From 16c3995a89892b1dad4dab7df0f6200ac8b09f92 Mon Sep 17 00:00:00 2001 From: Raviteja Cherughattu Date: Wed, 27 May 2020 12:08:55 -0500 Subject: Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111 Issue-ID: AAF-1115 Change-Id: I05d8d7a19236ad476d2a37b51a6c4a84ba2b8546 Signed-off-by: Raviteja Cherughattu --- auth/auth-core/pom.xml | 5 +++++ .../src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'auth/auth-core') diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml index 884ecbe3..972b12cb 100644 --- a/auth/auth-core/pom.xml +++ b/auth/auth-core/pom.xml @@ -107,6 +107,11 @@ org.slf4j slf4j-log4j12 + + org.owasp.encoder + encoder + 1.2.1 + diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java index cdda50db..b342c428 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java @@ -53,6 +53,7 @@ import org.onap.aaf.misc.env.EnvJAXB; import org.onap.aaf.misc.env.LogTarget; import org.onap.aaf.misc.env.Store; import org.onap.aaf.misc.env.Trans; +import org.owasp.encoder.Encode; /* * CachingFileAccess * @@ -429,9 +430,9 @@ public class CachingFileAccess extends HttpCode"); - w.append(f.getName()); + w.append(Encode.forJava(f.getName())); w.append("\n"); } w.append(F); -- cgit 1.2.3-korg