diff options
author | Raviteja Cherughattu <rc835m@att.com> | 2020-07-29 14:36:17 -0500 |
---|---|---|
committer | Raviteja Cherughattu <rc835m@att.com> | 2020-07-29 14:36:17 -0500 |
commit | bdb54b7c8a5df0e686490658067c9013ee43dd7a (patch) | |
tree | ce291e2172a5440d877baedf6214c84823c21c13 | |
parent | de75a11f03d87b53f7a2b5525c8fc66f6053aef2 (diff) |
Medium Vulnerabilities CodeFix: Revert [Ref ID: 108330]
Issue-ID: AAF-1115
Change-Id: I8e503ee84eb2771edbf2ed94f5d7f8f2e20812c7
Signed-off-by: Raviteja Cherughattu <rc835m@att.com>
-rw-r--r-- | auth/auth-cmd/pom.xml | 7 | ||||
-rw-r--r-- | auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java | 4 | ||||
-rw-r--r-- | auth/auth-core/pom.xml | 7 | ||||
-rw-r--r-- | auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java | 5 | ||||
-rw-r--r-- | auth/auth-fs/pom.xml | 7 | ||||
-rw-r--r-- | auth/auth-hello/pom.xml | 7 | ||||
-rw-r--r-- | auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java | 10 | ||||
-rw-r--r-- | auth/auth-locate/pom.xml | 7 | ||||
-rw-r--r-- | auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java | 5 | ||||
-rw-r--r-- | auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java | 5 | ||||
-rw-r--r-- | cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java | 13 | ||||
-rw-r--r-- | misc/pom.xml | 7 | ||||
-rw-r--r-- | misc/xgen/pom.xml | 7 | ||||
-rw-r--r-- | misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java | 5 |
14 files changed, 24 insertions, 72 deletions
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml index 01ec4ec9..19902604 100644 --- a/auth/auth-cmd/pom.xml +++ b/auth/auth-cmd/pom.xml @@ -177,12 +177,7 @@ <groupId>jline</groupId> <artifactId>jline</artifactId> <version>2.14.2</version> - </dependency> - <dependency> - <groupId>org.owasp.encoder</groupId> - <artifactId>encoder</artifactId> - <version>1.2.1</version> - </dependency> + </dependency> </dependencies> <distributionManagement> diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java index 40616abc..7913b76e 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java @@ -54,8 +54,6 @@ import aaf.v2_0.History; import aaf.v2_0.History.Item; import aaf.v2_0.Request; -import org.owasp.encoder.Encode; - public abstract class Cmd { // Sonar claims DateFormat is not thread safe. Leave as Instance Variable. private final DateFormat dateFmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS"); @@ -273,7 +271,7 @@ public abstract class Cmd { sb.append(", "); sb.append(desc); } - pw().println(Encode.forJava(sb.toString())); + pw().println(sb.toString()); } diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml index 972b12cb..bef94675 100644 --- a/auth/auth-core/pom.xml +++ b/auth/auth-core/pom.xml @@ -106,12 +106,7 @@ <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> - </dependency> - <dependency> - <groupId>org.owasp.encoder</groupId> - <artifactId>encoder</artifactId> - <version>1.2.1</version> - </dependency> + </dependency> </dependencies> <build> diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java index b342c428..cdda50db 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java @@ -53,7 +53,6 @@ import org.onap.aaf.misc.env.EnvJAXB; import org.onap.aaf.misc.env.LogTarget; import org.onap.aaf.misc.env.Store; import org.onap.aaf.misc.env.Trans; -import org.owasp.encoder.Encode; /* * CachingFileAccess * @@ -430,9 +429,9 @@ public class CachingFileAccess<TRANS extends Trans> extends HttpCode<TRANS, Void w.append(name); w.append('/'); } - w.append(Encode.forJava(f.getName())); + w.append(f.getName()); w.append("\">"); - w.append(Encode.forJava(f.getName())); + w.append(f.getName()); w.append("</a></li>\n"); } w.append(F); diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml index 2084e18c..fcc4baa4 100644 --- a/auth/auth-fs/pom.xml +++ b/auth/auth-fs/pom.xml @@ -75,12 +75,7 @@ <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-core</artifactId> - </dependency> - <dependency> - <groupId>org.owasp.encoder</groupId> - <artifactId>encoder</artifactId> - <version>1.2.1</version> - </dependency> + </dependency> </dependencies> <build> diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index f9a420f9..676ca3ea 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -54,12 +54,7 @@ <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> - </dependency> - <dependency> - <groupId>org.owasp.encoder</groupId> - <artifactId>encoder</artifactId> - <version>1.2.1</version> - </dependency> + </dependency> </dependencies> diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java index cdaa6a76..4ffb1787 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java @@ -35,8 +35,6 @@ import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; -import org.owasp.encoder.Encode; - /** * API Apis * @author Jonathan @@ -72,7 +70,7 @@ public class API_Hello { String perm = pathParam(req, "perm"); if (perm!