diff options
author | Lorraine Welch <lb2391@att.com> | 2021-02-04 19:56:02 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-02-04 19:56:02 +0000 |
commit | 8bef43390ca9a80088fcdd8a7dbef6d001c12452 (patch) | |
tree | 58594cccb7c7e32b5bc0fe2046bd30f8573b8e9e | |
parent | e427f4a23b209a5ecbf437460a5a68bb79642e26 (diff) | |
parent | 72a2f45de200bb556fb3f7b4dde2b66e251609d1 (diff) |
Merge "Changes done to improve error log percentage"
-rw-r--r-- | ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java index 3adc313a..cc4ba85f 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java @@ -160,18 +160,21 @@ public class SecurityXssValidator { logger.info(EELFLoggerDelegate.applicationLogger, "denyXSS() replacing ×eclgn with empty string for request value : " + value); value=value.replaceAll("×eclgn", ""); } + while(value.contains("%25")) { + value = value.replaceAll("%25", "%"); + } value = ESAPI.encoder().canonicalize(value); for (Pattern xssInputPattern : XSS_INPUT_PATTERNS) { if (xssInputPattern.matcher(value).matches()) { flag = Boolean.TRUE; break; } - } } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed for request with value : " + value, e); + logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed for request with value : " + e.getMessage()); + logger.debug(EELFLoggerDelegate.debugLogger, "denyXSS() failed for request with value : " + value, e); } return flag; @@ -208,6 +211,5 @@ public class SecurityXssValidator { public void setXSS_INPUT_PATTERNS(List<Pattern> xSS_INPUT_PATTERNS) { XSS_INPUT_PATTERNS = xSS_INPUT_PATTERNS; } - }
\ No newline at end of file |