Sunder Tattavarada [Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Mon, 8 Jul 2019 19:26:38 +0000 (19:26 +0000)]
Merge "Fix sql injection vulnerability"
Dominik Mizyn [Wed, 3 Jul 2019 13:25:01 +0000 (15:25 +0200)]
AuthUtil method isAccessAllowed() argument change
Change argument length to match argument length from to sdk version.
Issue-ID: PORTAL-656
Change-Id: I6fe28800e0baccaab43419d3aa0d8c43b1ebe771
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 11:07:43 +0000 (13:07 +0200)]
PeerBroadcastSocket sonar issues fix and code refactor
Sonar issues fix and code refactor.
Session data save moved to another method.
Rest of code don't really do anything.
Issue-ID: PORTAL-624
Change-Id: I53b36377f2d2645d8c24ad2384959f0599e07303
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 10:27:38 +0000 (12:27 +0200)]
ONAPWelcomeController sonar issue fix
String viewName and getter/setter can be romoved from his class.
ONAPWelcomeController Overrides this field 1 to 1.
Issue-ID: PORTAL-652
Change-Id: Idbb41f52a63c6ea681f6ba7753991d766849e3a2
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 10:12:06 +0000 (12:12 +0200)]
ONAPLoginController sonar issues fix.
Sonar issues fix plus @Autowired in constructor not in fields.
Issue-ID: PORTAL-651
Change-Id: I99329b986877d040c6fdda9daf42a5c501a39605
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 09:49:41 +0000 (11:49 +0200)]
SimpleLoginStrategy sonar issues fix
"Either remove or fill this block of code."
"Move the "" string literal on the left side of this string comparison."
"Define and throw a dedicated exception instead of using a generic one."
Issue-ID: PORTAL-650
Change-Id: I92018287a6f585020f0ae6f042b1bb1de84a5e14
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 21 Jun 2019 09:31:35 +0000 (11:31 +0200)]
OpenIdConnectLoginStrategy sonar issues fix
Redundant suppression("rawtypes") removed.
Sonar issue:
Move the "" string literal on the left side of this string comparison.
Define and throw a dedicated exception instead of using a generic one.
Issue-ID: PORTAL-649
Change-Id: Ia2c80ad4848c22c94a2db731425250784d382841
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Orliński [Mon, 17 Jun 2019 09:53:35 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I0574e882e4d500408b6a6bab8986822669cba5d4
Dominik Orliński [Mon, 17 Jun 2019 09:53:38 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: Ia75da49ed582836a47b5fdcddab62fbe02e36e72
Sunder Tattavarada [Tue, 18 Jun 2019 16:04:36 +0000 (16:04 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Tue, 18 Jun 2019 16:04:28 +0000 (16:04 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Tue, 18 Jun 2019 16:04:19 +0000 (16:04 +0000)]
Merge "Fix sql injection vulnerability"
Dominik Mizyn [Tue, 18 Jun 2019 13:10:48 +0000 (15:10 +0200)]
WebAnalyticsExtAppController sonar issues
- Rename this local variable to match the regular expression
- Make this anonymous inner class a lambda.
- Immediately return this expression instead of assigning it to
the temporary variable "response".
- Move the "" string literal on the left side of this string comparison.
- Replace the type specification in this constructor call
with the diamond operator ("<>").
Issue-ID: PORTAL-648
Change-Id: I1666d94dccbbe8aa835ea9a443a9973a245353f4
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 12:46:23 +0000 (14:46 +0200)]
HealthMonitor sonar issues
Remove this unused "numIntervalsClusterNotHealthy" local variable.
Use "Long.parseLong" for this string-to-long conversion.
Make the enclosing method "static" or remove this set.
Change this instance-reference to a static reference.
Remove the literal "false" boolean value.
This block of commented-out lines of code should be removed.
Add the "@Override" annotation above this method signature
Issue-ID: PORTAL-647
Change-Id: I1880177f0906e6267807bbb9c0b7a81651e3c020
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 11:57:55 +0000 (13:57 +0200)]
EPLdapService sonar issue fix
Annotate the interface with the @FunctionalInterface annotation.
Issue-ID: PORTAL-646
Change-Id: Idc6c70b9edaed73024721a3bc8c91796a0df9183
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Tue, 18 Jun 2019 11:50:01 +0000 (13:50 +0200)]
AppWithRolesForUser sonar security issue
I used Lombok annotation to provide accessors.
