| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Update docs/submodules/portal.git from branch 'master'
to c2502f81cc07d6b6c619d334f7e81ea82e47223a
- PeerBroadcastSocket sonar issues fix and code refactor
Sonar issues fix and code refactor.
Session data save moved to another method.
Rest of code don't really do anything.
Issue-ID: PORTAL-624
Change-Id: I53b36377f2d2645d8c24ad2384959f0599e07303
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 6a9580d025114106e82fc49da895bbc857a3e91b
- ONAPWelcomeController sonar issue fix
String viewName and getter/setter can be romoved from his class.
ONAPWelcomeController Overrides this field 1 to 1.
Issue-ID: PORTAL-652
Change-Id: Idbb41f52a63c6ea681f6ba7753991d766849e3a2
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to caf5dec3f7ddb89fc26b7579e5d7f15ac54e500c
- ONAPLoginController sonar issues fix.
Sonar issues fix plus @Autowired in constructor not in fields.
Issue-ID: PORTAL-651
Change-Id: I99329b986877d040c6fdda9daf42a5c501a39605
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 62be40d079c97648353c1ad45819d3a24ff82fe5
- SimpleLoginStrategy sonar issues fix
"Either remove or fill this block of code."
"Move the "" string literal on the left side of this string comparison."
"Define and throw a dedicated exception instead of using a generic one."
Issue-ID: PORTAL-650
Change-Id: I92018287a6f585020f0ae6f042b1bb1de84a5e14
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 32b9dcf937f5ddfb3bd7d606155a505661bc6093
- OpenIdConnectLoginStrategy sonar issues fix
Redundant suppression("rawtypes") removed.
Sonar issue:
Move the "" string literal on the left side of this string comparison.
Define and throw a dedicated exception instead of using a generic one.
Issue-ID: PORTAL-649
Change-Id: Ia2c80ad4848c22c94a2db731425250784d382841
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 2a462c99939b19f972813b64c7a4d6e33b9aaa5a
- Merge "Fix sql injection vulnerability"
- Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I676ed349746cdabf320027dd27a0c16949fff6d8
|
|
* Update docs/submodules/portal.git from branch 'master'
to 37ea104d5c99b4100381cc0e8e79be3feb98a0ec
- Merge "Fix sql injection vulnerability"
- Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I45895dc7665ff17394e602cbccf875e4e91b5ce1
|
|
* Update docs/submodules/portal.git from branch 'master'
to 80ddb55b9f5569c6443104150cb74ba2ae4fcb08
- Merge "Fix sql injection vulnerability"
- Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I5cb7561e4b2b781834bd4f2ec36dee58b4738bf2
|
|
* Update docs/submodules/portal.git from branch 'master'
to 89e5721f7e8e45fd0f26597a8b8082d90b47839c
- WebAnalyticsExtAppController sonar issues
- Rename this local variable to match the regular expression
- Make this anonymous inner class a lambda.
- Immediately return this expression instead of assigning it to
the temporary variable "response".
- Move the "" string literal on the left side of this string comparison.
- Replace the type specification in this constructor call
with the diamond operator ("<>").
Issue-ID: PORTAL-648
Change-Id: I1666d94dccbbe8aa835ea9a443a9973a245353f4
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 0722bf2fc95a1ccaabbc293dccc0d05ed0727b84
- HealthMonitor sonar issues
Remove this unused "numIntervalsClusterNotHealthy" local variable.
Use "Long.parseLong" for this string-to-long conversion.
Make the enclosing method "static" or remove this set.
Change this instance-reference to a static reference.
Remove the literal "false" boolean value.
This block of commented-out lines of code should be removed.
Add the "@Override" annotation above this method signature
Issue-ID: PORTAL-647
Change-Id: I1880177f0906e6267807bbb9c0b7a81651e3c020
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 42fac09a9de610875a90e6eb8df58ea7b3c317f6
- EPLdapService sonar issue fix
Annotate the interface with the @FunctionalInterface annotation.
