gerrit.onap Code Review - portal.git/log

XSS Vulnerability fix in PortalAdminController

Custom data validator used to fix this issue.

Issue-ID: OJSI-15
Change-Id: I224887d31e4e2d7301544194ef44ba38e66e047d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Wed, 3 Jul 2019 13:25:01 +0000 (15:25 +0200)]

AuthUtil method isAccessAllowed() argument change

Change argument length to match argument length from to sdk version.

Issue-ID: PORTAL-656
Change-Id: I6fe28800e0baccaab43419d3aa0d8c43b1ebe771
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Mon, 1 Jul 2019 10:08:24 +0000 (12:08 +0200)]

LanguageServiceImpl logging vulnerability fix

Sonar issue: "Use a logger to log this exception" fix
This patch also minor code issues

Issue-ID: PORTAL-622
Change-Id: I304285ca7837bcf929249f7c6b93b6de9cf8fae5
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Mon, 1 Jul 2019 09:52:31 +0000 (11:52 +0200)]

EPAppServiceImpl class fix.

Sonar issues fix:
Remove this unused "logger" private field.
Remove this unused "syncRests" private field.

unused imports delete and unneeded fields initialization fix.
StringBuilder performance fix.

Issue-ID: PORTAL-620
Change-Id: Ibd1cf732b216594b47801767d0a98e59b0aba200
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Orliński [Mon, 17 Jun 2019 09:53:27 +0000 (11:53 +0200)]

Fix sql injection vulnerability

Use a variable binding instead of concatenation.

Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: Ia655ccf79800c132b3ac466016b8fdfd9f9c27bd

commit | commitdiff | tree

Dominik Orliński [Mon, 17 Jun 2019 09:53:25 +0000 (11:53 +0200)]

commit | commitdiff | tree

Dominik Orliński [Mon, 17 Jun 2019 09:53:22 +0000 (11:53 +0200)]

commit | commitdiff | tree

Dominik Mizyn [Fri, 21 Jun 2019 11:07:43 +0000 (13:07 +0200)]

PeerBroadcastSocket sonar issues fix and code refactor

Sonar issues fix and code refactor.
Session data save moved to another method.
Rest of code don't really do anything.

Issue-ID: PORTAL-624
Change-Id: I53b36377f2d2645d8c24ad2384959f0599e07303
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 21 Jun 2019 10:27:38 +0000 (12:27 +0200)]

ONAPWelcomeController sonar issue fix

String viewName and getter/setter can be romoved from his class.
ONAPWelcomeController Overrides this field 1 to 1.

Issue-ID: PORTAL-652
Change-Id: Idbb41f52a63c6ea681f6ba7753991d766849e3a2
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 21 Jun 2019 10:12:06 +0000 (12:12 +0200)]

ONAPLoginController sonar issues fix.

Sonar issues fix plus @Autowired in constructor not in fields.

Issue-ID: PORTAL-651
Change-Id: I99329b986877d040c6fdda9daf42a5c501a39605
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 21 Jun 2019 09:49:41 +0000 (11:49 +0200)]

SimpleLoginStrategy sonar issues fix

"Either remove or fill this block of code."
"Move the "" string literal on the left side of this string comparison."
"Define and throw a dedicated exception instead of using a generic one."

Issue-ID: PORTAL-650
Change-Id: I92018287a6f585020f0ae6f042b1bb1de84a5e14
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 21 Jun 2019 09:31:35 +0000 (11:31 +0200)]

OpenIdConnectLoginStrategy sonar issues fix

Redundant suppression("rawtypes") removed.
Sonar issue:
Move the "" string literal on the left side of this string comparison.
Define and throw a dedicated exception instead of using a generic one.

Issue-ID: PORTAL-649
Change-Id: Ia2c80ad4848c22c94a2db731425250784d382841
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Orliński [Mon, 17 Jun 2019 09:53:35 +0000 (11:53 +0200)]

commit | commitdiff | tree

Dominik Orliński [Mon, 17 Jun 2019 09:53:38 +0000 (11:53 +0200)]

Fix sql injection vulnerability

Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.

Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: Ia75da49ed582836a47b5fdcddab62fbe02e36e72

commit | commitdiff | tree

Sunder Tattavarada [Tue, 18 Jun 2019 16:04:36 +0000 (16:04 +0000)]

Merge "Fix sql injection vulnerability"

commit | commitdiff | tree

Sunder Tattavarada [Tue, 18 Jun 2019 16:04:28 +0000 (16:04 +0000)]

Merge "Fix sql injection vulnerability"

commit | commitdiff | tree

Sunder Tattavarada [Tue, 18 Jun 2019 16:04:19 +0000 (16:04 +0000)]

Merge "Fix sql injection vulnerability"

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 13:10:48 +0000 (15:10 +0200)]

WebAnalyticsExtAppController sonar issues

- Rename this local variable to match the regular expression
- Make this anonymous inner class a lambda.
- Immediately return this expression instead of assigning it to
the temporary variable "response".
- Move the "" string literal on the left side of this string comparison.
- Replace the type specification in this constructor call
with the diamond operator ("<>").

Issue-ID: PORTAL-648
Change-Id: I1666d94dccbbe8aa835ea9a443a9973a245353f4
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 12:46:23 +0000 (14:46 +0200)]

HealthMonitor sonar issues

Remove this unused "numIntervalsClusterNotHealthy" local variable.
Use "Long.parseLong" for this string-to-long conversion.
Make the enclosing method "static" or remove this set.
Change this instance-reference to a static reference.
Remove the literal "false" boolean value.
This block of commented-out lines of code should be removed.
Add the "@Override" annotation above this method signature

Issue-ID: PORTAL-647
Change-Id: I1880177f0906e6267807bbb9c0b7a81651e3c020
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 11:57:55 +0000 (13:57 +0200)]

EPLdapService sonar issue fix

Annotate the interface with the @FunctionalInterface annotation.

Issue-ID: PORTAL-646
Change-Id: Idc6c70b9edaed73024721a3bc8c91796a0df9183
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 11:50:01 +0000 (13:50 +0200)]

AppWithRolesForUser sonar security issue

I used Lombok annotation to provide accessors.

Issue-ID: PORTAL-645
Change-Id: Iad852434f30b81535398913df162fa8f4bd1ecff
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 09:17:30 +0000 (11:17 +0200)]

SharedContext class DB constraints

Java Bean Validation SR 380 annotations added to classes
Getter, Setter changed to lombok annotation

Issue-ID: PORTAL-643
Change-Id: I690665b97e431de50750d5a497afcf0cc2efa065
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 09:14:38 +0000 (11:14 +0200)]

FunctionalMenuRole class DB constraints

Java Bean Validation SR 380 annotations added to classes
Getter, Setter, hashCode, equals changed to lombok annotation

Issue-ID: PORTAL-642
Change-Id: I666b0245add8e97f490d991701f548c0cd128cb6
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 08:46:13 +0000 (10:46 +0200)]

PortalAdmin class DB constraints

Java Bean Validation SR 380 annotations added to classes
Getter/Setter changed into lombok annotation

Issue-ID: PORTAL-641
Change-Id: I98909f4a82372f110aa42452476fb85c9bccbf3a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 08:44:10 +0000 (10:44 +0200)]

FavoritesFunctionalMenuItemJson class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-640
Change-Id: I5080e848de12669db9cdd24afe86510dcd82c3e2
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 07:29:11 +0000 (09:29 +0200)]

EpNotificationItem class DB constraints

Java Bean Validation SR 380 annotations added to classes
Unnecessary getter/setter, hashCode/equals changed to lombok annotation

Issue-ID: PORTAL-639
Change-Id: I58a6c734446fa10499feb7e4f1cef57dfd9e66b0
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 07:24:16 +0000 (09:24 +0200)]

EpRoleNotificationItem class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-638
Change-Id: I035ad9703f25cc87567700f66c3649ca53aee2df
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Tue, 18 Jun 2019 07:15:39 +0000 (09:15 +0200)]

CommonWidget class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-637
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: I64741f835deb8aed14ad8d716d21bb4c1901b55f

commit | commitdiff | tree

Sunder Tattavarada [Mon, 17 Jun 2019 21:25:21 +0000 (21:25 +0000)]

Merge "PortalAdminUserRole class DB constraints"

commit | commitdiff | tree

Sunder Tattavarada [Mon, 17 Jun 2019 21:24:57 +0000 (21:24 +0000)]

Merge "MicroserviceParameter class DB constraints"

commit | commitdiff | tree

Sunder Tattavarada [Mon, 17 Jun 2019 21:24:30 +0000 (21:24 +0000)]

Merge "MicroserviceDataApp class DB constraints"

commit | commitdiff | tree

Lorraine Welch [Mon, 17 Jun 2019 21:20:46 +0000 (21:20 +0000)]

