Krzysztof Opasiak [Wed, 10 Jul 2019 17:59:13 +0000 (19:59 +0200)]
Revert "Fix sql injection vulnerability"
This reverts commit
941133a42bad6a1d73c63913a950d1e4bc814fde.
This is required because this commit breaks the portal unit test due
to some other changes that happen between verify job and merge of that commit.
Issue-ID: OJSI-174
Change-Id: Ieb53f8ba23e2b1b05c67ec4d7d51c6d5107cfb87
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Sunder Tattavarada [Wed, 10 Jul 2019 15:30:16 +0000 (15:30 +0000)]
Merge "LanguageServiceImpl logging vulnerability fix"
Sunder Tattavarada [Wed, 10 Jul 2019 15:27:08 +0000 (15:27 +0000)]
Merge "EPAppServiceImpl class fix."
Manoop Talasila [Tue, 9 Jul 2019 15:29:40 +0000 (15:29 +0000)]
Merge "SharedContext class DB constraints"
Manoop Talasila [Tue, 9 Jul 2019 15:29:29 +0000 (15:29 +0000)]
Merge "FunctionalMenuRole class DB constraints"
Manoop Talasila [Tue, 9 Jul 2019 15:29:19 +0000 (15:29 +0000)]
Merge "PortalAdmin class DB constraints"
Manoop Talasila [Tue, 9 Jul 2019 15:29:07 +0000 (15:29 +0000)]
Merge "FavoritesFunctionalMenuItemJson class DB constraints"
Manoop Talasila [Tue, 9 Jul 2019 15:28:35 +0000 (15:28 +0000)]
Merge "EpNotificationItem class DB constraints"
Manoop Talasila [Tue, 9 Jul 2019 15:28:20 +0000 (15:28 +0000)]
Merge "EpRoleNotificationItem class DB constraints"
Manoop Talasila [Tue, 9 Jul 2019 15:27:48 +0000 (15:27 +0000)]
Merge "ExtractJar sonar issues fix"
Manoop Talasila [Tue, 9 Jul 2019 15:24:10 +0000 (15:24 +0000)]
Merge "CommonWidget class DB constraints"
Sunder Tattavarada [Tue, 9 Jul 2019 14:48:26 +0000 (14:48 +0000)]
Merge "XSS Vulnerability fix in PortalAdminController"
Sunder Tattavarada [Mon, 8 Jul 2019 19:28:28 +0000 (19:28 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Mon, 8 Jul 2019 19:28:02 +0000 (19:28 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Mon, 8 Jul 2019 19:27:46 +0000 (19:27 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Mon, 8 Jul 2019 19:26:38 +0000 (19:26 +0000)]
Merge "Fix sql injection vulnerability"
Dominik Mizyn [Fri, 5 Jul 2019 12:33:53 +0000 (14:33 +0200)]
XSS Vulnerability fix in PortalAdminController
Custom data validator used to fix this issue.
Issue-ID: OJSI-15
Change-Id: I224887d31e4e2d7301544194ef44ba38e66e047d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Wed, 3 Jul 2019 13:25:01 +0000 (15:25 +0200)]
AuthUtil method isAccessAllowed() argument change
Change argument length to match argument length from to sdk version.
Issue-ID: PORTAL-656
Change-Id: I6fe28800e0baccaab43419d3aa0d8c43b1ebe771
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Mon, 1 Jul 2019 10:08:24 +0000 (12:08 +0200)]
LanguageServiceImpl logging vulnerability fix
Sonar issue: "Use a logger to log this exception" fix
This patch also minor code issues
Issue-ID: PORTAL-622
Change-Id: I304285ca7837bcf929249f7c6b93b6de9cf8fae5
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Mon, 1 Jul 2019 09:52:31 +0000 (11:52 +0200)]
EPAppServiceImpl class fix.
Sonar issues fix:
Remove this unused "logger" private field.
Remove this unused "syncRests" private field.
unused imports delete and unneeded fields initialization fix.
StringBuilder performance fix.
