From 9b323f102056c57c5dbc10917c9c72ddb929c418 Mon Sep 17 00:00:00 2001 From: guangxingwang Date: Mon, 5 Feb 2018 14:01:00 -0600 Subject: Implement Encryption on Passwords Fix Fortify scan issue - hardcoded password in properties file Issue-ID: POLICY-542 Change-Id: Icefd4097dc2e20c0ec2b78c002599defb6034267 Signed-off-by: guangxingwang --- LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'LogParser/src') diff --git a/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java b/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java index 1dbe12523..827516e75 100644 --- a/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java +++ b/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * LogParser * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -50,6 +50,7 @@ import org.onap.policy.common.im.AdministrativeStateException; import org.onap.policy.common.im.IntegrityMonitor; import org.onap.policy.common.im.StandbyStatusException; import org.onap.policy.common.logging.flexlogger.FlexLogger; +import org.onap.policy.utils.CryptoUtils; import org.onap.xacml.parser.LogEntryObject.LOGTYPE; /** @@ -808,7 +809,8 @@ public class ParseLog { jdbcUrl = config.getProperty("JDBC_URL").replace("'", ""); jdbcUser = config.getProperty("JDBC_USER"); jdbcDriver = config.getProperty("JDBC_DRIVER"); - jdbcPassword = config.getProperty("JDBC_PASSWORD"); + jdbcPassword = CryptoUtils.decryptTxtNoExStr(config.getProperty("JDBC_PASSWORD", "")); + config.setProperty("javax.persistence.jdbc.password", CryptoUtils.decryptTxtNoExStr(config.getProperty("javax.persistence.jdbc.password", ""))); return config; } catch (IOException e) { -- cgit 1.2.3-korg