diff options
author | 2019-06-06 10:52:16 +0200 | |
---|---|---|
committer | 2019-07-12 11:21:04 +0200 | |
commit | 5aab72338c356e035862b914be4ca294c9d17fc8 (patch) | |
tree | 38cf51ce3bc3c08765a62d05540014e07b90dc50 /ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java | |
parent | 73248465fc2867a3dd1a6494afb6b0774c9028f2 (diff) |
XSS Vulnerability fix in AppsController
Custom XSS filter used to fix thisa issue.
DataValidator upgrade to single instance of ValidatorFactory;
Issue-ID: OJSI-15
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: I7222cfb84e1e5bb240619aac9c7bca85d215229a
Diffstat (limited to 'ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java')
-rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java index 46a60c81..9fe3a887 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java @@ -47,15 +47,25 @@ import org.springframework.stereotype.Component; @Component public class DataValidator { - private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + private volatile static ValidatorFactory VALIDATOR_FACTORY; - public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid){ + public DataValidator() { + if (VALIDATOR_FACTORY == null) { + synchronized (DataValidator.class) { + if (VALIDATOR_FACTORY == null) { + VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + } + } + } + } + + public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid) { Validator validator = VALIDATOR_FACTORY.getValidator(); Set<ConstraintViolation<E>> constraintViolations = validator.validate(classToValid); return constraintViolations; } - public <E> boolean isValid(E classToValid){ + public <E> boolean isValid(E classToValid) { Set<ConstraintViolation<E>> constraintViolations = getConstraintViolations(classToValid); return constraintViolations.isEmpty(); } |