Issue-ID: PORTAL-620
Change-Id: Ibd1cf732b216594b47801767d0a98e59b0aba200
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Orliński [Mon, 17 Jun 2019 09:53:27 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: Ia655ccf79800c132b3ac466016b8fdfd9f9c27bd
Dominik Orliński [Mon, 17 Jun 2019 09:53:25 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I9dcec677ee9edd0d274a486af37eb950d8e828cf
Dominik Orliński [Mon, 17 Jun 2019 09:53:22 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I8d72c819004f05fbbf464cde73b405f2028c7bb6
Dominik Mizyn [Fri, 21 Jun 2019 11:07:43 +0000 (13:07 +0200)]
PeerBroadcastSocket sonar issues fix and code refactor
Sonar issues fix and code refactor.
Session data save moved to another method.
Rest of code don't really do anything.
Issue-ID: PORTAL-624
Change-Id: I53b36377f2d2645d8c24ad2384959f0599e07303
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 10:27:38 +0000 (12:27 +0200)]
ONAPWelcomeController sonar issue fix
String viewName and getter/setter can be romoved from his class.
ONAPWelcomeController Overrides this field 1 to 1.
Issue-ID: PORTAL-652
Change-Id: Idbb41f52a63c6ea681f6ba7753991d766849e3a2
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 10:12:06 +0000 (12:12 +0200)]
ONAPLoginController sonar issues fix.
Sonar issues fix plus @Autowired in constructor not in fields.
Issue-ID: PORTAL-651
Change-Id: I99329b986877d040c6fdda9daf42a5c501a39605
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 09:49:41 +0000 (11:49 +0200)]
SimpleLoginStrategy sonar issues fix
"Either remove or fill this block of code."
"Move the "" string literal on the left side of this string comparison."
"Define and throw a dedicated exception instead of using a generic one."
Issue-ID: PORTAL-650
Change-Id: I92018287a6f585020f0ae6f042b1bb1de84a5e14
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 09:31:35 +0000 (11:31 +0200)]
OpenIdConnectLoginStrategy sonar issues fix
Redundant suppression("rawtypes") removed.
Sonar issue:
Move the "" string literal on the left side of this string comparison.
Define and throw a dedicated exception instead of using a generic one.
Issue-ID: PORTAL-649
Change-Id: Ia2c80ad4848c22c94a2db731425250784d382841
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Orliński [Mon, 17 Jun 2019 09:53:35 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I0574e882e4d500408b6a6bab8986822669cba5d4
Dominik Orliński [Mon, 17 Jun 2019 09:53:38 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: Ia75da49ed582836a47b5fdcddab62fbe02e36e72
Sunder Tattavarada [Tue, 18 Jun 2019 16:04:36 +0000 (16:04 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Tue, 18 Jun 2019 16:04:28 +0000 (16:04 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Tue, 18 Jun 2019 16:04:19 +0000 (16:04 +0000)]
Merge "Fix sql injection vulnerability"
Dominik Mizyn [Tue, 18 Jun 2019 13:10:48 +0000 (15:10 +0200)]
WebAnalyticsExtAppController sonar issues
- Rename this local variable to match the regular expression
- Make this anonymous inner class a lambda.
- Immediately return this expression instead of assigning it to
the temporary variable "response".
- Move the "" string literal on the left side of this string comparison.
- Replace the type specification in this constructor call
with the diamond operator ("<>").
Issue-ID: PORTAL-648
Change-Id: I1666d94dccbbe8aa835ea9a443a9973a245353f4
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 12:46:23 +0000 (14:46 +0200)]
HealthMonitor sonar issues
Remove this unused "numIntervalsClusterNotHealthy" local variable.
Use "Long.parseLong" for this string-to-long conversion.
Make the enclosing method "static" or remove this set.
Change this instance-reference to a static reference.
Remove the literal "false" boolean value.
This block of commented-out lines of code should be removed.
Add the "@Override" annotation above this method signature
Issue-ID: PORTAL-647
Change-Id: I1880177f0906e6267807bbb9c0b7a81651e3c020
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 11:57:55 +0000 (13:57 +0200)]
EPLdapService sonar issue fix
Annotate the interface with the @FunctionalInterface annotation.
Issue-ID: PORTAL-646
Change-Id: Idc6c70b9edaed73024721a3bc8c91796a0df9183
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 11:50:01 +0000 (13:50 +0200)]
AppWithRolesForUser sonar security issue
I used Lombok annotation to provide accessors.
