Fix Fortify Scan Issue:

1) Fix Fortify Header Manipulation issue by checking the format of the
message before adding it response header.

2) Fix Fortify Hardcoded Password issue by using encryption and decryption

Issue-ID: POLICY-543
Change-Id: I16b44b9b0670b1af75094c9ae9d1f7d352fa894a
Signed-off-by: guangxingwang <gw1218@att.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
index 9ab4252c7..59194841f 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
@@ -40,6 +40,7 @@ import org.onap.policy.common.logging.flexlogger.FlexLogger;
 import org.onap.policy.common.logging.flexlogger.Logger;
 import org.onap.policy.pdp.rest.config.PDPApiAuth;
 import org.onap.policy.rest.XACMLRestProperties;
+import org.onap.policy.utils.CryptoUtils;
 import org.onap.policy.xacml.api.XACMLErrorConstants;
 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
 
@@ -76,7 +77,7 @@ public class PAPServices {
     private String getPAPEncoding(){
         if(encoding  == null){
             String userID =  XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
-            String pass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS);
+            String pass =CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
             Base64.Encoder encoder = Base64.getEncoder();
             encoding =  encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8));
         }