From 69b62388c2347e3f36552803305dfd71f4358636 Mon Sep 17 00:00:00 2001
From: Dominik Mizyn <d.mizyn@samsung.com>
Date: Fri, 12 Jul 2019 15:32:57 +0200
Subject: [PATCH] Unused classes delete from Portal

These classes are unused anywhere in the Portal project.

Issue-ID: PORTAL-655
Change-Id: If92d0df0efb0b5120190a44c46b2fed31ba32b89
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
---
 .../onap/portalapp/filter/SecurityXssFilter.java   | 185 ------------------
 .../portalapp/filter/SecurityXssValidator.java     | 207 ---------------------
 .../portalapp/filter/SecurityXssValidatorTest.java | 122 ------------
 3 files changed, 514 deletions(-)
 delete mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
 delete mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java
 delete mode 100644 ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
deleted file mode 100644
index 703019f9..00000000
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal
- * ===================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (c) 2019 Samsung
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * 
- */
-
-package org.onap.portalapp.filter;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
-import java.util.Enumeration;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.http.HttpStatus;
-import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.springframework.web.filter.OncePerRequestFilter;
-
-public class SecurityXssFilter extends OncePerRequestFilter {
-
-	private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
-
-	private static final String APPLICATION_JSON = "application/json";
-
-	private static final String ERROR_BAD_REQUEST = "{\"error\":\"BAD_REQUEST\"}";
-
-	private SecurityXssValidator validator = SecurityXssValidator.getInstance();
-
-	public class RequestWrapper extends HttpServletRequestWrapper {
-
-		private ByteArrayOutputStream cachedBytes;
-
-		public RequestWrapper(HttpServletRequest request) {
-			super(request);
-		}
-
-		@Override
-		public ServletInputStream getInputStream() throws IOException {
-			if (cachedBytes == null)
-				cacheInputStream();
-
-			return new CachedServletInputStream();
-		}
-
-		@Override
-		public BufferedReader getReader() throws IOException {
-			return new BufferedReader(new InputStreamReader(getInputStream()));
-		}
-
-		private void cacheInputStream() throws IOException {
-			cachedBytes = new ByteArrayOutputStream();
-			IOUtils.copy(super.getInputStream(), cachedBytes);
-		}
-
-		public class CachedServletInputStream extends ServletInputStream {
-			private ByteArrayInputStream input;
-
-			public CachedServletInputStream() {
-				input = new ByteArrayInputStream(cachedBytes.toByteArray());
-			}
-
-			@Override
-			public int read() throws IOException {
-				return input.read();
-			}
-
-			@Override
-			public boolean isFinished() {
-				return false;
-			}
-
-			@Override
-			public boolean isReady() {
-				return false;
-			}
-
-			@Override
-			public void setReadListener(ReadListener readListener) {
-				// do nothing
-			}
-		}
-	}
-
-	@Override
-	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-			throws IOException {
-		StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
-		String queryString = request.getQueryString();
-		String requestUrl;
-
-		if (queryString == null) {
-			requestUrl = requestURL.toString();
-		} else {
-			requestUrl = requestURL.append('?').append(queryString).toString();
-		}
-
-		validateRequest(requestUrl, response);
-		StringBuilder headerValues = new StringBuilder();
-		Enumeration<String> headerNames = request.getHeaderNames();
-
-		while (headerNames.hasMoreElements()) {
-			String key = headerNames.nextElement();
-			String value = request.getHeader(key);
-			headerValues.append(value);
-		}
-
-		validateRequest(headerValues.toString(), response);
-
-		if (validateRequestType(request)) {
-			request = new RequestWrapper(request);
-			String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
-			validateRequest(requestData, response);
-		}
-
-		try {
-			filterChain.doFilter(request, response);
-		} catch (Exception e) {
-			sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
-			response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request");
-		}
-	}
-
-	private boolean validateRequestType(HttpServletRequest request) {
