summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
authorRaviteja Cherughattu <rc835m@att.com>2020-07-29 14:36:17 -0500
committerRaviteja Cherughattu <rc835m@att.com>2020-07-29 14:36:17 -0500
commitbdb54b7c8a5df0e686490658067c9013ee43dd7a (patch)
treece291e2172a5440d877baedf6214c84823c21c13 /auth
parentde75a11f03d87b53f7a2b5525c8fc66f6053aef2 (diff)
Medium Vulnerabilities CodeFix: Revert [Ref ID: 108330]
Issue-ID: AAF-1115 Change-Id: I8e503ee84eb2771edbf2ed94f5d7f8f2e20812c7 Signed-off-by: Raviteja Cherughattu <rc835m@att.com>
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-cmd/pom.xml7
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java4
-rw-r--r--auth/auth-core/pom.xml7
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java5
-rw-r--r--auth/auth-fs/pom.xml7
-rw-r--r--auth/auth-hello/pom.xml7
-rw-r--r--auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java10
-rw-r--r--auth/auth-locate/pom.xml7
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java5
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java5
10 files changed, 16 insertions, 48 deletions
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml
index 01ec4ec9..19902604 100644
--- a/auth/auth-cmd/pom.xml
+++ b/auth/auth-cmd/pom.xml
@@ -177,12 +177,7 @@
<groupId>jline</groupId>
<artifactId>jline</artifactId>
<version>2.14.2</version>
- </dependency>
- <dependency>
- <groupId>org.owasp.encoder</groupId>
- <artifactId>encoder</artifactId>
- <version>1.2.1</version>
- </dependency>
+ </dependency>
</dependencies>
<distributionManagement>
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
index 40616abc..7913b76e 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
@@ -54,8 +54,6 @@ import aaf.v2_0.History;
import aaf.v2_0.History.Item;
import aaf.v2_0.Request;
-import org.owasp.encoder.Encode;
-
public abstract class Cmd {
// Sonar claims DateFormat is not thread safe. Leave as Instance Variable.
private final DateFormat dateFmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS");
@@ -273,7 +271,7 @@ public abstract class Cmd {
sb.append(", ");
sb.append(desc);
}
- pw().println(Encode.forJava(sb.toString()));
+ pw().println(sb.toString());
}
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 972b12cb..bef94675 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -106,12 +106,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
- </dependency>
- <dependency>
- <groupId>org.owasp.encoder</groupId>
- <artifactId>encoder</artifactId>
- <version>1.2.1</version>
- </dependency>
+ </dependency>
</dependencies>
<build>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
index b342c428..cdda50db 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
@@ -53,7 +53,6 @@ import org.onap.aaf.misc.env.EnvJAXB;
import org.onap.aaf.misc.env.LogTarget;
import org.onap.aaf.misc.env.Store;
import org.onap.aaf.misc.env.Trans;
-import org.owasp.encoder.Encode;
/*
* CachingFileAccess
*
@@ -430,9 +429,9 @@ public class CachingFileAccess<TRANS extends Trans> extends HttpCode<TRANS, Void
w.append(name);
w.append('/');
}
- w.append(Encode.forJava(f.getName()));
+ w.append(f.getName());
w.append("\">");
- w.append(Encode.forJava(f.getName()));
+ w.append(f.getName());
w.append("</a></li>\n");
}
w.append(F);
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index 2084e18c..fcc4baa4 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -75,12 +75,7 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.owasp.encoder</groupId>
- <artifactId>encoder</artifactId>
- <version>1.2.1</version>
- </dependency>
+ </dependency>
</dependencies>
<build>
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index f9a420f9..676ca3ea 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -54,12 +54,7 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- </dependency>
- <dependency>
- <groupId>org.owasp.encoder</groupId>
- <artifactId>encoder</artifactId>
- <version>1.2.1</version>
- </dependency>
+ </dependency>
</dependencies>
diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
index cdaa6a76..4ffb1787 100644
--- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
+++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
@@ -35,8 +35,6 @@ import org.onap.aaf.auth.rserv.HttpMethods;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
-import org.owasp.encoder.Encode;
-
/**
* API Apis
* @author Jonathan
@@ -72,7 +70,7 @@ public class API_Hello {
String perm = pathParam(req, "perm");
if (perm!=null && perm.length()>0) {
os.print('(');
- os.print(Encode.forJava(req.getUserPrincipal().getName()));
+ os.print(req.getUserPrincipal().getName());
TimeTaken tt = trans.start("Authorize perm", Env.REMOTE);
try {
if (req.isUserInRole(perm)) {
@@ -84,7 +82,7 @@ public class API_Hello {
tt.done();
}
os.print("Permission: ");
- os.print(Encode.forJava(perm));
+ os.print(perm);
os.print(')');
}
os.println();
@@ -146,7 +144,7 @@ public class API_Hello {
}
sb.append("}");
ServletOutputStream os = resp.getOutputStream();
- os.println(Encode.forJava(sb.toString()));
+ os.println(sb.toString());
trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName());
}
},APPLICATION_JSON);
@@ -166,7 +164,7 @@ public class API_Hello {
trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content);
if (content.startsWith("{") && content.endsWith("}")) {
resp.setStatus(200 /* OK */);
- resp.getOutputStream().print(Encode.forJava(content));
+ resp.getOutputStream().print(content);
} else {
resp.getOutputStream().write(NOT_JSON);
resp.setStatus(406);
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 71fcfa98..e1103eca 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -77,12 +77,7 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-rosetta</artifactId>
- </dependency>
- <dependency>
- <groupId>org.owasp.encoder</groupId>
- <artifactId>encoder</artifactId>
- <version>1.2.1</version>
- </dependency>
+ </dependency>
</dependencies>
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
index 2bb497a0..2076e847 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
@@ -53,7 +53,6 @@ import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
-import org.owasp.encoder.Encode;
public class API_AAFAccess {
// private static String service, version, envContext;
@@ -105,7 +104,7 @@ public class API_AAFAccess {
ServletOutputStream sos;
try {
sos = resp.getOutputStream();
- sos.print(Encode.forJava(fp.value));
+ sos.print(fp.value);
} catch (IOException e) {
throw new CadiException(e);
}
@@ -123,7 +122,7 @@ public class API_AAFAccess {
User u = (User)d.data.get(0);
resp.setStatus(u.code);
ServletOutputStream sos = resp.getOutputStream();
- sos.print(Encode.forJava(u.resp));
+ sos.print(u.resp);
}
} finally {
tt.done();
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java
index 047663c3..67107088 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java
@@ -59,7 +59,6 @@ import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.rosetta.env.RosettaDF;
import org.onap.aaf.misc.rosetta.env.RosettaData;
-import org.owasp.encoder.Encode;
import locate_local.v1_0.Api;
@@ -267,7 +266,7 @@ public abstract class LocateFacadeImpl<IN,OUT,ENDPOINTS,MGMT_ENDPOINTS,CONFIGURA
TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);
try {
String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional);
- resp.getOutputStream().print(Encode.forJava(content));
+ resp.getOutputStream().print(content);
setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);
return Result.ok();
} catch (Exception e) {
@@ -312,7 +311,7 @@ public abstract class LocateFacadeImpl<IN,OUT,ENDPOINTS,MGMT_ENDPOINTS,CONFIGURA
}
}
}
- resp.getOutputStream().println(Encode.forJava(output));
+ resp.getOutputStream().println(output);
setContentType(resp,epDF.getOutType());
return Result.ok();
} catch (Exception e) {