Issue-ID: PORTAL-645
Change-Id: Iad852434f30b81535398913df162fa8f4bd1ecff
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 09:17:30 +0000 (11:17 +0200)]
SharedContext class DB constraints
Java Bean Validation SR 380 annotations added to classes
Getter, Setter changed to lombok annotation
Issue-ID: PORTAL-643
Change-Id: I690665b97e431de50750d5a497afcf0cc2efa065
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 09:14:38 +0000 (11:14 +0200)]
FunctionalMenuRole class DB constraints
Java Bean Validation SR 380 annotations added to classes
Getter, Setter, hashCode, equals changed to lombok annotation
Issue-ID: PORTAL-642
Change-Id: I666b0245add8e97f490d991701f548c0cd128cb6
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 08:46:13 +0000 (10:46 +0200)]
PortalAdmin class DB constraints
Java Bean Validation SR 380 annotations added to classes
Getter/Setter changed into lombok annotation
Issue-ID: PORTAL-641
Change-Id: I98909f4a82372f110aa42452476fb85c9bccbf3a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 08:44:10 +0000 (10:44 +0200)]
FavoritesFunctionalMenuItemJson class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-640
Change-Id: I5080e848de12669db9cdd24afe86510dcd82c3e2
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 07:29:11 +0000 (09:29 +0200)]
EpNotificationItem class DB constraints
Java Bean Validation SR 380 annotations added to classes
Unnecessary getter/setter, hashCode/equals changed to lombok annotation
Issue-ID: PORTAL-639
Change-Id: I58a6c734446fa10499feb7e4f1cef57dfd9e66b0
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 07:24:16 +0000 (09:24 +0200)]
EpRoleNotificationItem class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-638
Change-Id: I035ad9703f25cc87567700f66c3649ca53aee2df
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 07:15:39 +0000 (09:15 +0200)]
CommonWidget class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-637
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: I64741f835deb8aed14ad8d716d21bb4c1901b55f
Sunder Tattavarada [Mon, 17 Jun 2019 21:25:21 +0000 (21:25 +0000)]
Merge "PortalAdminUserRole class DB constraints"
Sunder Tattavarada [Mon, 17 Jun 2019 21:24:57 +0000 (21:24 +0000)]
Merge "MicroserviceParameter class DB constraints"
Sunder Tattavarada [Mon, 17 Jun 2019 21:24:30 +0000 (21:24 +0000)]
Merge "MicroserviceDataApp class DB constraints"
Lorraine Welch [Mon, 17 Jun 2019 21:20:46 +0000 (21:20 +0000)]
Merge "Application Onboarding page changes "
Kotta, Shireesha (sk434m) [Thu, 13 Jun 2019 18:41:15 +0000 (14:41 -0400)]
Application Onboarding page changes
Issue-ID: PORTAL-644
Application Onboarding page changes , DB scripts
Change-Id: Id689e15f5abd56192420e6761440659531108ab4
Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>
Sunder Tattavarada [Mon, 17 Jun 2019 15:51:58 +0000 (15:51 +0000)]
Merge "Sonar: Reduce cyclomatic complexity"
Dominik Orliński [Mon, 17 Jun 2019 09:53:33 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I676ed349746cdabf320027dd27a0c16949fff6d8
Dominik Orliński [Tue, 30 Apr 2019 09:46:19 +0000 (11:46 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I45895dc7665ff17394e602cbccf875e4e91b5ce1
Dominik Orliński [Tue, 30 Apr 2019 09:44:27 +0000 (11:44 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I5cb7561e4b2b781834bd4f2ec36dee58b4738bf2
Sunder Tattavarada [Fri, 14 Jun 2019 17:33:20 +0000 (17:33 +0000)]
Merge "WidgetFileApp class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:31:05 +0000 (17:31 +0000)]
Merge "FavoritesFunctionalMenuItem class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:30:28 +0000 (17:30 +0000)]
Merge "WidgetCatalog class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:22:54 +0000 (17:22 +0000)]
Merge "Change default character to utf8 for portal db"
Sunder Tattavarada [Fri, 14 Jun 2019 17:19:57 +0000 (17:19 +0000)]
Merge "Sonar critical fixes in MicroserviceServiceImpl"
Sunder Tattavarada [Fri, 14 Jun 2019 17:17:37 +0000 (17:17 +0000)]
Merge "Sonar fix: make "dateFormat" an instance variable"
Sunder Tattavarada [Fri, 14 Jun 2019 17:12:45 +0000 (17:12 +0000)]
Merge "Sonar critical fixes in EPAppCommonServiceImpl"
