aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBruno Sakoto <bruno.sakoto@bell.ca>2021-04-07 12:55:41 +0000
committerGerrit Code Review <gerrit@onap.org>2021-04-07 12:55:41 +0000
commit6b300ead182d9724658f0188631e538851e8f566 (patch)
tree5f48c8b2c2e70884a7fbb0be66e32bd99ae149f4
parent4b8ae57149d157cfe8619f99dd8fb82e067f26ce (diff)
parent6e4ce6970552917c0f35617164017d93bd6b2f1b (diff)
Merge "Fix security hotspots n Regex"
-rw-r--r--cps-application/src/main/java/org/onap/cps/config/WebSecurityConfig.java2
-rw-r--r--cps-ri/src/main/java/org/onap/cps/spi/query/CpsPathQuery.java3
2 files changed, 3 insertions, 2 deletions
diff --git a/cps-application/src/main/java/org/onap/cps/config/WebSecurityConfig.java b/cps-application/src/main/java/org/onap/cps/config/WebSecurityConfig.java
index fbf1be9a18..93a3a6ed2b 100644
--- a/cps-application/src/main/java/org/onap/cps/config/WebSecurityConfig.java
+++ b/cps-application/src/main/java/org/onap/cps/config/WebSecurityConfig.java
@@ -55,7 +55,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired @Value("${security.auth.password}") final String password
) {
super();
- this.permitUris = permitUris.isEmpty() ? new String[] {"/v3/api-docs"} : permitUris.split("\\s*,\\s*");
+ this.permitUris = permitUris.isEmpty() ? new String[] {"/v3/api-docs"} : permitUris.split("\\s{0,9},\\s{0,9}");
this.username = username;
this.password = password;
}
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/query/CpsPathQuery.java b/cps-ri/src/main/java/org/onap/cps/spi/query/CpsPathQuery.java
index 7b9bfba174..97a304d763 100644
--- a/cps-ri/src/main/java/org/onap/cps/spi/query/CpsPathQuery.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/query/CpsPathQuery.java
@@ -39,7 +39,8 @@ public class CpsPathQuery {
private static final String NON_CAPTURING_GROUP_1_TO_99_YANG_CONTAINERS = "((?:\\/[^\\/]+){1,99})";
- private static final String YANG_LEAF_VALUE_EQUALS_CONDITION = "\\[\\s*@(\\S+?)\\s*=\\s*(.*?)\\s*\\]";
+ private static final String YANG_LEAF_VALUE_EQUALS_CONDITION =
+ "\\[\\s{0,9}@(\\S+?)\\s{0,9}=\\s{0,9}(.*?)\\s{0,9}\\]";
private static final Pattern QUERY_CPS_PATH_WITH_SINGLE_LEAF_PATTERN =
Pattern.compile(NON_CAPTURING_GROUP_1_TO_99_YANG_CONTAINERS + YANG_LEAF_VALUE_EQUALS_CONDITION);