Merge "Application Onboarding page changes "

commit | commitdiff | tree

Kotta, Shireesha (sk434m) [Thu, 13 Jun 2019 18:41:15 +0000 (14:41 -0400)]

Application Onboarding page changes

Issue-ID: PORTAL-644

Application Onboarding page changes , DB scripts

Change-Id: Id689e15f5abd56192420e6761440659531108ab4
Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>

commit | commitdiff | tree

Sunder Tattavarada [Mon, 17 Jun 2019 15:51:58 +0000 (15:51 +0000)]

Merge "Sonar: Reduce cyclomatic complexity"

commit | commitdiff | tree

Dominik Orliński [Mon, 17 Jun 2019 09:53:33 +0000 (11:53 +0200)]

commit | commitdiff | tree

Dominik Orliński [Tue, 30 Apr 2019 09:46:19 +0000 (11:46 +0200)]

commit | commitdiff | tree

Dominik Orliński [Tue, 30 Apr 2019 09:44:27 +0000 (11:44 +0200)]

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:33:20 +0000 (17:33 +0000)]

Merge "WidgetFileApp class DB constraints"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:31:05 +0000 (17:31 +0000)]

Merge "FavoritesFunctionalMenuItem class DB constraints"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:30:28 +0000 (17:30 +0000)]

Merge "WidgetCatalog class DB constraints"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:22:54 +0000 (17:22 +0000)]

Merge "Change default character to utf8 for portal db"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:19:57 +0000 (17:19 +0000)]

Merge "Sonar critical fixes in MicroserviceServiceImpl"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:17:37 +0000 (17:17 +0000)]

Merge "Sonar fix: make "dateFormat" an instance variable"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:12:45 +0000 (17:12 +0000)]

Merge "Sonar critical fixes in EPAppCommonServiceImpl"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:10:28 +0000 (17:10 +0000)]

Merge "RoleApp class DB constraints"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:09:31 +0000 (17:09 +0000)]

Merge "App class DB constraints"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:07:18 +0000 (17:07 +0000)]

Merge "FunctionalMenuItem DB constraints fix"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 17:05:22 +0000 (17:05 +0000)]

Merge "FunctionalMenuItem DB constraints add"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:18:10 +0000 (16:18 +0000)]

Merge "XSS Vulnerability fix in DashboardSearchResultController"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:17:07 +0000 (16:17 +0000)]

Merge "Custom data validator"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:14:23 +0000 (16:14 +0000)]

Merge "XSS Vulnerability fix in TicketEventController"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:13:15 +0000 (16:13 +0000)]

Merge "XSS Vulnerability fix in RoleManageController"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:12:15 +0000 (16:12 +0000)]

Merge "Fix sql injection vulnerability"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:07:42 +0000 (16:07 +0000)]

Merge "XSS Vulnerability fix in AppsOSController"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:03:32 +0000 (16:03 +0000)]

Merge "XSS Vulnerability fix in AppsControllerExternalRequest"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 16:00:26 +0000 (16:00 +0000)]

Merge "Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 15:58:40 +0000 (15:58 +0000)]

Merge "XSS Vulnerability fix in MicroserviceController"

commit | commitdiff | tree

Sunder Tattavarada [Fri, 14 Jun 2019 15:49:21 +0000 (15:49 +0000)]

Merge "XSS Vulnerability fix in DashboardSearchResultController"

commit | commitdiff | tree

Dominik Mizyn [Fri, 14 Jun 2019 09:50:04 +0000 (11:50 +0200)]

PortalAdminUserRole class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-636
Change-Id: I8fb4f50e672e17b9e169303eb09255fe57288b45
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 14 Jun 2019 09:43:33 +0000 (11:43 +0200)]

MicroserviceParameter class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-635
Change-Id: Idcca0d46d1779d5fae874aff38cfd7f59f73c9b0
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 14 Jun 2019 09:36:33 +0000 (11:36 +0200)]

MicroserviceDataApp class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-634
Change-Id: Ife3b0116b986d52fd17612937b2a74fa76062ed9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 14 Jun 2019 09:28:52 +0000 (11:28 +0200)]

WidgetFileApp class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-633
Change-Id: Id7b45dedafe2e5f9e799a93d219baef46c88d124
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 14 Jun 2019 09:20:23 +0000 (11:20 +0200)]

FavoritesFunctionalMenuItem class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-632
Change-Id: Ia7c2f4ad0aa5cc85db73142d0fecd46da535c3d9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Sunder Tattavarada [Thu, 13 Jun 2019 21:40:49 +0000 (21:40 +0000)]

