diff options
Diffstat (limited to 'ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java')
-rw-r--r-- | ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java index 9c25b3aee..107983562 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java @@ -62,6 +62,9 @@ public class PushPolicyController { private static String errorMsg = "error"; private static String operation = "operation"; private static String messageContent = "message"; + + private static final String REGEX = "[0-9a-zA-Z._ ]*"; + @Autowired public PushPolicyController(CommonClassDao commonClassDao){ PushPolicyController.commonClassDao = commonClassDao; @@ -128,12 +131,12 @@ public class PushPolicyController { } if(selectedPDPGroup==null){ String message = "Unknown groupId '" + selectedPDPGroup + "'"; + if(!message.matches(REGEX) ){ + message = "Unknown groupId"; + } PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); response.addHeader(errorMsg, "unknownGroupId"); response.addHeader(operation, "push"); - //for fixing Header Manipulation of Fortify issue - message = message.replace("\n", ""); - message = message.replace("\r", ""); response.addHeader(messageContent, message); response.setStatus(HttpServletResponse.SC_NOT_FOUND); return; |