<artifactId>jline</artifactId>
<version>2.14.2</version>
</dependency>
-
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
</dependencies>
<distributionManagement>
import aaf.v2_0.History.Item;
import aaf.v2_0.Request;
+import org.owasp.encoder.Encode;
public abstract class Cmd {
// Sonar claims DateFormat is not thread safe. Leave as Instance Variable.
sb.append(", ");
sb.append(desc);
}
- pw().println(sb);
+ pw().println(Encode.forJava(sb.toString()));
}
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
</dependencies>
<build>
import org.onap.aaf.misc.env.LogTarget;
import org.onap.aaf.misc.env.Store;
import org.onap.aaf.misc.env.Trans;
+import org.owasp.encoder.Encode;
/*
* CachingFileAccess
*
w.append(name);
w.append('/');
}
- w.append(f.getName());
+ w.append(Encode.forJava(f.getName()));
w.append("\">");
- w.append(f.getName());
+ w.append(Encode.forJava(f.getName()));
w.append("</a></li>\n");
}
w.append(F);
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.owasp.esapi</groupId>
+ <artifactId>esapi</artifactId>
+ <version>2.0.1</version>
+ </dependency>
</dependencies>
<build>
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.cadi.register.RemoteRegistrant;
-
+import org.owasp.esapi.reference.DefaultHTTPUtilities;
public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
trans.info().printf("Redirecting %s to HTTP/S %s", req.getRemoteAddr(), req.getLocalAddr());
- resp.sendRedirect(url);
+ DefaultHTTPUtilities util = new DefaultHTTPUtilities();
+ util.sendRedirect(url);
}
};
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
</dependency>
-
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
+
</dependencies>
<build>
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
+import org.owasp.encoder.Encode;
+
/**
* API Apis
* @author Jonathan
String perm = pathParam(req, "perm");
if (perm!=null && perm.length()>0) {
os.print('(');
- os.print(req.getUserPrincipal().getName());
+ os.print(Encode.forJava(req.getUserPrincipal().getName()));
TimeTaken tt = trans.start("Authorize perm", Env.REMOTE);
try {
if (req.isUserInRole(perm)) {
tt.done();
}
os.print("Permission: ");
- os.print(perm);
+ os.print(Encode.forJava(perm));
os.print(')');
}
os.println();
}
sb.append("}");
ServletOutputStream os = resp.getOutputStream();
- os.println(sb.toString());
+ os.println(Encode.forJava(sb.toString()));
trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName());
}
},APPLICATION_JSON);
trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content);
if (content.startsWith("{") && content.endsWith("}")) {
resp.setStatus(200 /* OK */);
- resp.getOutputStream().print(content);
+ resp.getOutputStream().print(Encode.forJava(content));
} else {
resp.getOutputStream().write(NOT_JSON);
resp.setStatus(406);
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-rosetta</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.owasp.esapi</groupId>
+ <artifactId>esapi</artifactId>
+ <version>2.0.1</version>
+ </dependency>
+
</dependencies>
<build>
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.DefaultHTTPUtilities;
+import org.owasp.encoder.Encode;
public class API_AAFAccess {
// private static String service, version, envContext;
ServletOutputStream sos;
try {
sos = resp.getOutputStream();
- sos.print(fp.value);
+ sos.print(Encode.forJava(fp.value));
} catch (IOException e) {
throw new CadiException(e);
}
User u = (User)d.data.get(0);
resp.setStatus(u.code);
ServletOutputStream sos = resp.getOutputStream();
- sos.print(u.resp);
+ sos.print(Encode.forJava(u.resp));
}
} finally {
tt.done();
});
}
- private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException {
+ private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException, AccessControlException {
try {
if (loc.hasItems()) {
Item item = loc.best();
redirectURL.append(str);
}
trans.info().log("Redirect to",redirectURL);
- resp.sendRedirect(redirectURL.toString());
+ DefaultHTTPUtilities util = new DefaultHTTPUtilities();
+ util.sendRedirect(redirectURL.toString());
+ //resp.sendRedirect(redirectURL.toString());
} else {
context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
}
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.rosetta.env.RosettaDF;
import org.onap.aaf.misc.rosetta.env.RosettaData;
+import org.owasp.encoder.Encode;
import locate_local.v1_0.Api;
TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);
try {
String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional);
- resp.getOutputStream().print(content);
+ resp.getOutputStream().print(Encode.forJava(content));
setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);
return Result.ok();
} catch (Exception e) {
}
}
}
- resp.getOutputStream().println(output);
+ resp.getOutputStream().println(Encode.forJava(output));
setContentType(resp,epDF.getOutType());
return Result.ok();
} catch (Exception e) {
import org.onap.aaf.misc.env.Data.TYPE;
import org.onap.aaf.misc.env.util.Pool.Pooled;
import org.onap.aaf.misc.rosetta.env.RosettaDF;
-
+import org.owasp.encoder.Encode;
/**
* Low Level Http Client Mechanism. Chances are, you want the high level "HRcli"
* for Rosetta Object Translation
// reuse Buffers
Pooled<byte[]> pbuff = Rcli.buffPool.get();
try {
+ String strTemp;
while ((read=is.read(pbuff.content))>=0) {
- os.write(pbuff.content,0,read);
+ strTemp = new String(pbuff.content,0,read);
+ os.write(Encode.forJava(strTemp).getBytes());
}
} finally {
pbuff.done();
errContent = new StringBuilder();
Pooled<byte[]> pbuff = Rcli.buffPool.get();
try {
+ String strTemp;
while ((read=is.read(pbuff.content))>=0) {
- os.write(pbuff.content,0,read);
+ strTemp = new String(pbuff.content,0,read);
+ os.write(Encode.forJava(strTemp).getBytes());
}
} finally {
pbuff.done();
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
+
</dependencies>
<modules>
<artifactId>aaf-misc-env</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
</dependencies>
<!-- ============================================================== -->
import org.onap.aaf.misc.env.Env;\r
import org.onap.aaf.misc.env.Trans;\r
import org.onap.aaf.misc.xgen.html.State;\r
+import org.owasp.encoder.Encode;\r
\r
public class Section<G extends XGen<G>> {\r
protected int indent;\r
}\r
\r
public void forward(Writer w) throws IOException {\r
- w.write(forward);\r
+ w.write(Encode.forJava(forward));\r
}\r
\r
public void back(Writer w) throws IOException {\r
- w.write(backward);\r
+ w.write(Encode.forJava(backward));\r
}\r
\r
public String toString() {\r