-		return (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT")
-				|| request.getMethod().equalsIgnoreCase("DELETE"));
-	}
-	
-	private void validateRequest(String text, HttpServletResponse response) throws IOException {
-		try {
-			if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) {
-				response.setContentType(APPLICATION_JSON);
-				response.setStatus(HttpStatus.SC_BAD_REQUEST);
-				response.getWriter().write(ERROR_BAD_REQUEST);
-				throw new SecurityException(ERROR_BAD_REQUEST);
-			}
-		} catch (Exception e) {
-			sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
-			response.getWriter().close();
-		}
-	}
-}
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java
deleted file mode 100644
index c203f1f0..00000000
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal
- * ===================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * 
- */
-package org.onap.portalapp.filter;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantLock;
-import java.util.regex.Pattern;
-
-import org.apache.commons.lang.NotImplementedException;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang3.StringEscapeUtils;
-import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.onap.portalsdk.core.util.SystemProperties;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.MySQLCodec;
-import org.owasp.esapi.codecs.MySQLCodec.Mode;
-import org.owasp.esapi.codecs.OracleCodec;
-
-public class SecurityXssValidator {
-
-	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssValidator.class);
-
-	private static final String MYSQL_DB = "mysql";
-	private static final String ORACLE_DB = "oracle";
-	private static final String MARIA_DB = "mariadb";
-	private static final int FLAGS = Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL;
-	static SecurityXssValidator validator = null;
-	private static Codec instance;
-	private static final Lock lock = new ReentrantLock();
-
-	public static SecurityXssValidator getInstance() {
-
-		if (validator == null) {
-			lock.lock();
-			try {
-				if (validator == null)
-					validator = new SecurityXssValidator();
-			} finally {
-				lock.unlock();
-			}
-		}
-
-		return validator;
-	}
-
-	private SecurityXssValidator() {
-		// Avoid anything between script tags
-		XSS_INPUT_PATTERNS.add(Pattern.compile("<script>(.*?)</script>", FLAGS));
-
-		// avoid iframes
-		XSS_INPUT_PATTERNS.add(Pattern.compile("<iframe(.*?)>(.*?)</iframe>", FLAGS));
-
-		// Avoid anything in a src='...' type of expression
-		XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*([^>]+)", FLAGS));
-
-		// Remove any lonesome </script> tag
-		XSS_INPUT_PATTERNS.add(Pattern.compile("</script>", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(<script>|</script>).*", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(<iframe>|</iframe>).*", FLAGS));
-
-		// Remove any lonesome <script ...> tag
-		XSS_INPUT_PATTERNS.add(Pattern.compile("<script(.*?)>", FLAGS));
-
-		// Avoid eval(...) expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile("eval\\((.*?)\\)", FLAGS));
-
-		// Avoid expression(...) expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile("expression\\((.*?)\\)", FLAGS));
-
-		// Avoid javascript:... expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(javascript:|vbscript:).*", FLAGS));
-
-		// Avoid onload= expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(onload(.*?)=).*", FLAGS));
-	}
-
-	private List<Pattern> XSS_INPUT_PATTERNS = new ArrayList<Pattern>();
-
-	/**
-	 * * This method takes a string and strips out any potential script injections.
-	 * 
-	 * @param value
-	 * @return String - the new "sanitized" string.
-	 */
-	public String stripXSS(String value) {
-
-		try {
-
-			if (StringUtils.isNotBlank(value)) {
-
-				value = StringEscapeUtils.escapeHtml4(value);
-
-				value = ESAPI.encoder().canonicalize(value);
-
-				// Avoid null characters
-				value = value.replaceAll("\0", "");
-
-				for (Pattern xssInputPattern : XSS_INPUT_PATTERNS) {
-					value = xssInputPattern.matcher(value).replaceAll("");
-				}
-			}
-
-		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "stripXSS() failed", e);
-		}
-
-		return value;
-	}
-
-	public Boolean denyXSS(String value) {
-		Boolean flag = Boolean.FALSE;
-		try {
-			if (StringUtils.isNotBlank(value)) {
