From bdb54b7c8a5df0e686490658067c9013ee43dd7a Mon Sep 17 00:00:00 2001 From: Raviteja Cherughattu Date: Wed, 29 Jul 2020 14:36:17 -0500 Subject: [PATCH] Medium Vulnerabilities CodeFix: Revert [Ref ID: 108330] Issue-ID: AAF-1115 Change-Id: I8e503ee84eb2771edbf2ed94f5d7f8f2e20812c7 Signed-off-by: Raviteja Cherughattu --- auth/auth-cmd/pom.xml | 7 +------ auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java | 4 +--- auth/auth-core/pom.xml | 7 +------ .../java/org/onap/aaf/auth/rserv/CachingFileAccess.java | 5 ++--- auth/auth-fs/pom.xml | 7 +------ auth/auth-hello/pom.xml | 7 +------ .../src/main/java/org/onap/aaf/auth/hello/API_Hello.java | 10 ++++------ auth/auth-locate/pom.xml | 7 +------ .../java/org/onap/aaf/auth/locate/api/API_AAFAccess.java | 5 ++--- .../org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java | 5 ++--- .../src/main/java/org/onap/aaf/cadi/http/HClient.java | 13 ++++--------- misc/pom.xml | 7 +------ misc/xgen/pom.xml | 7 +------ misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java | 5 ++--- 14 files changed, 24 insertions(+), 72 deletions(-) diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml index 01ec4ec9..19902604 100644 --- a/auth/auth-cmd/pom.xml +++ b/auth/auth-cmd/pom.xml @@ -177,12 +177,7 @@ jline jline 2.14.2 - - - org.owasp.encoder - encoder - 1.2.1 - + diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java index 40616abc..7913b76e 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java @@ -54,8 +54,6 @@ import aaf.v2_0.History; import aaf.v2_0.History.Item; import aaf.v2_0.Request; -import org.owasp.encoder.Encode; - public abstract class Cmd { // Sonar claims DateFormat is not thread safe. Leave as Instance Variable. private final DateFormat dateFmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS"); @@ -273,7 +271,7 @@ public abstract class Cmd { sb.append(", "); sb.append(desc); } - pw().println(Encode.forJava(sb.toString())); + pw().println(sb.toString()); } diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml index 972b12cb..bef94675 100644 --- a/auth/auth-core/pom.xml +++ b/auth/auth-core/pom.xml @@ -106,12 +106,7 @@ org.slf4j slf4j-log4j12 - - - org.owasp.encoder - encoder - 1.2.1 - + diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java index b342c428..cdda50db 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java @@ -53,7 +53,6 @@ import org.onap.aaf.misc.env.EnvJAXB; import org.onap.aaf.misc.env.LogTarget; import org.onap.aaf.misc.env.Store; import org.onap.aaf.misc.env.Trans; -import org.owasp.encoder.Encode; /* * CachingFileAccess * @@ -430,9 +429,9 @@ public class CachingFileAccess extends HttpCode"); - w.append(Encode.forJava(f.getName())); + w.append(f.getName()); w.append("\n"); } w.append(F); diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml index 2084e18c..fcc4baa4 100644 --- a/auth/auth-fs/pom.xml +++ b/auth/auth-fs/pom.xml @@ -75,12 +75,7 @@ org.onap.aaf.authz aaf-cadi-core - - - org.owasp.encoder - encoder - 1.2.1 - + diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index f9a420f9..676ca3ea 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -54,12 +54,7 @@ org.onap.aaf.authz aaf-cadi-aaf - - - org.owasp.encoder - encoder - 1.2.1 - + diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java index cdaa6a76..4ffb1787 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java @@ -35,8 +35,6 @@ import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; -import org.owasp.encoder.Encode; - /** * API Apis * @author Jonathan @@ -72,7 +70,7 @@ public class API_Hello { String perm = pathParam(req, "perm"); if (perm!