/src/main/java/org/onap/portalsdk/workflow/controllers/WorkflowController.java
+++ b/ecomp-sdk/epsdk-workflow/src/main/java/org/onap/portalsdk/workflow/controllers/WorkflowController.java
@@ -103,7 +103,7 @@ public class WorkflowController extends RestrictedBaseController {
                         response.setCharacterEncoding("UTF-8");
                         request.setCharacterEncoding("UTF-8");
                         PrintWriter out = response.getWriter();
-                       out.write("An error occurred while removing Role  in the toggleRole()");
+                       out.write("An error occurred while saving the CronJob : saveCronJob()");
                 }
  
         }
author	robertlo <wl849v@att.com>
	Mon, 8 Jan 2018 22:08:00 +0000 (17:08 -0500)
committer	robertlo <wl849v@att.com>
	Mon, 8 Jan 2018 22:08:00 +0000 (17:08 -0500)
ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/jsp/webrtc/collaboration.jsp		patch \| blob \| history
ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/collaboration.html		patch \| blob \| history
ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/view-models/reportdashboard-page/src/components/directives/dashboard/WidgetSettingsRaptorReportCtrl.js		patch \| blob \| history
ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java		patch \| blob \| history
ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java		patch \| blob \| history
ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java		patch \| blob \| history
ecomp-sdk/epsdk-workflow/src/main/java/org/onap/portalsdk/workflow/controllers/WorkflowController.java		patch \| blob \| history