From 16c3995a89892b1dad4dab7df0f6200ac8b09f92 Mon Sep 17 00:00:00 2001 From: Raviteja Cherughattu Date: Wed, 27 May 2020 12:08:55 -0500 Subject: Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111 Issue-ID: AAF-1115 Change-Id: I05d8d7a19236ad476d2a37b51a6c4a84ba2b8546 Signed-off-by: Raviteja Cherughattu --- auth/auth-cmd/pom.xml | 6 +++++- auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'auth/auth-cmd') diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml index 7133a5b1..01ec4ec9 100644 --- a/auth/auth-cmd/pom.xml +++ b/auth/auth-cmd/pom.xml @@ -178,7 +178,11 @@ jline 2.14.2 - + + org.owasp.encoder + encoder + 1.2.1 + diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java index 0ae4ce99..40616abc 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java @@ -54,6 +54,7 @@ import aaf.v2_0.History; import aaf.v2_0.History.Item; import aaf.v2_0.Request; +import org.owasp.encoder.Encode; public abstract class Cmd { // Sonar claims DateFormat is not thread safe. Leave as Instance Variable. @@ -272,7 +273,7 @@ public abstract class Cmd { sb.append(", "); sb.append(desc); } - pw().println(sb); + pw().println(Encode.forJava(sb.toString())); } -- cgit 1.2.3-korg