From 16c3995a89892b1dad4dab7df0f6200ac8b09f92 Mon Sep 17 00:00:00 2001 From: Raviteja Cherughattu Date: Wed, 27 May 2020 12:08:55 -0500 Subject: Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111 Issue-ID: AAF-1115 Change-Id: I05d8d7a19236ad476d2a37b51a6c4a84ba2b8546 Signed-off-by: Raviteja Cherughattu --- cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'cadi') diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java index c7b2605f..898b99c9 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java @@ -47,7 +47,7 @@ import org.onap.aaf.misc.env.Data; import org.onap.aaf.misc.env.Data.TYPE; import org.onap.aaf.misc.env.util.Pool.Pooled; import org.onap.aaf.misc.rosetta.env.RosettaDF; - +import org.owasp.encoder.Encode; /** * Low Level Http Client Mechanism. Chances are, you want the high level "HRcli" * for Rosetta Object Translation @@ -396,8 +396,10 @@ public class HClient implements EClient { // reuse Buffers Pooled pbuff = Rcli.buffPool.get(); try { + String strTemp; while ((read=is.read(pbuff.content))>=0) { - os.write(pbuff.content,0,read); + strTemp = new String(pbuff.content,0,read); + os.write(Encode.forJava(strTemp).getBytes()); } } finally { pbuff.done(); @@ -412,8 +414,10 @@ public class HClient implements EClient { errContent = new StringBuilder(); Pooled pbuff = Rcli.buffPool.get(); try { + String strTemp; while ((read=is.read(pbuff.content))>=0) { - os.write(pbuff.content,0,read); + strTemp = new String(pbuff.content,0,read); + os.write(Encode.forJava(strTemp).getBytes()); } } finally { pbuff.done(); -- cgit 1.2.3-korg