diff options
21 files changed, 130 insertions, 46 deletions
diff --git a/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/JU_BatchDataViewTest.java b/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/JU_BatchDataViewTest.java index 2ddd984b..8ff2ec57 100644 --- a/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/JU_BatchDataViewTest.java +++ b/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/JU_BatchDataViewTest.java @@ -4,6 +4,9 @@ * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. * =========================================================================== + * Modification Copyright © 2020 IBM. + * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +24,7 @@ package org.onap.aaf.auth.batch.helpers; -import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertEquals; import static org.mockito.MockitoAnnotations.initMocks; import java.io.IOException; @@ -71,57 +74,57 @@ public class JU_BatchDataViewTest { @Test public void testNs() { Result<NsDAO.Data> retVal = batchDataViewObj.ns(trans, "test"); - assertTrue(retVal.status == 9); + assertEquals(9,retVal.status); NS n = new NS("test1", "test2", "test3", 1, 2); NS.data.put("test", n); retVal = batchDataViewObj.ns(trans, "test"); - assertTrue(retVal.status == 0); + assertEquals(0,retVal.status); } @Test public void testRoleByName() { Result<RoleDAO.Data> retVal = batchDataViewObj.roleByName(trans, "test"); - assertTrue(retVal.status == 9); + assertEquals(9,retVal.status); Role n = new Role("test1"); n.rdd = new RoleDAO.Data(); Role.byName.put("test", n); retVal = batchDataViewObj.roleByName(trans, "test"); - assertTrue(retVal.status == 0); + assertEquals(0,retVal.status); n.rdd = null; Role.byName.put("test", n); retVal = batchDataViewObj.roleByName(trans, "test"); - assertTrue(retVal.status == 9); + assertEquals(9,retVal.status); } @Test public void testUrsByRole() { Result<List<UserRoleDAO.Data>> retVal = batchDataViewObj .ursByRole(trans, "test"); - assertTrue(retVal.status == 9); + assertEquals(9,retVal.status); Role n = new Role("test1"); n.rdd = new RoleDAO.Data(); UserRole ur = new UserRole("user", "role", "ns", "rname", new Date()); (new UserRole.DataLoadVisitor()).visit(ur); retVal = batchDataViewObj.ursByRole(trans, "role"); - assertTrue(retVal.status == 0); + assertEquals(retVal.status,0); } @Test public void testUrsByUser() { Result<List<UserRoleDAO.Data>> retVal = batchDataViewObj .ursByUser(trans, "test"); - assertTrue(retVal.status == 9); + assertEquals(retVal.status,9); Role n = new Role("test1"); n.rdd = new RoleDAO.Data(); UserRole ur = new UserRole("user", "role", "ns", "rname", new Date()); (new UserRole.DataLoadVisitor()).visit(ur); retVal = batchDataViewObj.ursByUser(trans, "user"); - assertTrue(retVal.status == 0); + assertEquals(retVal.status,0); } @Test @@ -129,7 +132,7 @@ public class JU_BatchDataViewTest { FutureDAO.Data dataObj = new FutureDAO.Data(); dataObj.id = new UUID(1000L, 1000L); Result<FutureDAO.Data> retVal = batchDataViewObj.delete(trans, dataObj); - assertTrue(retVal.status == 0); + assertEquals(retVal.status,0); } @Test @@ -138,7 +141,7 @@ public class JU_BatchDataViewTest { dataObj.id = new UUID(1000L, 1000L); Result<ApprovalDAO.Data> retVal = batchDataViewObj.delete(trans, dataObj); - assertTrue(retVal.status == 0); + assertEquals(retVal.status, 0); } @@ -150,7 +153,7 @@ public class JU_BatchDataViewTest { dataObj.ticket = new UUID(1000L, 1000L); Result<ApprovalDAO.Data> retVal = batchDataViewObj.insert(trans, dataObj); - assertTrue(retVal.status == 0); + assertEquals(retVal.status, 0); } @Test @@ -160,11 +163,11 @@ public class JU_BatchDataViewTest { dataObj.memo = "memo"; dataObj.construct = ByteBuffer.allocate(1000); Result<FutureDAO.Data> retVal = batchDataViewObj.insert(trans, dataObj); - assertTrue(retVal.status == 0); + assertEquals(retVal.status, 0); dataObj.target_key = "memo"; retVal = batchDataViewObj.insert(trans, dataObj); - assertTrue(retVal.status == 0); + assertEquals(retVal.status, 0); } @Test public void testFlush() { diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index e5cde35c..761ebec9 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -759,7 +759,7 @@ public class Function { } for (CredDAO.Data cd : cdr.value) { - if (cd.expires.after(now)) { + if (cd.expires.after(now) || trans.org().isUserExpireExempt(cd.id, cd.expires)) { return Result.ok(); } } @@ -1440,7 +1440,7 @@ public class Function { List<UserRoleDAO.Data> list = rurdd.value; List<String> rv = new ArrayList<>(list.size()); // presize for (UserRoleDAO.Data urdd : rurdd.value) { - if (includeExpired || urdd.expires.after(now)) { + if (includeExpired || urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { rv.add(urdd.user); } } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 39578f83..2e8e55f5 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -938,7 +938,7 @@ public class Question { if (!cdd.id.equals(user)) { trans.error().log("doesUserCredMatch DB call does not match for user: " + user); } - if (cdd.expires.after(now)) { + if (cdd.expires.after(now) || trans.org().isUserExpireExempt(cdd.id, cdd.expires)) { byte[] dbcred = cdd.cred.array(); try { @@ -1273,7 +1273,7 @@ public class Question { if (rur.isOKhasData()) { Date now = new Date(); for (UserRoleDAO.Data urdd : rur.value){ - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { return true; } } @@ -1285,7 +1285,7 @@ public class Question { Result<List<UserRoleDAO.Data>> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER); if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){ Date now = new Date(); - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { return true; } }}; @@ -1297,7 +1297,7 @@ public class Question { Date now = new Date(); int count = 0; if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){ - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { ++count; } }}; diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml index 7133a5b1..01ec4ec9 100644 --- a/auth/auth-cmd/pom.xml +++ b/auth/auth-cmd/pom.xml @@ -178,7 +178,11 @@ <artifactId>jline</artifactId> <version>2.14.2</version> </dependency> - + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> </dependencies> <distributionManagement> diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java index 0ae4ce99..40616abc 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java @@ -54,6 +54,7 @@ import aaf.v2_0.History; import aaf.v2_0.History.Item; import aaf.v2_0.Request; +import org.owasp.encoder.Encode; public abstract class Cmd { // Sonar claims DateFormat is not thread safe. Leave as Instance Variable. @@ -272,7 +273,7 @@ public abstract class Cmd { sb.append(", "); sb.append(desc); } - pw().println(sb); + pw().println(Encode.forJava(sb.toString())); } diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml index 884ecbe3..972b12cb 100644 --- a/auth/auth-core/pom.xml +++ b/auth/auth-core/pom.xml @@ -107,6 +107,11 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> </dependencies> <build> diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 795231eb..778eb295 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -349,8 +349,8 @@ public interface Organization { public void setTestMode(boolean dryRun); /** - * Evaluates a user to determine if they are exempt from role expiration. - * Returns true if true, false is false. Default implementation is always false. + * Evaluates a user to determine if they are exempt from role and cred expiration. + * Returns true if true, false if false. Default implementation is always false. * * @param user * @param expires diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java index cdda50db..b342c428 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java @@ -53,6 +53,7 @@ import org.onap.aaf.misc.env.EnvJAXB; import org.onap.aaf.misc.env.LogTarget; import org.onap.aaf.misc.env.Store; import org.onap.aaf.misc.env.Trans; +import org.owasp.encoder.Encode; /* * CachingFileAccess * @@ -429,9 +430,9 @@ public class CachingFileAccess<TRANS extends Trans> extends HttpCode<TRANS, Void w.append(name); w.append('/'); } - w.append(f.getName()); + w.append(Encode.forJava(f.getName())); w.append("\">"); - w.append(f.getName()); + w.append(Encode.forJava(f.getName())); w.append("</a></li>\n"); } w.append(F); diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml index 39cb03b8..943c1082 100644 --- a/auth/auth-fs/pom.xml +++ b/auth/auth-fs/pom.xml @@ -76,6 +76,16 @@ <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-core</artifactId> </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> + <dependency> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> + <version>2.0.1</version> + </dependency> </dependencies> <build> diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java index 64d93539..fdedd6bc 100644 --- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java +++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java @@ -45,7 +45,7 @@ import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.register.Registrant; import org.onap.aaf.cadi.register.RemoteRegistrant; - +import org.owasp.esapi.reference.DefaultHTTPUtilities; public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> { @@ -82,7 +82,8 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { