summaryrefslogtreecommitdiffstats
path: root/auth/auth-core
diff options
context:
space:
mode:
authorRaviteja Cherughattu <rc835m@att.com>2020-05-27 12:08:55 -0500
committerRaviteja Cherughattu <rc835m@att.com>2020-06-02 14:38:56 -0500
commit16c3995a89892b1dad4dab7df0f6200ac8b09f92 (patch)
treec08006099c726b5fb6bf56672444ae114f821fe1 /auth/auth-core
parent03bc32d07bdd8e2698a1bdede972ff5aa43f9759 (diff)
Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111
Issue-ID: AAF-1115 Change-Id: I05d8d7a19236ad476d2a37b51a6c4a84ba2b8546 Signed-off-by: Raviteja Cherughattu <rc835m@att.com>
Diffstat (limited to 'auth/auth-core')
-rw-r--r--auth/auth-core/pom.xml5
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java5
2 files changed, 8 insertions, 2 deletions
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 884ecbe3..972b12cb 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -107,6 +107,11 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
</dependencies>
<build>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
index cdda50db..b342c428 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
@@ -53,6 +53,7 @@ import org.onap.aaf.misc.env.EnvJAXB;
import org.onap.aaf.misc.env.LogTarget;
import org.onap.aaf.misc.env.Store;
import org.onap.aaf.misc.env.Trans;
+import org.owasp.encoder.Encode;
/*
* CachingFileAccess
*
@@ -429,9 +430,9 @@ public class CachingFileAccess<TRANS extends Trans> extends HttpCode<TRANS, Void
w.append(name);
w.append('/');
}
- w.append(f.getName());
+ w.append(Encode.forJava(f.getName()));
w.append("\">");
- w.append(f.getName());
+ w.append(Encode.forJava(f.getName()));
w.append("</a></li>\n");
}
w.append(F);