summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-06-06 10:52:16 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-07-12 11:21:04 +0200
commit5aab72338c356e035862b914be4ca294c9d17fc8 (patch)
tree38cf51ce3bc3c08765a62d05540014e07b90dc50 /ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
parent73248465fc2867a3dd1a6494afb6b0774c9028f2 (diff)
XSS Vulnerability fix in AppsController
Custom XSS filter used to fix thisa issue. DataValidator upgrade to single instance of ValidatorFactory; Issue-ID: OJSI-15 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: I7222cfb84e1e5bb240619aac9c7bca85d215229a
Diffstat (limited to 'ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java')
-rw-r--r--ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java16
1 files changed, 13 insertions, 3 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
index 46a60c81..9fe3a887 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
@@ -47,15 +47,25 @@ import org.springframework.stereotype.Component;
@Component
public class DataValidator {
- private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+ private volatile static ValidatorFactory VALIDATOR_FACTORY;
- public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid){
+ public DataValidator() {
+ if (VALIDATOR_FACTORY == null) {
+ synchronized (DataValidator.class) {
+ if (VALIDATOR_FACTORY == null) {
+ VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+ }
+ }
+ }
+ }
+
+ public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid) {
Validator validator = VALIDATOR_FACTORY.getValidator();
Set<ConstraintViolation<E>> constraintViolations = validator.validate(classToValid);
return constraintViolations;
}
- public <E> boolean isValid(E classToValid){
+ public <E> boolean isValid(E classToValid) {
Set<ConstraintViolation<E>> constraintViolations = getConstraintViolations(classToValid);
return constraintViolations.isEmpty();
}