=null && perm.length()>0) { os.print('('); - os.print(Encode.forJava(req.getUserPrincipal().getName())); + os.print(req.getUserPrincipal().getName()); TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); try { if (req.isUserInRole(perm)) { @@ -84,7 +82,7 @@ public class API_Hello { tt.done(); } os.print("Permission: "); - os.print(Encode.forJava(perm)); + os.print(perm); os.print(')'); } os.println(); @@ -146,7 +144,7 @@ public class API_Hello { } sb.append("}"); ServletOutputStream os = resp.getOutputStream(); - os.println(Encode.forJava(sb.toString())); + os.println(sb.toString()); trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); } },APPLICATION_JSON); @@ -166,7 +164,7 @@ public class API_Hello { trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content); if (content.startsWith("{") && content.endsWith("}")) { resp.setStatus(200 /* OK */); - resp.getOutputStream().print(Encode.forJava(content)); + resp.getOutputStream().print(content); } else { resp.getOutputStream().write(NOT_JSON); resp.setStatus(406); diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml index 71fcfa98..e1103eca 100644 --- a/auth/auth-locate/pom.xml +++ b/auth/auth-locate/pom.xml @@ -77,12 +77,7 @@ org.onap.aaf.authz aaf-misc-rosetta - - - org.owasp.encoder - encoder - 1.2.1 - + diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java index 2bb497a0..2076e847 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java @@ -53,7 +53,6 @@ import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; -import org.owasp.encoder.Encode; public class API_AAFAccess { // private static String service, version, envContext; @@ -105,7 +104,7 @@ public class API_AAFAccess { ServletOutputStream sos; try { sos = resp.getOutputStream(); - sos.print(Encode.forJava(fp.value)); + sos.print(fp.value); } catch (IOException e) { throw new CadiException(e); } @@ -123,7 +122,7 @@ public class API_AAFAccess { User u = (User)d.data.get(0); resp.setStatus(u.code); ServletOutputStream sos = resp.getOutputStream(); - sos.print(Encode.forJava(u.resp)); + sos.print(u.resp); } } finally { tt.done(); diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java index 047663c3..67107088 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java @@ -59,7 +59,6 @@ import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.rosetta.env.RosettaDF; import org.onap.aaf.misc.rosetta.env.RosettaData; -import org.owasp.encoder.Encode; import locate_local.v1_0.Api; @@ -267,7 +266,7 @@ public abstract class LocateFacadeImpl { is = huc.getInputStream(); // reuse Buffers Pooled pbuff = Rcli.buffPool.get(); - try { - String strTemp; + try { while ((read=is.read(pbuff.content))>=0) { - strTemp = new String(pbuff.content,0,read); - os.write(Encode.forJava(strTemp).getBytes()); + os.write(pbuff.content,0,read); } } finally { pbuff.done(); @@ -413,11 +410,9 @@ public class HClient implements EClient { if (is!=null) { errContent = new StringBuilder(); Pooled pbuff = Rcli.buffPool.get(); - try { - String strTemp; + try { while ((read=is.read(pbuff.content))>=0) { - strTemp = new String(pbuff.content,0,read); - os.write(Encode.forJava(strTemp).getBytes()); + os.write(pbuff.content,0,read); } } finally { pbuff.done(); diff --git a/misc/pom.xml b/misc/pom.xml index 61d4f5d2..27948dfb 100644 --- a/misc/pom.xml +++ b/misc/pom.xml @@ -72,12 +72,7 @@ junit junit test - - - org.owasp.encoder - encoder - 1.2.1 - + diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml index d4183fb9..52533ba0 100644 --- a/misc/xgen/pom.xml +++ b/misc/xgen/pom.xml @@ -77,12 +77,7 @@ org.onap.aaf.authz aaf-misc-env ${project.version} - - - org.owasp.encoder - encoder - 1.2.1 - + diff --git a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java index 0d41bd9b..fb429b3b 100644 --- a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java +++ b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java @@ -28,7 +28,6 @@ import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.xgen.html.State; -import org.owasp.encoder.Encode; public class Section> { protected int indent; @@ -49,11 +48,11 @@ public class Section> { } public void forward(Writer w) throws IOException { - w.write(Encode.forJava(forward)); + w.write(forward); } public void back(Writer w) throws IOException { - w.write(Encode.forJava(backward)); + w.write(backward); } public String toString() { -- 2.16.6