trans.info().printf("Redirecting %s to HTTP/S %s", req.getRemoteAddr(), req.getLocalAddr()); - resp.sendRedirect(url); + DefaultHTTPUtilities util = new DefaultHTTPUtilities(); + util.sendRedirect(url); } }; diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index 11971e0d..f9a420f9 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -55,7 +55,12 @@ <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> </dependency> - + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> + </dependencies> <build> diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java index 4ffb1787..cdaa6a76 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java @@ -35,6 +35,8 @@ import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; +import org.owasp.encoder.Encode; + /** * API Apis * @author Jonathan @@ -70,7 +72,7 @@ public class API_Hello { String perm = pathParam(req, "perm"); if (perm!=null && perm.length()>0) { os.print('('); - os.print(req.getUserPrincipal().getName()); + os.print(Encode.forJava(req.getUserPrincipal().getName())); TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); try { if (req.isUserInRole(perm)) { @@ -82,7 +84,7 @@ public class API_Hello { tt.done(); } os.print("Permission: "); - os.print(perm); + os.print(Encode.forJava(perm)); os.print(')'); } os.println(); @@ -144,7 +146,7 @@ public class API_Hello { } sb.append("}"); ServletOutputStream os = resp.getOutputStream(); - os.println(sb.toString()); + os.println(Encode.forJava(sb.toString())); trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); } },APPLICATION_JSON); @@ -164,7 +166,7 @@ public class API_Hello { trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content); if (content.startsWith("{") && content.endsWith("}")) { resp.setStatus(200 /* OK */); - resp.getOutputStream().print(content); + resp.getOutputStream().print(Encode.forJava(content)); } else { resp.getOutputStream().write(NOT_JSON); resp.setStatus(406); diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml index 2b6568bf..36585989 100644 --- a/auth/auth-locate/pom.xml +++ b/auth/auth-locate/pom.xml @@ -78,6 +78,17 @@ <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-misc-rosetta</artifactId> </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> + <dependency> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> + <version>2.0.1</version> + </dependency> + </dependencies> <build> diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java index 36a987e5..7b23c89c 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java @@ -53,6 +53,9 @@ import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; +import org.owasp.esapi.errors.AccessControlException; +import org.owasp.esapi.reference.DefaultHTTPUtilities; +import org.owasp.encoder.Encode; public class API_AAFAccess { // private static String service, version, envContext; @@ -104,7 +107,7 @@ public class API_AAFAccess { ServletOutputStream sos; try { sos = resp.getOutputStream(); - sos.print(fp.value); + sos.print(Encode.forJava(fp.value)); } catch (IOException e) { throw new CadiException(e); } @@ -122,7 +125,7 @@ public class API_AAFAccess { User u = (User)d.data.get(0); resp.setStatus(u.code); ServletOutputStream sos = resp.getOutputStream(); - sos.print(u.resp); + sos.print(Encode.forJava(u.resp)); } } finally { tt.done(); @@ -256,7 +259,7 @@ public class API_AAFAccess { }); } - private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException { + private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException, AccessControlException { try { if (loc.hasItems()) { Item item = loc.best(); @@ -270,7 +273,9 @@ public class API_AAFAccess { redirectURL.append(str); } trans.info().log("Redirect to",redirectURL); - resp.sendRedirect(redirectURL.toString()); + DefaultHTTPUtilities util = new DefaultHTTPUtilities(); + util.sendRedirect(redirectURL.toString()); + //resp.sendRedirect(redirectURL.toString()); } else { context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection")); } diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java index 67107088..047663c3 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/facade/LocateFacadeImpl.java @@ -59,6 +59,7 @@ import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.rosetta.env.RosettaDF; import org.onap.aaf.misc.rosetta.env.RosettaData; +import org.owasp.encoder.Encode; import locate_local.v1_0.Api; @@ -266,7 +267,7 @@ public abstract class LocateFacadeImpl<IN,OUT,ENDPOINTS,MGMT_ENDPOINTS,CONFIGURA TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB); try { String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); - resp.getOutputStream().print(content); + resp.getOutputStream().print(Encode.forJava(content)); setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON); return Result.ok(); } catch (Exception e) { @@ -311,7 +312,7 @@ public abstract class LocateFacadeImpl<IN,OUT,ENDPOINTS,MGMT_ENDPOINTS,CONFIGURA } } } - resp.getOutputStream().println(output); + resp.getOutputStream().println(Encode.forJava(output)); setContentType(resp,epDF.getOutType()); return Result.ok(); } catch (Exception e) { diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java index c7b2605f..898b99c9 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java @@ -47,7 +47,7 @@ import org.onap.aaf.misc.env.Data; import org.onap.aaf.misc.env.Data.TYPE; import org.onap.aaf.misc.env.util.Pool.Pooled; import org.onap.aaf.misc.rosetta.env.RosettaDF; - +import org.owasp.encoder.Encode; /** * Low Level Http Client Mechanism. Chances are, you want the high level "HRcli" * for Rosetta Object Translation @@ -396,8 +396,10 @@ public class HClient implements EClient<HttpURLConnection> { // reuse Buffers Pooled<byte[]> pbuff = Rcli.buffPool.get(); try { + String strTemp; while ((read=is.read(pbuff.content))>=0) { - os.write(pbuff.content,0,read); + strTemp = new String(pbuff.content,0,read); + os.write(Encode.forJava(strTemp).getBytes()); } } finally { pbuff.done(); @@ -412,8 +414,10 @@ public class HClient implements EClient<HttpURLConnection> { errContent = new StringBuilder(); Pooled<byte[]> pbuff = Rcli.buffPool.get(); try { + String strTemp; while ((read=is.read(pbuff.content))>=0) { - os.write(pbuff.content,0,read); + strTemp = new String(pbuff.content,0,read); + os.write(Encode.forJava(strTemp).getBytes()); } } finally { pbuff.done(); diff --git a/docs/conf.py b/docs/conf.py index 8f40e8b8..5371015c 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -12,4 +12,4 @@ intersphinx_mapping = {} html_last_updated_fmt = '%d-%b-%y %H:%M' def setup(app): - app.add_stylesheet("css/ribbon_onap.css") + app.add_stylesheet("css/ribbon.css") diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index b7beed37..7981ed46 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -6,6 +6,25 @@ Release Notes ============= +Version: 2.1.23 (Frankfurt, 6.0.0) +--------------------------------------------- + +:Release Date: 2020-06-05 + +**New Features** +Certificate Management Protocol Version 2 (CMPv2) support was added to retrieve X.509 certificates from servers which supports CMPv2 over HTTP. SDNC as first ONAP component was integrated to enroll certificate from CMPv2 server to protect traffic between SDNC and Network Functions (xNFs). +More details about CMPv2 support in ONAP can be found on a dedicated page. + + +**Bug Fixes** + - `AAF-383 <https://jira.onap.org/browse/AAF-383>`_ AAF aaf-sms chart should use nodePortPrefix variable + - `AAF-783 <https://jira.onap.org/browse/AAF-783>`_ Consul container is outdated + - `AAF-784 <https://jira.onap.org/browse/AAF-784>`_ Vault container is outdated + - `AAF-1102 <https://jira.onap.org/browse/AAF-1102>`_ Pods still run as root + +**Known Issues - solve in Guilin** + - `AAF-1087 <https://jira.onap.org/browse/AAF-1087>`_ AAF init containers init with exit 0 even if failing + Version: 2.1.15 (El Alto, 5.0.1) --------------------------------------------- diff --git a/misc/pom.xml b/misc/pom.xml index 66851bc1..61d4f5d2 100644 --- a/misc/pom.xml +++ b/misc/pom.xml @@ -73,6 +73,12 @@ <artifactId>junit</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> + </dependencies> <modules> diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml index d24e8510..d4183fb9 100644 --- a/misc/xgen/pom.xml +++ b/misc/xgen/pom.xml @@ -78,6 +78,11 @@ <artifactId>aaf-misc-env</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>1.2.1</version> + </dependency> </dependencies> <!-- ============================================================== --> diff --git a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java index 9f1f2a38..0d41bd9b 100644 --- a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java +++ b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java @@ -28,6 +28,7 @@ import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.Trans;
import org.onap.aaf.misc.xgen.html.State;
+import org.owasp.encoder.Encode;
public class Section<G extends XGen<G>> {
protected int indent;
@@ -48,11 +49,11 @@ public class Section<G extends XGen<G>> { }
public void forward(Writer w) throws IOException {
- w.write(forward);
+ w.write(Encode.forJava(forward));
}
public void back(Writer w) throws IOException {
- w.write(backward);
+ w.write(Encode.forJava(backward));
}
public String toString() {
|