Merge "Fix sonar issue: Override "equals(Object obj)""

commit | commitdiff | tree

Dominik Mizyn [Thu, 13 Jun 2019 15:10:22 +0000 (17:10 +0200)]

WidgetCatalog class DB constraints

Java Bean Validation SR 380 annotations added to classes
Plains getter/setter converted to lombok annotation

Issue-ID: PORTAL-630
Change-Id: Id866ec4bc0dc428adfbb7cdc64fe15f7faf837f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Thu, 13 Jun 2019 15:03:08 +0000 (17:03 +0200)]

RoleApp class DB constraints

Java Bean Validation SR 380 annotations added to classes
Lombod added to widget-ms
Plains getter/setter converted to lombok annotation

Issue-ID: PORTAL-629
Change-Id: I31639672510994412149ed8be92cb8e1b022f646
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Thu, 13 Jun 2019 14:22:28 +0000 (16:22 +0200)]

App class DB constraints

Java Bean Validation SR 380 annotations added to classes

Issue-ID: PORTAL-627
Change-Id: I827f99ef75c6af3f9881fe68f1cb245795ba2734
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Thu, 13 Jun 2019 14:15:00 +0000 (16:15 +0200)]

FunctionalMenuItem DB constraints fix

Add @Digits to secure Long type fields

Issue-ID: PORTAL-626
Change-Id: I59080c9103369d96a42c574356f0635265335d0a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Thu, 13 Jun 2019 13:57:48 +0000 (15:57 +0200)]

FunctionalMenuItem DB constraints add

Java Bean Validation SR 380 annotations added to classes
Unnecessary boxing removed.

Issue-ID: PORTAL-626
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ic1c20870fd781d46061077fd14b81a65dea93e6e

commit | commitdiff | tree

Dominik Mizyn [Wed, 12 Jun 2019 11:55:33 +0000 (13:55 +0200)]

ExtractJar sonar issues fix

This path try resolve some sonar issues.
More details on jira

Issue-ID: PORTAL-623
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: I085390f4b7841fd3e4c7f218cc68bf67960e5598

commit | commitdiff | tree

Welch, Lorraine (lb2391) [Tue, 11 Jun 2019 18:14:22 +0000 (14:14 -0400)]

Updated Dublin Release Notes

Issue-ID: PORTAL-592

Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I4d1e7e8bd83ed2adb7df25ccf4c694b1c81ef879

commit | commitdiff | tree

r.bogacki [Thu, 23 May 2019 12:59:56 +0000 (14:59 +0200)]

Sonar critical fixes in MicroserviceServiceImpl

Fixed critical issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.

Issue-ID: PORTAL-591
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Icc2b6fb45777582486e1060245cdf94e4f6d685d

commit | commitdiff | tree

r.bogacki [Thu, 23 May 2019 11:12:04 +0000 (13:12 +0200)]

Sonar fix: make "dateFormat" an instance variable

Fixed critical Sonar issue. SimpleDateFormat was declared as a static
but it is not tread-safe and it keeps an internal state.
Compliant solution has been applied with additional DateUtil class.

Issue-ID: PORTAL-590
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ic6243052804a410cb750c6c219c702469c86ff78

commit | commitdiff | tree

r.bogacki [Thu, 23 May 2019 07:00:28 +0000 (09:00 +0200)]

Sonar critical fixes in EPAppCommonServiceImpl

Fixed issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.
-Fixed comparisons between unrelated types.

Issue-ID: PORTAL-588
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ibc204e0218788bb82f947c668d68fb6e88db7043

commit | commitdiff | tree

Welch, Lorraine (lb2391) [Fri, 7 Jun 2019 19:18:47 +0000 (15:18 -0400)]

Added lorraineawelch to INFO.yaml

Issue-ID: PORTAL-618

Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I3d7f57c8cc20347f8adeefbada2eaffde0940262

commit | commitdiff | tree

Dominik Mizyn [Wed, 5 Jun 2019 14:24:35 +0000 (16:24 +0200)]

XSS Vulnerability fix in DashboardSearchResultController

Custom Validator is used to secure this endpoints.

Issue-ID: OJSI-15
Change-Id: Idf523a53bc5fe9e1df8110526d56336953759c86
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Wed, 5 Jun 2019 13:43:02 +0000 (15:43 +0200)]

Custom data validator

By creating custom data validator we can reduce code duplications.