-				value = ESAPI.encoder().canonicalize(value);
-				for (Pattern xssInputPattern : XSS_INPUT_PATTERNS) {
-					if (xssInputPattern.matcher(value).matches()) {
-						flag = Boolean.TRUE;
-						break;
-					}
-
-				}
-			}
-
-		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed", e);
-		}
-
-		return flag;
-	}
-
-	public Codec getCodec() {
-		try {
-			if (null == instance) {
-				if (StringUtils.containsIgnoreCase(SystemProperties.getProperty(SystemProperties.DB_DRIVER), MYSQL_DB)
-						|| StringUtils.containsIgnoreCase(SystemProperties.getProperty(SystemProperties.DB_DRIVER),
-								MARIA_DB)) {
-					instance = new MySQLCodec(Mode.STANDARD);
-
-				} else if (StringUtils.containsIgnoreCase(SystemProperties.getProperty(SystemProperties.DB_DRIVER),
-						ORACLE_DB)) {
-					instance = new OracleCodec();
-				} else {
-					throw new NotImplementedException("Handling for data base \""
-							+ SystemProperties.getProperty(SystemProperties.DB_DRIVER) + "\" not yet implemented.");
-				}
-			}
-
-		} catch (Exception ex) {
-			logger.error(EELFLoggerDelegate.errorLogger, "getCodec() failed", ex);
-		}
-		return instance;
-
-	}
-
-	public List<Pattern> getXSS_INPUT_PATTERNS() {
-		return XSS_INPUT_PATTERNS;
-	}
-
-	public void setXSS_INPUT_PATTERNS(List<Pattern> xSS_INPUT_PATTERNS) {
-		XSS_INPUT_PATTERNS = xSS_INPUT_PATTERNS;
-	}
-
-}
\ No newline at end of file
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java
deleted file mode 100644
index 7a4eac87..00000000
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal
- * ===================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * 
- */
-package org.onap.portalapp.filter;
-
-import org.junit.Assert;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.InjectMocks;
-import org.mockito.Mockito;
-import org.onap.portalsdk.core.util.SystemProperties;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.codecs.Codec;
-import org.powermock.api.mockito.PowerMockito;
-import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
-
-@RunWith(PowerMockRunner.class)
-@PrepareForTest({ESAPI.class, SystemProperties.class})
-public class SecurityXssValidatorTest {
-	@InjectMocks
-	SecurityXssValidator securityXssValidator;
-
-	@Test
-	public void stripXSSTest() {
-	 securityXssValidator=	SecurityXssValidator.getInstance();
-		String value ="Test";
-		securityXssValidator.stripXSS(value);
-	}
-	
-	@Test
-	public void testDenyXss() {
-	 securityXssValidator=	SecurityXssValidator.getInstance();
-		String value ="Test";
-		securityXssValidator.denyXSS(value);
-	}
-	
-	@Test
-		public void getCodecMySqlTest() {
-			PowerMockito.mockStatic(SystemProperties.class);
-			Mockito.when(SystemProperties.getProperty(SystemProperties.DB_DRIVER)).thenReturn("mysql");
-			SecurityXssValidator validator = SecurityXssValidator.getInstance();
-			Codec codec = validator.getCodec();
-			Assert.assertNotNull(codec);
-		}
-	
-	/*//@Test
-	public void stripXSSExceptionTest() {
-		String value ="Test";
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		String reponse = validator.stripXSS(value);
-		Assert.assertEquals(value, reponse);;
-	}
-	
-	//@Test
-	public void denyXSSTest() {
-		String value ="<script>Test</script>";
-		PowerMockito.mockStatic(ESAPI.class);
-		Encoder mockEncoder = Mockito.mock(Encoder.class);
-		Mockito.when(ESAPI.encoder()).thenReturn(mockEncoder);
-		Mockito.when(mockEncoder.canonicalize(value)).thenReturn(value);
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		Boolean flag = validator.denyXSS(value);
-		Assert.assertTrue(flag);
-	}
-	
-	//@Test
-	public void denyXSSFalseTest() {
-		String value ="test";
-		PowerMockito.mockStatic(ESAPI.class);
-		Encoder mockEncoder = Mockito.mock(Encoder.class);
-		Mockito.when(ESAPI.encoder()).thenReturn(mockEncoder);
-		Mockito.when(mockEncoder.canonicalize(value)).thenReturn(value);
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		Boolean flag = validator.denyXSS(value);
-		Assert.assertFalse(flag);
-	}
-
-	//@Test
-	public void getCodecMySqlTest() {
-		PowerMockito.mockStatic(SystemProperties.class);
-		Mockito.when(SystemProperties.getProperty(SystemProperties.DB_DRIVER)).thenReturn("mysql");
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		Codec codec = validator.getCodec();
-		Assert.assertNotNull(codec);
-	}*/
-				
-}
-- 
2.16.6