Medium Vulnerabilities: Reverting the changes done towards Locate & FS

author Raviteja Cherughattu <rc835m@att.com>

Wed, 29 Jul 2020 16:49:13 +0000 (11:49 -0500)

committer Raviteja Cherughattu <rc835m@att.com>

Wed, 29 Jul 2020 16:49:13 +0000 (11:49 -0500)
author Raviteja Cherughattu <rc835m@att.com>
Wed, 29 Jul 2020 16:49:13 +0000 (11:49 -0500)
committer Raviteja Cherughattu <rc835m@att.com>
Wed, 29 Jul 2020 16:49:13 +0000 (11:49 -0500)
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml

index 943c108..2084e18 100644 (file)
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -81,11 +81,6 @@
                         <artifactId>encoder</artifactId>                
                         <version>1.2.1</version>                
                 </dependency>   
-               <dependency>    
-            <groupId>org.owasp.esapi</groupId> 
-                       <artifactId>esapi</artifactId>  
-                       <version>2.0.1</version>        
-        </dependency>
      </dependencies>
  
      <build>
diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java

index fdedd6b..6077b39 100644 (file)
--- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
+++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
@@ -45,8 +45,6 @@ import org.onap.aaf.cadi.config.Config;
  import org.onap.aaf.cadi.register.Registrant;
  import org.onap.aaf.cadi.register.RemoteRegistrant;
  
-import org.owasp.esapi.reference.DefaultHTTPUtilities;
-
  public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans>  {
  
      public AAF_FS(final AuthzEnv env) throws IOException, CadiException {
@@ -82,8 +80,7 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans>  {
          @Override
          public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
              trans.info().printf("Redirecting %s to HTTP/S %s", req.getRemoteAddr(), req.getLocalAddr());
-            DefaultHTTPUtilities util = new DefaultHTTPUtilities();            
-            util.sendRedirect(url);
+            resp.sendRedirect(url);
          }
      };
  
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml

index 3658598..71fcfa9 100644 (file)
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -83,11 +83,6 @@
                         <artifactId>encoder</artifactId>                
                         <version>1.2.1</version>                
                 </dependency>
-               <dependency>    
-            <groupId>org.owasp.esapi</groupId> 
-                       <artifactId>esapi</artifactId>  
-                       <version>2.0.1</version>        
-        </dependency>
          
      </dependencies>
  
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java

index 7b23c89..2bb497a 100644 (file)
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
@@ -53,8 +53,6 @@ import org.onap.aaf.cadi.client.Retryable;
  import org.onap.aaf.misc.env.APIException;
  import org.onap.aaf.misc.env.Env;
  import org.onap.aaf.misc.env.TimeTaken;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.reference.DefaultHTTPUtilities;
  import org.owasp.encoder.Encode;
  
  public class API_AAFAccess {
@@ -259,7 +257,7 @@ public class API_AAFAccess {
          });
      }
  
-    private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException, AccessControlException {
+    private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException {
          try {
              if (loc.hasItems()) {
                  Item item = loc.best();
@@ -272,10 +270,8 @@ public class API_AAFAccess {
                      redirectURL.append('?');
                      redirectURL.append(str);
                  }
-                trans.info().log("Redirect to",redirectURL);
-                DefaultHTTPUtilities util = new DefaultHTTPUtilities();                
-                util.sendRedirect(redirectURL.toString());                
-                //resp.sendRedirect(redirectURL.toString());
+                trans.info().log("Redirect to",redirectURL);              
+                resp.sendRedirect(redirectURL.toString());
              } else {
                  context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
              }
author	Raviteja Cherughattu <rc835m@att.com>
	Wed, 29 Jul 2020 16:49:13 +0000 (11:49 -0500)
committer	Raviteja Cherughattu <rc835m@att.com>
	Wed, 29 Jul 2020 16:49:13 +0000 (11:49 -0500)
auth/auth-fs/pom.xml		patch \| blob \| history
auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java		patch \| blob \| history
auth/auth-locate/pom.xml		patch \| blob \| history
auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java		patch \| blob \| history