Issue-ID: PORTAL-645
Change-Id: Iad852434f30b81535398913df162fa8f4bd1ecff
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Sunder Tattavarada [Mon, 17 Jun 2019 21:25:21 +0000 (21:25 +0000)]
Merge "PortalAdminUserRole class DB constraints"
Sunder Tattavarada [Mon, 17 Jun 2019 21:24:57 +0000 (21:24 +0000)]
Merge "MicroserviceParameter class DB constraints"
Sunder Tattavarada [Mon, 17 Jun 2019 21:24:30 +0000 (21:24 +0000)]
Merge "MicroserviceDataApp class DB constraints"
Lorraine Welch [Mon, 17 Jun 2019 21:20:46 +0000 (21:20 +0000)]
Merge "Application Onboarding page changes "
Kotta, Shireesha (sk434m) [Thu, 13 Jun 2019 18:41:15 +0000 (14:41 -0400)]
Application Onboarding page changes
Issue-ID: PORTAL-644
Application Onboarding page changes , DB scripts
Change-Id: Id689e15f5abd56192420e6761440659531108ab4
Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>
Sunder Tattavarada [Mon, 17 Jun 2019 15:51:58 +0000 (15:51 +0000)]
Merge "Sonar: Reduce cyclomatic complexity"
Dominik Orliński [Mon, 17 Jun 2019 09:53:33 +0000 (11:53 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I676ed349746cdabf320027dd27a0c16949fff6d8
Dominik Orliński [Tue, 30 Apr 2019 09:46:19 +0000 (11:46 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I45895dc7665ff17394e602cbccf875e4e91b5ce1
Dominik Orliński [Tue, 30 Apr 2019 09:44:27 +0000 (11:44 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I5cb7561e4b2b781834bd4f2ec36dee58b4738bf2
Sunder Tattavarada [Fri, 14 Jun 2019 17:33:20 +0000 (17:33 +0000)]
Merge "WidgetFileApp class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:31:05 +0000 (17:31 +0000)]
Merge "FavoritesFunctionalMenuItem class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:30:28 +0000 (17:30 +0000)]
Merge "WidgetCatalog class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:22:54 +0000 (17:22 +0000)]
Merge "Change default character to utf8 for portal db"
Sunder Tattavarada [Fri, 14 Jun 2019 17:19:57 +0000 (17:19 +0000)]
Merge "Sonar critical fixes in MicroserviceServiceImpl"
Sunder Tattavarada [Fri, 14 Jun 2019 17:17:37 +0000 (17:17 +0000)]
Merge "Sonar fix: make "dateFormat" an instance variable"
Sunder Tattavarada [Fri, 14 Jun 2019 17:12:45 +0000 (17:12 +0000)]
Merge "Sonar critical fixes in EPAppCommonServiceImpl"
Sunder Tattavarada [Fri, 14 Jun 2019 17:10:28 +0000 (17:10 +0000)]
Merge "RoleApp class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:09:31 +0000 (17:09 +0000)]
Merge "App class DB constraints"
Sunder Tattavarada [Fri, 14 Jun 2019 17:07:18 +0000 (17:07 +0000)]
Merge "FunctionalMenuItem DB constraints fix"
Sunder Tattavarada [Fri, 14 Jun 2019 17:05:22 +0000 (17:05 +0000)]
Merge "FunctionalMenuItem DB constraints add"
Sunder Tattavarada [Fri, 14 Jun 2019 16:18:10 +0000 (16:18 +0000)]
Merge "XSS Vulnerability fix in DashboardSearchResultController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:17:07 +0000 (16:17 +0000)]
Merge "Custom data validator"
Sunder Tattavarada [Fri, 14 Jun 2019 16:14:23 +0000 (16:14 +0000)]
Merge "XSS Vulnerability fix in TicketEventController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:13:15 +0000 (16:13 +0000)]
Merge "XSS Vulnerability fix in RoleManageController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:12:15 +0000 (16:12 +0000)]
Merge "Fix sql injection vulnerability"
Sunder Tattavarada [Fri, 14 Jun 2019 16:07:42 +0000 (16:07 +0000)]
Merge "XSS Vulnerability fix in AppsOSController"
Sunder Tattavarada [Fri, 14 Jun 2019 16:03:32 +0000 (16:03 +0000)]
Merge "XSS Vulnerability fix in AppsControllerExternalRequest"
Sunder Tattavarada [Fri, 14 Jun 2019 16:00:26 +0000 (16:00 +0000)]
Merge "Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl"
Sunder Tattavarada [Fri, 14 Jun 2019 15:58:40 +0000 (15:58 +0000)]
Merge "XSS Vulnerability fix in MicroserviceController"
