Persistent XSS vulnerability in microservices form

[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / portal / controller / MicroserviceController.java

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
index 2f956cc..2e1a2b4 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
@@ -55,9 +55,10 @@ import org.onap.portalapp.portal.domain.WidgetServiceHeaders;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
-import org.onap.portalapp.portal.service.ConsulHealthService;
+import org.onap.portalapp.portal.service.WidgetMService;
 import org.onap.portalapp.portal.service.MicroserviceService;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
+import org.onap.portalapp.validation.DataValidator;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
@@ -78,13 +79,13 @@ import org.springframework.web.client.RestTemplate;
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class MicroserviceController extends EPRestrictedBaseController {
-       public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+       private final DataValidator dataValidator = new DataValidator();
        
        String whatService = "widgets-service";
        RestTemplate template = new RestTemplate();
 
        @Autowired
-       private ConsulHealthService consulHealthService;
+       private WidgetMService widgetMService;
 
        @Autowired
        private MicroserviceService microserviceService;
@@ -96,10 +97,7 @@ public class MicroserviceController extends EPRestrictedBaseController {
                        return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
                                "MicroserviceData cannot be null or empty");
                }else {
-                       Validator validator = VALIDATOR_FACTORY.getValidator();
-
-                       Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
-                       if(!constraintViolations.isEmpty()){
+                       if(!dataValidator.isValid(newServiceData)){
                                return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
                                        "ERROR", "MicroserviceData is not valid");
                        }
@@ -129,10 +127,7 @@ public class MicroserviceController extends EPRestrictedBaseController {
                        return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
                                "MicroserviceData cannot be null or empty");
                }else {
-                       Validator validator = VALIDATOR_FACTORY.getValidator();
-
-                       Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
-                       if(!constraintViolations.isEmpty()){
+                       if(!dataValidator.isValid(newServiceData)){
                                return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
                                        "ERROR", "MicroserviceData is not valid");
                        }
@@ -153,7 +148,7 @@ public class MicroserviceController extends EPRestrictedBaseController {
                        };
                        // If this service is assoicated with widgets, cannnot be deleted
                        ResponseEntity<List<WidgetCatalog>> ans = template.exchange(
-                                       EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+                                       EcompPortalUtils.widgetMsProtocol() + "://" + widgetMService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
                                                        + "/widget/microservices/widgetCatalog/service/" + serviceId,
                                        HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef);
                        List<WidgetCatalog> widgets = ans.getBody();