diff options
| author |   Raviteja Cherughattu <rc835m@att.com> | 2020-05-27 12:08:55 -0500 |
|---|---|---|
| committer | Raviteja Cherughattu <rc835m@att.com> | 2020-06-02 14:38:56 -0500 |
| commit | 16c3995a89892b1dad4dab7df0f6200ac8b09f92 (patch) | |
| tree | c08006099c726b5fb6bf56672444ae114f821fe1 /auth/auth-hello | |
| parent | 03bc32d07bdd8e2698a1bdede972ff5aa43f9759 (diff) | |
Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111
Issue-ID: AAF-1115
Change-Id: I05d8d7a19236ad476d2a37b51a6c4a84ba2b8546
Signed-off-by: Raviteja Cherughattu <rc835m@att.com>
Diffstat (limited to 'auth/auth-hello')
| -rw-r--r-- | auth/auth-hello/pom.xml | 7 | ||||
| -rw-r--r-- | auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java | 10 |
2 files changed, 12 insertions, 5 deletions
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index 11971e0d..f9a420f9 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -55,7 +55,12 @@ <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> </dependency> - + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> + </dependencies> <build> diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java index 4ffb1787..cdaa6a76 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java @@ -35,6 +35,8 @@ import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; +import org.owasp.encoder.Encode; + /** * API Apis * @author Jonathan @@ -70,7 +72,7 @@ public class API_Hello { String perm = pathParam(req, "perm"); if (perm!=null && perm.length()>0) { os.print('('); - os.print(req.getUserPrincipal().getName()); + os.print(Encode.forJava(req.getUserPrincipal().getName())); TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); try { if (req.isUserInRole(perm)) { @@ -82,7 +84,7 @@ public class API_Hello { tt.done(); } os.print("Permission: "); - os.print(perm); + os.print(Encode.forJava(perm)); os.print(')'); } os.println(); @@ -144,7 +146,7 @@ public class API_Hello { } sb.append("}"); ServletOutputStream os = resp.getOutputStream(); - os.println(sb.toString()); + os.println(Encode.forJava(sb.toString())); trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); } },APPLICATION_JSON); @@ -164,7 +166,7 @@ public class API_Hello { trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content); if (content.startsWith("{") && content.endsWith("}")) { resp.setStatus(200 /* OK */); - resp.getOutputStream().print(content); + resp.getOutputStream().print(Encode.forJava(content)); } else { resp.getOutputStream().write(NOT_JSON); resp.setStatus(406); |