Sunder Tattavarada [Fri, 14 Jun 2019 15:49:21 +0000 (15:49 +0000)]
Merge "XSS Vulnerability fix in DashboardSearchResultController"
Dominik Mizyn [Fri, 14 Jun 2019 09:50:04 +0000 (11:50 +0200)]
PortalAdminUserRole class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-636
Change-Id: I8fb4f50e672e17b9e169303eb09255fe57288b45
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:43:33 +0000 (11:43 +0200)]
MicroserviceParameter class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-635
Change-Id: Idcca0d46d1779d5fae874aff38cfd7f59f73c9b0
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:36:33 +0000 (11:36 +0200)]
MicroserviceDataApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-634
Change-Id: Ife3b0116b986d52fd17612937b2a74fa76062ed9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:28:52 +0000 (11:28 +0200)]
WidgetFileApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-633
Change-Id: Id7b45dedafe2e5f9e799a93d219baef46c88d124
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 14 Jun 2019 09:20:23 +0000 (11:20 +0200)]
FavoritesFunctionalMenuItem class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-632
Change-Id: Ia7c2f4ad0aa5cc85db73142d0fecd46da535c3d9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Sunder Tattavarada [Thu, 13 Jun 2019 21:40:49 +0000 (21:40 +0000)]
Merge "Fix sonar issue: Override "equals(Object obj)""
Dominik Mizyn [Thu, 13 Jun 2019 15:10:22 +0000 (17:10 +0200)]
WidgetCatalog class DB constraints
Java Bean Validation SR 380 annotations added to classes
Plains getter/setter converted to lombok annotation
Issue-ID: PORTAL-630
Change-Id: Id866ec4bc0dc428adfbb7cdc64fe15f7faf837f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 15:03:08 +0000 (17:03 +0200)]
RoleApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Lombod added to widget-ms
Plains getter/setter converted to lombok annotation
Issue-ID: PORTAL-629
Change-Id: I31639672510994412149ed8be92cb8e1b022f646
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 14:22:28 +0000 (16:22 +0200)]
App class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-627
Change-Id: I827f99ef75c6af3f9881fe68f1cb245795ba2734
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 14:15:00 +0000 (16:15 +0200)]
FunctionalMenuItem DB constraints fix
Add @Digits to secure Long type fields
Issue-ID: PORTAL-626
Change-Id: I59080c9103369d96a42c574356f0635265335d0a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 13 Jun 2019 13:57:48 +0000 (15:57 +0200)]
FunctionalMenuItem DB constraints add
Java Bean Validation SR 380 annotations added to classes
Unnecessary boxing removed.
Issue-ID: PORTAL-626
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ic1c20870fd781d46061077fd14b81a65dea93e6e
Welch, Lorraine (lb2391) [Tue, 11 Jun 2019 18:14:22 +0000 (14:14 -0400)]
Updated Dublin Release Notes
Issue-ID: PORTAL-592
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I4d1e7e8bd83ed2adb7df25ccf4c694b1c81ef879
r.bogacki [Thu, 23 May 2019 12:59:56 +0000 (14:59 +0200)]
Sonar critical fixes in MicroserviceServiceImpl
Fixed critical issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.
Issue-ID: PORTAL-591
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Icc2b6fb45777582486e1060245cdf94e4f6d685d
r.bogacki [Thu, 23 May 2019 11:12:04 +0000 (13:12 +0200)]
Sonar fix: make "dateFormat" an instance variable
Fixed critical Sonar issue. SimpleDateFormat was declared as a static
but it is not tread-safe and it keeps an internal state.
Compliant solution has been applied with additional DateUtil class.
Issue-ID: PORTAL-590
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ic6243052804a410cb750c6c219c702469c86ff78
r.bogacki [Thu, 23 May 2019 07:00:28 +0000 (09:00 +0200)]
Sonar critical fixes in EPAppCommonServiceImpl
Fixed issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.
