summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-10-21 15:14:46 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-10-24 15:54:49 +0200
commit31643c4db220bda9ffd9ac06d884f9035bbc4e1f (patch)
treea9ad892221003230824591cd9fe673c3d55d53c1
parent85b0d73e7150af1cbebefa8e6f0ab4b5c96e6019 (diff)
Persistent XSS vulnerability in microservices form
javax.validation.Validator used to fix this vulnerability issue. Issue-ID: OJSI-19 Change-Id: I6993ca2ef750924a826f86de991ae0d2b47c3b57 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
-rw-r--r--ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java13
1 files changed, 4 insertions, 9 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
index 3f507726..2e1a2b46 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
@@ -58,6 +58,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog;
import org.onap.portalapp.portal.service.WidgetMService;
import org.onap.portalapp.portal.service.MicroserviceService;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
+import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.util.SystemProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
@@ -78,7 +79,7 @@ import org.springframework.web.client.RestTemplate;
@EnableAspectJAutoProxy
@EPAuditLog
public class MicroserviceController extends EPRestrictedBaseController {
- public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+ private final DataValidator dataValidator = new DataValidator();
String whatService = "widgets-service";
RestTemplate template = new RestTemplate();
@@ -96,10 +97,7 @@ public class MicroserviceController extends EPRestrictedBaseController {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
"MicroserviceData cannot be null or empty");
}else {
- Validator validator = VALIDATOR_FACTORY.getValidator();
-
- Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
- if(!constraintViolations.isEmpty()){
+ if(!dataValidator.isValid(newServiceData)){
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
"ERROR", "MicroserviceData is not valid");
}
@@ -129,10 +127,7 @@ public class MicroserviceController extends EPRestrictedBaseController {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
"MicroserviceData cannot be null or empty");
}else {
- Validator validator = VALIDATOR_FACTORY.getValidator();
-
- Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
- if(!constraintViolations.isEmpty()){
+ if(!dataValidator.isValid(newServiceData)){
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
"ERROR", "MicroserviceData is not valid");
}