Issue-ID: PORTAL-646
Change-Id: Idc6c70b9edaed73024721a3bc8c91796a0df9183
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 38bc3cb1b318a7b1ccfe0c37e835ac68ac9c60e5
- AppWithRolesForUser sonar security issue
I used Lombok annotation to provide accessors.
Issue-ID: PORTAL-645
Change-Id: Iad852434f30b81535398913df162fa8f4bd1ecff
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to d9a26e7fe8c2dfee2ea43ae697278e11f10f31e9
- Merge "PortalAdminUserRole class DB constraints"
- PortalAdminUserRole class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-636
Change-Id: I8fb4f50e672e17b9e169303eb09255fe57288b45
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to fd64af5e46b31e731e3e9e11b037361b0a73d965
- Merge "MicroserviceParameter class DB constraints"
- MicroserviceParameter class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-635
Change-Id: Idcca0d46d1779d5fae874aff38cfd7f59f73c9b0
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to e42eae64a6ed2dbdf9dd1112bb31633faf60e0a3
- Merge "MicroserviceDataApp class DB constraints"
- MicroserviceDataApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-634
Change-Id: Ife3b0116b986d52fd17612937b2a74fa76062ed9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 4d0b6c18868e0a5fdbd876d4e0fdb18ae5b4573e
- Merge "Application Onboarding page changes "
- Application Onboarding page changes
Issue-ID: PORTAL-644
Application Onboarding page changes , DB scripts
Change-Id: Id689e15f5abd56192420e6761440659531108ab4
Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 8b67487fa29e61ad15ac961231ebb3b6621d39dc
- Merge "Sonar: Reduce cyclomatic complexity"
- Sonar: Reduce cyclomatic complexity
Reduce the number of conditional operators for equals(). Improve
testEquals() to better cover this method.
This patch also:
* immediately returns expression instead of assigning it to the
temporary variable "str",
* adds the "@Override" annotation above equals() method signature.
Issue-ID: PORTAL-595
Change-Id: I15f600acce873eb3f22cc405d06a50890c7e87c3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 4027435c28e1433df2476b83a6e77ba4d1d865bd
- Merge "WidgetFileApp class DB constraints"
- WidgetFileApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-633
Change-Id: Id7b45dedafe2e5f9e799a93d219baef46c88d124
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 9f45f60932b17364ade24f29c7831bd3ef757bc5
- Merge "FavoritesFunctionalMenuItem class DB constraints"
- FavoritesFunctionalMenuItem class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-632
Change-Id: Ia7c2f4ad0aa5cc85db73142d0fecd46da535c3d9
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to c56b27404151b0d283cd16f7c5311ee4fb67936f
- Merge "WidgetCatalog class DB constraints"
- WidgetCatalog class DB constraints
Java Bean Validation SR 380 annotations added to classes
Plains getter/setter converted to lombok annotation
Issue-ID: PORTAL-630
Change-Id: Id866ec4bc0dc428adfbb7cdc64fe15f7faf837f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 2aed32aa93c86ae3685b3134f10d884d1a34582a
- Merge "Change default character to utf8 for portal db"
- Change default character to utf8 for portal db
Change-Id: I6a1bb2f1b6b501662c7ae2ca902c3d61c7534125
Issue-ID: PORTAL-565
Signed-off-by: shentao999 <shentao@chinamobile.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 017404f69410a07bc0d44308f80902bf81ece059
- Merge "Sonar critical fixes in MicroserviceServiceImpl"
- Sonar critical fixes in MicroserviceServiceImpl
Fixed critical issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.
Issue-ID: PORTAL-591
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Icc2b6fb45777582486e1060245cdf94e4f6d685d
|
|
* Update docs/submodules/portal.git from branch 'master'
to b475a63d78de90cb89301e3830a61b6fe2a723f0
- Merge "Sonar fix: make "dateFormat" an instance variable"
- Sonar fix: make "dateFormat" an instance variable
Fixed critical Sonar issue. SimpleDateFormat was declared as a static
but it is not tread-safe and it keeps an internal state.
Compliant solution has been applied with additional DateUtil class.
