diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-21 15:14:46 +0200 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-24 15:54:49 +0200 |
commit | 31643c4db220bda9ffd9ac06d884f9035bbc4e1f (patch) | |
tree | a9ad892221003230824591cd9fe673c3d55d53c1 | |
parent | 85b0d73e7150af1cbebefa8e6f0ab4b5c96e6019 (diff) |
Persistent XSS vulnerability in microservices form
javax.validation.Validator used to fix this vulnerability issue.
Issue-ID: OJSI-19
Change-Id: I6993ca2ef750924a826f86de991ae0d2b47c3b57
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
-rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java index 3f507726..2e1a2b46 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java @@ -58,6 +58,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.service.WidgetMService; import org.onap.portalapp.portal.service.MicroserviceService; import org.onap.portalapp.portal.utils.EcompPortalUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; @@ -78,7 +79,7 @@ import org.springframework.web.client.RestTemplate; @EnableAspectJAutoProxy @EPAuditLog public class MicroserviceController extends EPRestrictedBaseController { - public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + private final DataValidator dataValidator = new DataValidator(); String whatService = "widgets-service"; RestTemplate template = new RestTemplate(); @@ -96,10 +97,7 @@ public class MicroserviceController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", "MicroserviceData cannot be null or empty"); }else { - Validator validator = VALIDATOR_FACTORY.getValidator(); - - Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData); - if(!constraintViolations.isEmpty()){ + if(!dataValidator.isValid(newServiceData)){ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", "MicroserviceData is not valid"); } @@ -129,10 +127,7 @@ public class MicroserviceController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", "MicroserviceData cannot be null or empty"); }else { - Validator validator = VALIDATOR_FACTORY.getValidator(); - - Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData); - if(!constraintViolations.isEmpty()){ + if(!dataValidator.isValid(newServiceData)){ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", "MicroserviceData is not valid"); } |