-Fixed comparisons between unrelated types.
Issue-ID: PORTAL-588
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ibc204e0218788bb82f947c668d68fb6e88db7043
Welch, Lorraine (lb2391) [Fri, 7 Jun 2019 19:18:47 +0000 (15:18 -0400)]
Added lorraineawelch to INFO.yaml
Issue-ID: PORTAL-618
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I3d7f57c8cc20347f8adeefbada2eaffde0940262
Dominik Mizyn [Wed, 5 Jun 2019 14:24:35 +0000 (16:24 +0200)]
XSS Vulnerability fix in DashboardSearchResultController
Custom Validator is used to secure this endpoints.
Issue-ID: OJSI-15
Change-Id: Idf523a53bc5fe9e1df8110526d56336953759c86
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Wed, 5 Jun 2019 13:43:02 +0000 (15:43 +0200)]
Custom data validator
By creating custom data validator we can reduce code duplications.
Issue-ID: OJSI-15
Change-Id: I39decf1d6ded559322c4445f0956fad2a159878d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 31 May 2019 13:35:38 +0000 (15:35 +0200)]
XSS Vulnerability fix in TicketEventController
@SafeHtml and SecureString used to fix this issue;
Issue-ID: OJSI-209
Change-Id: I588872839696c824135bab88c100b31c23d960ba
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 31 May 2019 13:23:46 +0000 (15:23 +0200)]
XSS Vulnerability fix in RoleManageController
@SafeHtml and SecureString used to secure this class
Issue-ID: OJSI-208
Change-Id: Ie01799933add3419cacf0fc716ce2da6da0a2853
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Fri, 31 May 2019 06:55:42 +0000 (08:55 +0200)]
XSS Vulnerability fix in AppsOSController
SecureString class used to secure PathVariable.
Issue-ID: OJSI-207
Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Manoop Talasila [Thu, 30 May 2019 14:46:41 +0000 (14:46 +0000)]
Merge changes I1c586793,I47249407,Idad22dea,I5c3bee06,I5cb96956
* changes:
Document OJSI-190 vulnerability
Document OJSI-174 (CVE-2019-12318) vulnerability
Document OJSI-92 (CVE-2019-12121) vulnerability
Document OJSI-65 (CVE-2019-1212) vulnerability
Document OJSI-15 (CVE-2019-12317) vulnerability
Manoop Talasila [Thu, 30 May 2019 14:44:42 +0000 (14:44 +0000)]
Merge "Don't give the user the exact stack trace of the exception"
Manoop Talasila [Thu, 30 May 2019 14:43:06 +0000 (14:43 +0000)]
Merge "Don't give user the exact exception description"
Krzysztof Opasiak [Thu, 30 May 2019 13:29:12 +0000 (15:29 +0200)]
Document OJSI-190 vulnerability
Issue-ID: OJSI-190
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I1c586793b744a5807e7b1a7a1d416dfd43409ab0
Krzysztof Opasiak [Thu, 30 May 2019 13:28:06 +0000 (15:28 +0200)]
Document OJSI-174 (CVE-2019-12318) vulnerability
Issue-ID: OJSI-174
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I47249407ccb62ca7ffd1d8edc9ada8793f4c53c9
Krzysztof Opasiak [Thu, 30 May 2019 13:27:27 +0000 (15:27 +0200)]
Document OJSI-92 (CVE-2019-12121) vulnerability
Issue-ID: OJSI-92
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361
Krzysztof Opasiak [Thu, 30 May 2019 13:26:40 +0000 (15:26 +0200)]
Document OJSI-65 (CVE-2019-1212) vulnerability
Issue-ID: OJSI-65
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5c3bee06c2b1da3eca2bb583c57decb35b0f32c0
Krzysztof Opasiak [Thu, 30 May 2019 13:25:46 +0000 (15:25 +0200)]
Document OJSI-15 (CVE-2019-12317) vulnerability
Issue-ID: OJSI-15
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5cb96956f25e09a390ef24a52f6222c0cc7b9e94
Dominik Mizyn [Thu, 30 May 2019 13:29:24 +0000 (15:29 +0200)]
XSS Vulnerability fix in AppsControllerExternalRequest
@SafeHtml annotation is used to fix this problem.
This patch also fix some minor issues:
* isAuxRESTfulCall() method delete. Method was nowhere used.