Issue-ID: PORTAL-590
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ic6243052804a410cb750c6c219c702469c86ff78
|
|
* Update docs/submodules/portal.git from branch 'master'
to 5312423cbaf998b8f104495833b3f019bffac204
- Merge "Sonar critical fixes in EPAppCommonServiceImpl"
- Sonar critical fixes in EPAppCommonServiceImpl
Fixed issues according to the Sonar analysis:
-Fixed imports.
-Fixed logical comparisons.
-Fixed comparisons between unrelated types.
Issue-ID: PORTAL-588
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ibc204e0218788bb82f947c668d68fb6e88db7043
|
|
* Update docs/submodules/portal.git from branch 'master'
to 7d9545688ca7fb73dc668320cdcbab8584b31e15
- Merge "RoleApp class DB constraints"
- RoleApp class DB constraints
Java Bean Validation SR 380 annotations added to classes
Lombod added to widget-ms
Plains getter/setter converted to lombok annotation
Issue-ID: PORTAL-629
Change-Id: I31639672510994412149ed8be92cb8e1b022f646
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to e3f250e95491450a1c1040f8fc55c376aca8c072
- Merge "App class DB constraints"
- App class DB constraints
Java Bean Validation SR 380 annotations added to classes
Issue-ID: PORTAL-627
Change-Id: I827f99ef75c6af3f9881fe68f1cb245795ba2734
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 4b12eacf41dd7866039f1b9059188c619c317ad6
- Merge "FunctionalMenuItem DB constraints fix"
- FunctionalMenuItem DB constraints fix
Add @Digits to secure Long type fields
Issue-ID: PORTAL-626
Change-Id: I59080c9103369d96a42c574356f0635265335d0a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 5f652908e3cffe593c03a4f352ab0d33663b1639
- Merge "FunctionalMenuItem DB constraints add"
- FunctionalMenuItem DB constraints add
Java Bean Validation SR 380 annotations added to classes
Unnecessary boxing removed.
Issue-ID: PORTAL-626
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ic1c20870fd781d46061077fd14b81a65dea93e6e
|
|
* Update docs/submodules/portal.git from branch 'master'
to 9d730f0c98561e566be9adba12c0b044f5924a9f
- Merge "XSS Vulnerability fix in DashboardSearchResultController"
- XSS Vulnerability fix in DashboardSearchResultController
Custom Validator is used to secure this endpoints.
Issue-ID: OJSI-15
Change-Id: Idf523a53bc5fe9e1df8110526d56336953759c86
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to a5e70096b0cf77fb10d18e4ecd4e67be40ceedaf
- Merge "Custom data validator"
- Custom data validator
By creating custom data validator we can reduce code duplications.
Issue-ID: OJSI-15
Change-Id: I39decf1d6ded559322c4445f0956fad2a159878d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 682773f88ca8b69b5ba9dee3515d437522817148
- Merge "XSS Vulnerability fix in TicketEventController"
- XSS Vulnerability fix in TicketEventController
@SafeHtml and SecureString used to fix this issue;
Issue-ID: OJSI-209
Change-Id: I588872839696c824135bab88c100b31c23d960ba
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 5b6231bb65d5033f911827b13572bc70756d7b1d
- Merge "XSS Vulnerability fix in RoleManageController"
- XSS Vulnerability fix in RoleManageController
@SafeHtml and SecureString used to secure this class
Issue-ID: OJSI-208
Change-Id: Ie01799933add3419cacf0fc716ce2da6da0a2853
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 9abe14fca14a8f15a7ee58cab1e92908282fef0b
- Merge "Fix sql injection vulnerability"
- Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Add new test for function 'createLocalUserIfNecessary'.
Issue-ID: OJSI-174
Change-Id: Iddd65893bb2cb16c90d4f8db59816fdf261874bc
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to e496b1b94a07e7995fefd8113c0fbe25953322ea
- Merge "XSS Vulnerability fix in AppsOSController"
- XSS Vulnerability fix in AppsOSController
SecureString class used to secure PathVariable.