Sunder Tattavarada [Fri, 14 Jun 2019 17:10:28 +0000 (17:10 +0000)]
Merge "RoleApp class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:09:31 +0000 (17:09 +0000)]
Merge "App class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:07:18 +0000 (17:07 +0000)]
Merge "FunctionalMenuItem DB constraints fix"
Sunder Tattavarada [Fri, 14 Jun 2019 17:05:22 +0000 (17:05 +0000)]
Merge "FunctionalMenuItem DB constraints add"
Sunder Tattavarada [Fri, 14 Jun 2019 16:18:10 +0000 (16:18 +0000)]
Merge "XSS Vulnerability fix in DashboardSearchResultController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:17:07 +0000 (16:17 +0000)]
Merge "Custom data validator"
Sunder Tattavarada [Fri, 14 Jun 2019 16:14:23 +0000 (16:14 +0000)]
Merge "XSS Vulnerability fix in TicketEventController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:13:15 +0000 (16:13 +0000)]
Merge "XSS Vulnerability fix in RoleManageController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:12:15 +0000 (16:12 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Fri, 14 Jun 2019 16:07:42 +0000 (16:07 +0000)]
Merge "XSS Vulnerability fix in AppsOSController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:03:32 +0000 (16:03 +0000)]
Merge "XSS Vulnerability fix in AppsControllerExternalRequest"
Sunder Tattavarada [Fri, 14 Jun 2019 16:00:26 +0000 (16:00 +0000)]
Merge "Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl"
Sunder Tattavarada [Fri, 14 Jun 2019 15:58:40 +0000 (15:58 +0000)]
Merge "XSS Vulnerability fix in MicroserviceController"
Sunder Tattavarada [Fri, 14 Jun 2019 15:49:21 +0000 (15:49 +0000)]
Merge "XSS Vulnerability fix in DashboardSearchResultController"
Dominik Mizyn [Fri, 14 Jun 2019 09:50:04 +0000 (11:50 +0200)]
PortalAdminUserRole class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-636
Change-Id: I8fb4f50e672e17b9e169303eb09255fe57288b45
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:43:33 +0000 (11:43 +0200)]
MicroserviceParameter class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-635
Change-Id: Idcca0d46d1779d5fae874aff38cfd7f59f73c9b0
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:36:33 +0000 (11:36 +0200)]
MicroserviceDataApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-634
Change-Id: Ife3b0116b986d52fd17612937b2a74fa76062ed9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:28:52 +0000 (11:28 +0200)]
WidgetFileApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-633
Change-Id: Id7b45dedafe2e5f9e799a93d219baef46c88d124
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:20:23 +0000 (11:20 +0200)]
FavoritesFunctionalMenuItem class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-632
Change-Id: Ia7c2f4ad0aa5cc85db73142d0fecd46da535c3d9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Sunder Tattavarada [Thu, 13 Jun 2019 21:40:49 +0000 (21:40 +0000)]
Merge "Fix sonar issue: Override "equals(Object obj)""
Dominik Mizyn [Thu, 13 Jun 2019 15:10:22 +0000 (17:10 +0200)]
WidgetCatalog class DB constraints
Java Bean Validation SR 380 annotations added to classes
Plains getter/setter converted to lombok annotation
Issue-ID: PORTAL-630
Change-Id: Id866ec4bc0dc428adfbb7cdc64fe15f7faf837f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 15:03:08 +0000 (17:03 +0200)]
RoleApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Lombod added to widget-ms
Plains getter/setter converted to lombok annotation
Issue-ID: PORTAL-629
Change-Id: I31639672510994412149ed8be92cb8e1b022f646
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 14:22:28 +0000 (16:22 +0200)]
App class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-627
Change-Id: I827f99ef75c6af3f9881fe68f1cb245795ba2734
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 14:15:00 +0000 (16:15 +0200)]
FunctionalMenuItem DB constraints fix
Add @Digits to secure Long type fields
Issue-ID: PORTAL-626
Change-Id: I59080c9103369d96a42c574356f0635265335d0a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 13:57:48 +0000 (15:57 +0200)]
FunctionalMenuItem DB constraints add
Java Bean Validation SR 380 annotations added to classes
Unnecessary boxing removed.
