diff options
author | Raviteja Cherughattu <rc835m@att.com> | 2020-05-27 12:08:55 -0500 |
---|---|---|
committer | Raviteja Cherughattu <rc835m@att.com> | 2020-06-02 14:38:56 -0500 |
commit | 16c3995a89892b1dad4dab7df0f6200ac8b09f92 (patch) | |
tree | c08006099c726b5fb6bf56672444ae114f821fe1 /auth/auth-core | |
parent | 03bc32d07bdd8e2698a1bdede972ff5aa43f9759 (diff) |
Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111
Issue-ID: AAF-1115
Change-Id: I05d8d7a19236ad476d2a37b51a6c4a84ba2b8546
Signed-off-by: Raviteja Cherughattu <rc835m@att.com>
Diffstat (limited to 'auth/auth-core')
-rw-r--r-- | auth/auth-core/pom.xml | 5 | ||||
-rw-r--r-- | auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml index 884ecbe3..972b12cb 100644 --- a/auth/auth-core/pom.xml +++ b/auth/auth-core/pom.xml @@ -107,6 +107,11 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> </dependencies> <build> diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java index cdda50db..b342c428 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java @@ -53,6 +53,7 @@ import org.onap.aaf.misc.env.EnvJAXB; import org.onap.aaf.misc.env.LogTarget; import org.onap.aaf.misc.env.Store; import org.onap.aaf.misc.env.Trans; +import org.owasp.encoder.Encode; /* * CachingFileAccess * @@ -429,9 +430,9 @@ public class CachingFileAccess<TRANS extends Trans> extends HttpCode<TRANS, Void w.append(name); w.append('/'); } - w.append(f.getName()); + w.append(Encode.forJava(f.getName())); w.append("\">"); - w.append(f.getName()); + w.append(Encode.forJava(f.getName())); w.append("</a></li>\n"); } w.append(F); |