Issue-ID: OJSI-207
Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 3462e289aec5880f3e2f2f23ce4b5f70160ba7f4
- Merge "XSS Vulnerability fix in AppsControllerExternalRequest"
- XSS Vulnerability fix in AppsControllerExternalRequest
@SafeHtml annotation is used to fix this problem.
This patch also fix some minor issues:
* isAuxRESTfulCall() method delete. Method was nowhere used.
* '.length() == 0' changed to '.isEmpty()'
Issue-ID: PORTAL-604
Change-Id: Ib7091622081f507812654b50275ad7ac4c97bfc3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to d0983c06165682e054af165621ae84d858b08117
- Merge "Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl"
- Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl
This patch also fix some minor issues:
* 'fori' loop replaced with 'foreach'
* Sonar issue: Replace the type specification in this constructor call
with the diamond operator ("<>").
* redundant 'throws'. Exception will never throw
* unnecessary temporary local variable
Issue-ID: PORTAL-603
Change-Id: If23afb9f4a10f0ad06c712cb95a38b54dc5cd089
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to d86f64c663b7b82f529617b6c8c0ea69a926f950
- Merge "XSS Vulnerability fix in MicroserviceController"
- XSS Vulnerability fix in MicroserviceController
@SafeHtml annotation is used to fix this problem.
This commit also fix:
* redundant local variable issue
* sonar issue: Replace the type specification in this constructor call with
the diamond operator ("<>").
* performance issue - String concatenation argument as argument
to 'StringBuilder.append()' call
* redundant cast
* redundant 'throws Exception'. 'Exception' is never thrown
* access static member via instance reference
* unused declarations
Issue-ID: PORTAL-602
Change-Id: Id92fe2d9cfe239474403f611f3d5d0170acf63cc
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 2341313316b631be275294622ca9d4281e1f20bc
- Merge "XSS Vulnerability fix in DashboardSearchResultController"
- XSS Vulnerability fix in DashboardSearchResultController
@SafeHtml annotation is used to fix this problem.
New class 'SecureString' must be added to project to valid incoming Strings
from '@RequestParam String incoming String'
pom.xml file update.
This patch also fix:
* remove unnecessary semicolon
* Sonar issue: Replace the type specification in this constructor call with
the diamond operator ("<>")
Issue-ID: PORTAL-601
Change-Id: Id214b6e65f0c486141679fd23725a7fb66443acd
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to f4359045f50372d8cf5c8ce0eb08d4b6c2cf26ba
- Merge "Fix sonar issue: Override "equals(Object obj)""
- Fix sonar issue: Override "equals(Object obj)"
This commit provide equals method for CentralV2UserApp and test for this method.
Issue-ID: PORTAL-599
Change-Id: Ied44c680032831ec6a02211f658ec16f0aad8f4a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to e98d94edaa2276b33959f5ef6d45f3fdeeab37ee
- Updated Dublin Release Notes
Issue-ID: PORTAL-592
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I4d1e7e8bd83ed2adb7df25ccf4c694b1c81ef879
|
|
* Update docs/submodules/portal.git from branch 'master'
to 708ef7b50e2d81ebd85c11a20211042b630bc99f
- Added lorraineawelch to INFO.yaml
Issue-ID: PORTAL-618
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I3d7f57c8cc20347f8adeefbada2eaffde0940262
|
|
* Update docs/submodules/portal.git from branch 'master'
to 40c8f073970f3664786d1bb4d4c69ed3f57b8b45
- Merge changes I1c586793,I47249407,Idad22dea,I5c3bee06,I5cb96956
* changes:
Document OJSI-190 vulnerability
Document OJSI-174 (CVE-2019-12318) vulnerability
Document OJSI-92 (CVE-2019-12121) vulnerability
Document OJSI-65 (CVE-2019-1212) vulnerability
Document OJSI-15 (CVE-2019-12317) vulnerability
- Document OJSI-190 vulnerability
Issue-ID: OJSI-190
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I1c586793b744a5807e7b1a7a1d416dfd43409ab0
- Document OJSI-174 (CVE-2019-12318) vulnerability
Issue-ID: OJSI-174
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I47249407ccb62ca7ffd1d8edc9ada8793f4c53c9
- Document OJSI-92 (CVE-2019-12121) vulnerability
Issue-ID: OJSI-92
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361
- Document OJSI-65 (CVE-2019-1212) vulnerability
Issue-ID: OJSI-65
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5c3bee06c2b1da3eca2bb583c57decb35b0f32c0
- Document OJSI-15 (CVE-2019-12317) vulnerability
Issue-ID: OJSI-15
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5cb96956f25e09a390ef24a52f6222c0cc7b9e94
|
|
* Update docs/submodules/portal.git from branch 'master'
to 88f48d47dc427e73842c0b65a6b544c8229c2773
- Merge "Don't give the user the exact stack trace of the exception"
- Don't give the user the exact stack trace of the exception
Catching the exception in the SecurityXssFilter class.