Issue-ID: PORTAL-626
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ic1c20870fd781d46061077fd14b81a65dea93e6e
Dominik Mizyn [Wed, 12 Jun 2019 11:55:33 +0000 (13:55 +0200)]
ExtractJar sonar issues fix
This path try resolve some sonar issues.
More details on jira
Issue-ID: PORTAL-623
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: I085390f4b7841fd3e4c7f218cc68bf67960e5598
Welch, Lorraine (lb2391) [Tue, 11 Jun 2019 18:14:22 +0000 (14:14 -0400)]
Updated Dublin Release Notes
Issue-ID: PORTAL-592
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I4d1e7e8bd83ed2adb7df25ccf4c694b1c81ef879
r.bogacki [Thu, 23 May 2019 12:59:56 +0000 (14:59 +0200)]
Sonar critical fixes in MicroserviceServiceImpl
Fixed critical issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.
Issue-ID: PORTAL-591
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Icc2b6fb45777582486e1060245cdf94e4f6d685d
r.bogacki [Thu, 23 May 2019 11:12:04 +0000 (13:12 +0200)]
Sonar fix: make "dateFormat" an instance variable
Fixed critical Sonar issue. SimpleDateFormat was declared as a static
but it is not tread-safe and it keeps an internal state.
Compliant solution has been applied with additional DateUtil class.
Issue-ID: PORTAL-590
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ic6243052804a410cb750c6c219c702469c86ff78
r.bogacki [Thu, 23 May 2019 07:00:28 +0000 (09:00 +0200)]
Sonar critical fixes in EPAppCommonServiceImpl
Fixed issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.
-Fixed comparisons between unrelated types.
Issue-ID: PORTAL-588
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ibc204e0218788bb82f947c668d68fb6e88db7043
Welch, Lorraine (lb2391) [Fri, 7 Jun 2019 19:18:47 +0000 (15:18 -0400)]
Added lorraineawelch to INFO.yaml
Issue-ID: PORTAL-618
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I3d7f57c8cc20347f8adeefbada2eaffde0940262
Dominik Mizyn [Wed, 5 Jun 2019 14:24:35 +0000 (16:24 +0200)]
XSS Vulnerability fix in DashboardSearchResultController
Custom Validator is used to secure this endpoints.
Issue-ID: OJSI-15
Change-Id: Idf523a53bc5fe9e1df8110526d56336953759c86
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Wed, 5 Jun 2019 13:43:02 +0000 (15:43 +0200)]
Custom data validator
By creating custom data validator we can reduce code duplications.
Issue-ID: OJSI-15
Change-Id: I39decf1d6ded559322c4445f0956fad2a159878d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 31 May 2019 13:35:38 +0000 (15:35 +0200)]
XSS Vulnerability fix in TicketEventController
@SafeHtml and SecureString used to fix this issue;
Issue-ID: OJSI-209
Change-Id: I588872839696c824135bab88c100b31c23d960ba
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 31 May 2019 13:23:46 +0000 (15:23 +0200)]
XSS Vulnerability fix in RoleManageController
@SafeHtml and SecureString used to secure this class
Issue-ID: OJSI-208
Change-Id: Ie01799933add3419cacf0fc716ce2da6da0a2853
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 31 May 2019 06:55:42 +0000 (08:55 +0200)]
XSS Vulnerability fix in AppsOSController
SecureString class used to secure PathVariable.
Issue-ID: OJSI-207
Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Manoop Talasila [Thu, 30 May 2019 14:46:41 +0000 (14:46 +0000)]
Merge changes I1c586793,I47249407,Idad22dea,I5c3bee06,I5cb96956
* changes:
Document OJSI-190 vulnerability
Document OJSI-174 (CVE-2019-12318) vulnerability
Document OJSI-92 (CVE-2019-12121) vulnerability
Document OJSI-65 (CVE-2019-1212) vulnerability
Document OJSI-15 (CVE-2019-12317) vulnerability
Manoop Talasila [Thu, 30 May 2019 14:44:42 +0000 (14:44 +0000)]
Merge "Don't give the user the exact stack trace of the exception"
Manoop Talasila [Thu, 30 May 2019 14:43:06 +0000 (14:43 +0000)]
Merge "Don't give user the exact exception description"