* '.length() == 0' changed to '.isEmpty()'
Issue-ID: PORTAL-604
Change-Id: Ib7091622081f507812654b50275ad7ac4c97bfc3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 30 May 2019 10:59:24 +0000 (12:59 +0200)]
Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl
This patch also fix some minor issues:
* 'fori' loop replaced with 'foreach'
* Sonar issue: Replace the type specification in this constructor call
with the diamond operator ("<>").
* redundant 'throws'. Exception will never throw
* unnecessary temporary local variable
Issue-ID: PORTAL-603
Change-Id: If23afb9f4a10f0ad06c712cb95a38b54dc5cd089
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 30 May 2019 09:52:03 +0000 (11:52 +0200)]
XSS Vulnerability fix in MicroserviceController
@SafeHtml annotation is used to fix this problem.
This commit also fix:
* redundant local variable issue
* sonar issue: Replace the type specification in this constructor call with
the diamond operator ("<>").
* performance issue - String concatenation argument as argument
to 'StringBuilder.append()' call
* redundant cast
* redundant 'throws Exception'. 'Exception' is never thrown
* access static member via instance reference
* unused declarations
Issue-ID: PORTAL-602
Change-Id: Id92fe2d9cfe239474403f611f3d5d0170acf63cc
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 30 May 2019 08:47:56 +0000 (10:47 +0200)]
XSS Vulnerability fix in DashboardSearchResultController
@SafeHtml annotation is used to fix this problem.
New class 'SecureString' must be added to project to valid incoming Strings
from '@RequestParam String incoming String'
pom.xml file update.
This patch also fix:
* remove unnecessary semicolon
* Sonar issue: Replace the type specification in this constructor call with
the diamond operator ("<>")
Issue-ID: PORTAL-601
Change-Id: Id214b6e65f0c486141679fd23725a7fb66443acd
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Mizyn [Thu, 30 May 2019 07:12:24 +0000 (09:12 +0200)]
Fix sonar issue: Override "equals(Object obj)"
This commit provide equals method for CentralV2UserApp and test for this method.
Issue-ID: PORTAL-599
Change-Id: Ied44c680032831ec6a02211f658ec16f0aad8f4a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Dominik Orliński [Tue, 30 Apr 2019 09:29:06 +0000 (11:29 +0200)]
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Add new test for function 'createLocalUserIfNecessary'.
Issue-ID: OJSI-174
Change-Id: Iddd65893bb2cb16c90d4f8db59816fdf261874bc
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Dominik Mizyn [Wed, 29 May 2019 10:22:27 +0000 (12:22 +0200)]
Sonar: Reduce cyclomatic complexity
Reduce the number of conditional operators for equals(). Improve
testEquals() to better cover this method.
This patch also:
* immediately returns expression instead of assigning it to the
temporary variable "str",
* adds the "@Override" annotation above equals() method signature.
Issue-ID: PORTAL-595
Change-Id: I15f600acce873eb3f22cc405d06a50890c7e87c3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Piotr Borelowski [Wed, 29 May 2019 08:47:15 +0000 (10:47 +0200)]
Don't give the user the exact stack trace of the exception
Catching the exception in the SecurityXssFilter class.
Issue-ID: OJSI-192
Change-Id: I8d9d7a3032f98afcb58285b13b13d5ce35fddadd
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Manoop Talasila [Tue, 28 May 2019 18:25:02 +0000 (18:25 +0000)]
Merge "Removed user password from portal's profile API"
Piotr Borelowski [Fri, 10 May 2019 10:23:48 +0000 (12:23 +0200)]
Don't give user the exact exception description
The exact description of the exception especially if related to
cryptography cannot be given to the user as it may be abused by the
attacker.
To fix that, we started to use @ExceptionHandler for all exceptions
in the LoginController as well.
CVE: CVE-2019-12121
Issue-ID: OJSI-92
Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
r.bogacki [Wed, 22 May 2019 10:27:53 +0000 (12:27 +0200)]
Removed user password from portal's profile API
ONAP Portal allowed to retrieve password of currently active user via
"/portalApi/loggedinUser" endpoint. Prefilled "Login Password" field
has been changed to "*****" and password is not send anymore to the
frontend. Only after change of this default value
password will be updated. Confirm Password field has been removed
from the UI. In the future password change could be additionally also
checked on the backend side to verify current password
before updating it.
