summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-os
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-06-06 10:52:16 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-07-12 11:21:04 +0200
commit5aab72338c356e035862b914be4ca294c9d17fc8 (patch)
tree38cf51ce3bc3c08765a62d05540014e07b90dc50 /ecomp-portal-BE-os
parent73248465fc2867a3dd1a6494afb6b0774c9028f2 (diff)
XSS Vulnerability fix in AppsController
Custom XSS filter used to fix thisa issue. DataValidator upgrade to single instance of ValidatorFactory; Issue-ID: OJSI-15 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: I7222cfb84e1e5bb240619aac9c7bca85d215229a
Diffstat (limited to 'ecomp-portal-BE-os')
-rw-r--r--ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java28
-rw-r--r--ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java5
2 files changed, 12 insertions, 21 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
index 915c5e08..e109ef5d 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
@@ -47,8 +47,8 @@ import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.validation.ValidatorFactory;
+import lombok.NoArgsConstructor;
import org.json.JSONObject;
-import org.onap.portalapp.portal.controller.AppsController;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
@@ -61,6 +61,7 @@ import org.onap.portalapp.util.EPUserUtils;
import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
@@ -69,27 +70,20 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@RestController
-@org.springframework.context.annotation.Configuration
+@Configuration
@EnableAspectJAutoProxy
@EPAuditLog
+@NoArgsConstructor
public class AppsOSController extends AppsController {
private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
- static final String FAILURE = "failure";
- EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
+ private static final String FAILURE = "failure";
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
@Autowired
- AdminRolesService adminRolesService;
- @Autowired
- EPAppService appService;
- @Autowired
- PersUserAppService persUserAppService;
- @Autowired
UserService userService;
-
-
- /**
+ /**
* Create new application's contact us details.
*
* @param contactUs
@@ -102,9 +96,9 @@ public class AppsOSController extends AppsController {
return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE,
"New User cannot be null or empty");
- if (!(adminRolesService.isSuperAdmin(user) || adminRolesService.isAccountAdmin(user))){
+ if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))){
if(!user.getLoginId().equalsIgnoreCase(newUser.getLoginId()))
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE,
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
"UnAuthorized");
}
@@ -113,9 +107,9 @@ public class AppsOSController extends AppsController {
try {
saveNewUser = userService.saveNewUser(newUser,checkDuplicate);
} catch (Exception e) {
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage());
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage());
}
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, saveNewUser, "");
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, "");
}
@RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 15fe1dd9..1083aed2 100644
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -41,10 +41,8 @@ import static org.junit.Assert.assertEquals;
import java.util.ArrayList;
import java.util.List;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
@@ -52,7 +50,6 @@ import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.AppsOSController;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
@@ -87,7 +84,7 @@ public class AppsOSControllerTest {
}
@InjectMocks
- AppsOSController appsOSController = new AppsOSController();
+ AppsOSController appsOSController;
MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();