Issue-ID: OJSI-192
Change-Id: I8d9d7a3032f98afcb58285b13b13d5ce35fddadd
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to ee8d6a877f7709f28da43b0f10baf659876c4bed
- Merge "Don't give user the exact exception description"
- Don't give user the exact exception description
The exact description of the exception especially if related to
cryptography cannot be given to the user as it may be abused by the
attacker.
To fix that, we started to use @ExceptionHandler for all exceptions
in the LoginController as well.
CVE: CVE-2019-12121
Issue-ID: OJSI-92
Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to ba546e970d779a5e87a07b3058a85e1446c39129
- Merge "Removed user password from portal's profile API"
- Removed user password from portal's profile API
ONAP Portal allowed to retrieve password of currently active user via
"/portalApi/loggedinUser" endpoint. Prefilled "Login Password" field
has been changed to "*****" and password is not send anymore to the
frontend. Only after change of this default value
password will be updated. Confirm Password field has been removed
from the UI. In the future password change could be additionally also
checked on the backend side to verify current password
before updating it.
Issue-ID: OJSI-65
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
Change-Id: I00b7713557247d211927c437f31f118095ad0726
|
|
* Update docs/submodules/portal.git from branch 'master'
to 59eebbf3cb31d01345d973098a73a866b1d08466
- Document OJSI-106 vulnerability
Issue-ID: OJSI-106
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I549009cf3c313b0f5307b99ce22b56243e933f8f
|
|
* Update docs/submodules/portal.git from branch 'master'
to 43262c8109f8a65d67e0d273a7b08db202520ff4
- Document OJSI-105 vulnerability
Issue-ID: OJSI-105
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I8c3a00ce98886f7175e5cf85f09309bd50ef702c
|
|
* Update docs/submodules/portal.git from branch 'master'
to 66c406115811a0e83a67791fe4eaa35c54edb2b1
- Document OJSI-97 vulnerability
Issue-ID: OJSI-97
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I56d194918b91580d5d9f6b25e564923fe29c51f3
|
|
* Update docs/submodules/portal.git from branch 'master'
to 53de06c9d6b3c52f9f23ed4904968074b3f833d2
- Improve security release notes
In order to provide users with more details of project's state in
terms of security let's divide the security release notes into three
sections:
- Fixed Security Issues
Contains a list of security fixes merged during this
release (especially those reported via OJSI tickets).
- Known Security Issues
Contains a list of vulnerabilities detected in project during
release which have not been fixed yet and thus should be mitigated
by the user.
- Known Vulnerabilities in Used Modules
Contains information about NexusIQ scan results
Issue-ID: SECCOM-238
Change-Id: Ief8825c38c7723c26e8c7e10a6a13f4b8f9c169d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
* Update docs/submodules/portal.git from branch 'master'
to 5260297bb0fdd7ca1640b45a4c9b96b7fd158a1e
- Dublin Release Notes for Portal
Issue-ID: PORTAL-592
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I93a2ff82f52f709d12bfa92c0d14859d2298b6a1
|
Dominik Mizyn
Sunder Tattavarada
Lorraine Welch
Manoop Talasila
Krzysztof Opasiak