Issue-ID: OJSI-65
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
Change-Id: I00b7713557247d211927c437f31f118095ad0726
Krzysztof Opasiak [Fri, 24 May 2019 21:45:52 +0000 (23:45 +0200)]
Document OJSI-106 vulnerability
Issue-ID: OJSI-106
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I549009cf3c313b0f5307b99ce22b56243e933f8f
Krzysztof Opasiak [Fri, 24 May 2019 21:45:05 +0000 (23:45 +0200)]
Document OJSI-105 vulnerability
Issue-ID: OJSI-105
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I8c3a00ce98886f7175e5cf85f09309bd50ef702c
Krzysztof Opasiak [Fri, 24 May 2019 21:40:34 +0000 (23:40 +0200)]
Document OJSI-97 vulnerability
Issue-ID: OJSI-97
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I56d194918b91580d5d9f6b25e564923fe29c51f3
Krzysztof Opasiak [Fri, 24 May 2019 21:30:00 +0000 (23:30 +0200)]
Improve security release notes
In order to provide users with more details of project's state in
terms of security let's divide the security release notes into three
sections:
- Fixed Security Issues
Contains a list of security fixes merged during this
release (especially those reported via OJSI tickets).
- Known Security Issues
Contains a list of vulnerabilities detected in project during
release which have not been fixed yet and thus should be mitigated
by the user.
- Known Vulnerabilities in Used Modules
Contains information about NexusIQ scan results
Issue-ID: SECCOM-238
Change-Id: Ief8825c38c7723c26e8c7e10a6a13f4b8f9c169d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Welch, Lorraine (lb2391) [Thu, 23 May 2019 21:45:27 +0000 (17:45 -0400)]
Dublin Release Notes for Portal
Issue-ID: PORTAL-592
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I93a2ff82f52f709d12bfa92c0d14859d2298b6a1
shentao999 [Thu, 23 May 2019 11:16:23 +0000 (19:16 +0800)]
Change default character to utf8 for portal db
Change-Id: I6a1bb2f1b6b501662c7ae2ca902c3d61c7534125
Issue-ID: PORTAL-565
Signed-off-by: shentao999 <shentao@chinamobile.com>
Manoop Talasila [Fri, 10 May 2019 12:29:46 +0000 (12:29 +0000)]
Merge "Added Functional Menu Entries, del bad thumbnail"
Manoop Talasila [Thu, 9 May 2019 00:29:46 +0000 (00:29 +0000)]
Merge "Revert "Update oparent version""
Sunder Tattavarada [Wed, 8 May 2019 18:01:10 +0000 (18:01 +0000)]
Revert "Update oparent version"
Issue-ID: PORTAL-571
This reverts commit
64c7491aa9208ed3024b81ab78a73751c1cc859e.
Change-Id: I72fefbceccea7d723d02e0b38efebf9aafc7018e
Signed-off-by: statta <statta@research.att.com>
statta [Fri, 3 May 2019 16:03:08 +0000 (12:03 -0400)]
Update version text
Issue-ID: PORTAL-557
Change-Id: Id3feb4f800d6593c373efd5a35b6f19e4ddc7044
Signed-off-by: statta <statta@research.att.com>
Welch, Lorraine (lb2391) [Thu, 2 May 2019 20:38:47 +0000 (16:38 -0400)]
Added Functional Menu Entries, del bad thumbnail
Issue-ID: PORTAL-515
Change-Id: Ibac6ae65fc4df39a7bab2a98946d664bf47413b8
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Manoop Talasila [Thu, 2 May 2019 17:28:35 +0000 (17:28 +0000)]
Merge "Fix Sonar Bugs NullPointers"
k.kazak [Thu, 2 May 2019 16:07:46 +0000 (18:07 +0200)]
Fix Sonar Bugs NullPointers
Fix Sonar bugs - potential NullPointerException in portal-BE-common:
ExternalAppsRestfulController and ApplicationRestClientServiceImpl
Changed Tests for updated method in ExternalAppsRestfulController
Added new test
Formatted according to ONAP formatting guidelines
Change-Id: I7c0587127e32ba3f06a138a0b4b2526fa10ea1f6
Issue-ID: PORTAL-556
Signed-off-by: k.kazak <k.kazak@samsung.com>
Code Review / portal.git / log