=null && perm.length()>0) { os.print('('); - os.print(Encode.forJava(req.getUserPrincipal().getName())); + os.print(req.getUserPrincipal().getName()); TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); try { if (req.isUserInRole(perm)) { @@ -84,7 +82,7 @@ public class API_Hello { tt.done(); } os.print("Permission: "); - os.print(Encode.forJava(perm)); + os.print(perm); os.print(')'); } os.println(); @@ -146,7 +144,7 @@ public class API_Hello { } sb.append("}"); ServletOutputStream os = resp.getOutputStream(); - os.println(Encode.forJava(sb.toString())); + os.println(sb.toString()); trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); } },APPLICATION_JSON); @@ -166,7 +164,7 @@ public class API_Hello { trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content); if (content.startsWith("{") && content.endsWith("}")) { resp.setStatus(200 /* OK */); - resp.getOutputStream().print(Encode.forJava(content)); + resp.getOutputStream().print(content); } else { resp.getOutputStream().write(NOT_JSON); resp.setStatus(406); diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml index 71fcfa98..e1103eca 100644 --- a/auth/auth-locate/pom.xml +++ b/auth/auth-locate/pom.xml @@ -77,12 +77,7 @@ <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-misc-rosetta</artifactId> - </dependency> - <dependency> - <groupId>org.owasp.encoder</groupId> - <artifactId>encoder</artifactId> - <version>1.2.1</version> - </dependency> + </dependency> </dependencies> diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java index 2bb497a0..2076e847 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java @@ -53,7 +53,6 @@ import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; -import org.owasp.encoder.Encode; public class API_AAFAccess { // private static String service, version, envContext; @@ -105,7 +104,7 @@ public class API_AAFAccess { ServletOutputStream sos; try { sos = resp.getOutputStream(); - sos.print(Encode.forJava(fp.value)); + sos.print(fp.value); } catch (IOException e) { throw new CadiException(e); } @@ -123,7 +122,7 @@ public class API_AAFAccess { User u = (User)d.data.get(0); resp.setStatus(u.code); ServletOutputStream sos = resp.getOutputStream(); - sos.print(Encode.forJava(u.resp)); + sos.print(u.resp); } } finally { tt.done(); diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java index 047663c3..67107088 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java @@ -59,7 +59,6 @@ import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.rosetta.env.RosettaDF; import org.onap.aaf.misc.rosetta.env.RosettaData; -import org.owasp.encoder.Encode; import locate_local.v1_0.Api; @@ -267,7 +266,7 @@ public abstract class LocateFacadeImpl<IN,OUT,ENDPOINTS,MGMT_ENDPOINTS,CONFIGURA TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB); try { String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); - resp.getOutputStream().print(Encode.forJava(content)); + resp.getOutputStream().print(content); setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON); return Result.ok(); } catch (Exception e) { @@ -312,7 +311,7 @@ public abstract class LocateFacadeImpl<IN,OUT,ENDPOINTS,MGMT_ENDPOINTS,CONFIGURA } } } - resp.getOutputStream().println(Encode.forJava(output)); + resp.getOutputStream().println(output); setContentType(resp,epDF.getOutType()); return Result.ok(); } catch (Exception e) { diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java index 898b99c9..199276bc 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java @@ -47,7 +47,6 @@ import org.onap.aaf.misc.env.Data; import org.onap.aaf.misc.env.Data.TYPE; import org.onap.aaf.misc.env.util.Pool.Pooled; import org.onap.aaf.misc.rosetta.env.RosettaDF; -import org.owasp.encoder.Encode; /** * Low Level Http Client Mechanism. Chances are, you want the high level "HRcli" * for Rosetta Object Translation @@ -395,11 +394,9 @@ public class HClient implements EClient<HttpURLConnection> { is = huc.getInputStream(); // reuse Buffers Pooled<byte[]> pbuff = Rcli.buffPool.get(); - try { - String strTemp; + try { while ((read=is.read(pbuff.content))>=0) { - strTemp = new String(pbuff.content,0,read); - os.write(Encode.forJava(strTemp).getBytes()); + os.write(pbuff.content,0,read); } } finally { pbuff.done(); @@ -413,11 +410,9 @@ public class HClient implements EClient<HttpURLConnection> { if (is!=null) { errContent = new StringBuilder(); Pooled<byte[]> pbuff = Rcli.buffPool.get(); - try { - String strTemp; + try { while ((read=is.read(pbuff.content))>=0) { - strTemp = new String(pbuff.content,0,read); - os.write(Encode.forJava(strTemp).getBytes()); + os.write(pbuff.content,0,read); } } finally { pbuff.done(); diff --git a/misc/pom.xml b/misc/pom.xml index 61d4f5d2..27948dfb 100644 --- a/misc/pom.xml +++ b/misc/pom.xml @@ -72,12 +72,7 @@ <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> - </dependency> - <dependency> - <groupId>org.owasp.encoder</groupId> - <artifactId>encoder</artifactId> - <version>1.2.1</version> - </dependency> + </dependency> </dependencies> diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml index d4183fb9..52533ba0 100644 --- a/misc/xgen/pom.xml +++ b/misc/xgen/pom.xml @@ -77,12 +77,7 @@ <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-misc-env</artifactId> <version>${project.version}</version> - </dependency> - <dependency> - <groupId>org.owasp.encoder</groupId> - <artifactId>encoder</artifactId> - <version>1.2.1</version> - </dependency> + </dependency> </dependencies> <!-- ============================================================== --> diff --git a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java index 0d41bd9b..fb429b3b 100644 --- a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java +++ b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java @@ -28,7 +28,6 @@ import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.Trans;
import org.onap.aaf.misc.xgen.html.State;
-import org.owasp.encoder.Encode;
public class Section<G extends XGen<G>> {
protected int indent;
@@ -49,11 +48,11 @@ public class Section<G extends XGen<G>> { }
public void forward(Writer w) throws IOException {
- w.write(Encode.forJava(forward));
+ w.write(forward);
}
public void back(Writer w) throws IOException {
- w.write(Encode.forJava(backward));
+ w.write(backward);
}
public String toString() {
|