Issue-ID: OJSI-15
Change-Id: I39decf1d6ded559322c4445f0956fad2a159878d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 31 May 2019 13:35:38 +0000 (15:35 +0200)]

XSS Vulnerability fix in TicketEventController

@SafeHtml and SecureString used to fix this issue;

Issue-ID: OJSI-209
Change-Id: I588872839696c824135bab88c100b31c23d960ba
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 31 May 2019 13:23:46 +0000 (15:23 +0200)]

XSS Vulnerability fix in RoleManageController

@SafeHtml and SecureString used to secure this class

Issue-ID: OJSI-208
Change-Id: Ie01799933add3419cacf0fc716ce2da6da0a2853
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Fri, 31 May 2019 06:55:42 +0000 (08:55 +0200)]

XSS Vulnerability fix in AppsOSController

SecureString class used to secure PathVariable.

Issue-ID: OJSI-207
Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Manoop Talasila [Thu, 30 May 2019 14:46:41 +0000 (14:46 +0000)]

Merge changes I1c586793,I47249407,Idad22dea,I5c3bee06,I5cb96956

* changes:
  Document OJSI-190 vulnerability
  Document OJSI-174 (CVE-2019-12318) vulnerability
  Document OJSI-92 (CVE-2019-12121) vulnerability
  Document OJSI-65 (CVE-2019-1212) vulnerability
  Document OJSI-15 (CVE-2019-12317) vulnerability

commit | commitdiff | tree

Manoop Talasila [Thu, 30 May 2019 14:44:42 +0000 (14:44 +0000)]

Merge "Don't give the user the exact stack trace of the exception"

commit | commitdiff | tree

Manoop Talasila [Thu, 30 May 2019 14:43:06 +0000 (14:43 +0000)]

Merge "Don't give user the exact exception description"

commit | commitdiff | tree

Krzysztof Opasiak [Thu, 30 May 2019 13:29:12 +0000 (15:29 +0200)]

Document OJSI-190 vulnerability

Issue-ID: OJSI-190
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I1c586793b744a5807e7b1a7a1d416dfd43409ab0

commit | commitdiff | tree

Krzysztof Opasiak [Thu, 30 May 2019 13:28:06 +0000 (15:28 +0200)]

Document OJSI-174 (CVE-2019-12318) vulnerability

Issue-ID: OJSI-174
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I47249407ccb62ca7ffd1d8edc9ada8793f4c53c9

commit | commitdiff | tree

Krzysztof Opasiak [Thu, 30 May 2019 13:27:27 +0000 (15:27 +0200)]

Document OJSI-92 (CVE-2019-12121) vulnerability

Issue-ID: OJSI-92
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361

commit | commitdiff | tree

Krzysztof Opasiak [Thu, 30 May 2019 13:26:40 +0000 (15:26 +0200)]

Document OJSI-65 (CVE-2019-1212) vulnerability

Issue-ID: OJSI-65
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5c3bee06c2b1da3eca2bb583c57decb35b0f32c0

commit | commitdiff | tree

Krzysztof Opasiak [Thu, 30 May 2019 13:25:46 +0000 (15:25 +0200)]

Document OJSI-15 (CVE-2019-12317) vulnerability

Issue-ID: OJSI-15
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5cb96956f25e09a390ef24a52f6222c0cc7b9e94

commit | commitdiff | tree

Dominik Mizyn [Thu, 30 May 2019 13:29:24 +0000 (15:29 +0200)]

XSS Vulnerability fix in AppsControllerExternalRequest

@SafeHtml annotation is used to fix this problem.

This patch also fix some minor issues:
* isAuxRESTfulCall() method delete. Method was nowhere used.
* '.length() == 0' changed to '.isEmpty()'

Issue-ID: PORTAL-604
Change-Id: Ib7091622081f507812654b50275ad7ac4c97bfc3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

commit | commitdiff | tree

Dominik Mizyn [Thu, 30 May 2019 10:59:24 +0000 (12:59 +0200)]

Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl

This patch also fix some minor issues:
* 'fori' loop replaced with 'foreach'
* Sonar issue: Replace the type specification in this constructor call
with the diamond operator ("<>").
* redundant 'throws'. Exception will never throw
* unnecessary temporary local variable

Issue-ID: PORTAL-603
Change-Id: If23afb9f4a10f0ad06c712cb95a38b54dc5cd089
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

ARCHIVED- 2022-02-15 at the request of the project

RSS Atom