From: aribeiro Date: Fri, 23 Jul 2021 14:10:54 +0000 (+0100) Subject: fix security vulnerability X-Git-Tag: 1.9.1~64 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=89fe88168e2a1284e2e2b2601de4c65decd8f988;p=sdc.git fix security vulnerability Issue-ID: SDC-3607 Signed-off-by: aribeiro Change-Id: I935898fcf1ae74dc8f162153ff2cf4744b8f2f99 --- diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java index 64b8cb1e69..6378b996cf 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java @@ -37,6 +37,7 @@ import org.onap.sdc.security.AuthenticationCookie; import org.onap.sdc.security.RepresentationUtils; import org.openecomp.sdc.common.impl.MutableHttpServletRequest; import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.common.util.ValidationUtils; import org.openecomp.sdc.fe.Constants; import org.openecomp.sdc.fe.config.Configuration; import org.openecomp.sdc.fe.config.ConfigurationManager; @@ -242,12 +243,12 @@ public class PortalServlet extends HttpServlet { * @param request * @param headers */ - private void addCookies(HttpServletResponse response, HttpServletRequest request, String[] headers) { - for (int i = 0; i < headers.length; i++) { - String currHeader = headers[i]; - String headerValue = request.getHeader(currHeader); + private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) { + for (var i = 0; i < headers.length; i++) { + final var currHeader = ValidationUtils.sanitizeInputString(headers[i]); + final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader)); if (headerValue != null) { - final Cookie cookie = new Cookie(currHeader, headerValue); + final var cookie = new Cookie(currHeader, headerValue); cookie.setSecure(true); response.addCookie(cookie); }