summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-06-07Added lorraineawelch to INFO.yamlWelch, Lorraine (lb2391)1-0/+5
Issue-ID: PORTAL-618 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I3d7f57c8cc20347f8adeefbada2eaffde0940262
2019-05-30Merge changes I1c586793,I47249407,Idad22dea,I5c3bee06,I5cb96956Manoop Talasila1-0/+6
* changes: Document OJSI-190 vulnerability Document OJSI-174 (CVE-2019-12318) vulnerability Document OJSI-92 (CVE-2019-12121) vulnerability Document OJSI-65 (CVE-2019-1212) vulnerability Document OJSI-15 (CVE-2019-12317) vulnerability
2019-05-30Merge "Don't give the user the exact stack trace of the exception"Manoop Talasila1-20/+26
2019-05-30Merge "Don't give user the exact exception description"Manoop Talasila1-0/+8
2019-05-30Document OJSI-190 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-190 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I1c586793b744a5807e7b1a7a1d416dfd43409ab0
2019-05-30Document OJSI-174 (CVE-2019-12318) vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-174 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I47249407ccb62ca7ffd1d8edc9ada8793f4c53c9
2019-05-30Document OJSI-92 (CVE-2019-12121) vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-92 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361
2019-05-30Document OJSI-65 (CVE-2019-1212) vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-65 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5c3bee06c2b1da3eca2bb583c57decb35b0f32c0
2019-05-30Document OJSI-15 (CVE-2019-12317) vulnerabilityKrzysztof Opasiak1-0/+2
Issue-ID: OJSI-15 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5cb96956f25e09a390ef24a52f6222c0cc7b9e94
2019-05-29Don't give the user the exact stack trace of the exceptionPiotr Borelowski1-20/+26
Catching the exception in the SecurityXssFilter class. Issue-ID: OJSI-192 Change-Id: I8d9d7a3032f98afcb58285b13b13d5ce35fddadd Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
2019-05-28Merge "Removed user password from portal's profile API"Manoop Talasila3-13/+7
2019-05-28Don't give user the exact exception descriptionPiotr Borelowski1-0/+8
The exact description of the exception especially if related to cryptography cannot be given to the user as it may be abused by the attacker. To fix that, we started to use @ExceptionHandler for all exceptions in the LoginController as well. CVE: CVE-2019-12121 Issue-ID: OJSI-92 Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8 Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com> Acked-by: Manoop Talasila <talasila@research.att.com>
2019-05-28Removed user password from portal's profile APIr.bogacki3-13/+7
ONAP Portal allowed to retrieve password of currently active user via "/portalApi/loggedinUser" endpoint. Prefilled "Login Password" field has been changed to "*****" and password is not send anymore to the frontend. Only after change of this default value password will be updated. Confirm Password field has been removed from the UI. In the future password change could be additionally also checked on the backend side to verify current password before updating it. Issue-ID: OJSI-65 Signed-off-by: Robert Bogacki <r.bogacki@samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com> Acked-by: Manoop Talasila <talasila@research.att.com> Change-Id: I00b7713557247d211927c437f31f118095ad0726
2019-05-27Document OJSI-106 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-106 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I549009cf3c313b0f5307b99ce22b56243e933f8f
2019-05-24Document OJSI-105 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-105 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I8c3a00ce98886f7175e5cf85f09309bd50ef702c
2019-05-24Document OJSI-97 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-97 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I56d194918b91580d5d9f6b25e564923fe29c51f3
2019-05-24Improve security release notesKrzysztof Opasiak1-6/+12
In order to provide users with more details of project's state in terms of security let's divide the security release notes into three sections: - Fixed Security Issues Contains a list of security fixes merged during this release (especially those reported via OJSI tickets). - Known Security Issues Contains a list of vulnerabilities detected in project during release which have not been fixed yet and thus should be mitigated by the user. - Known Vulnerabilities in Used Modules Contains information about NexusIQ scan results Issue-ID: SECCOM-238 Change-Id: Ief8825c38c7723c26e8c7e10a6a13f4b8f9c169d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-05-23Dublin Release Notes for PortalWelch, Lorraine (lb2391)1-1/+51
Issue-ID: PORTAL-592 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I93a2ff82f52f709d12bfa92c0d14859d2298b6a1
2019-05-10Merge "Added Functional Menu Entries, del bad thumbnail"Manoop Talasila1-60/+73
2019-05-09Merge "Revert "Update oparent version""Manoop Talasila2-56/+56
2019-05-08Revert "Update oparent version"Sunder Tattavarada2-56/+56
Issue-ID: PORTAL-571 This reverts commit 64c7491aa9208ed3024b81ab78a73751c1cc859e. Change-Id: I72fefbceccea7d723d02e0b38efebf9aafc7018e Signed-off-by: statta <statta@research.att.com>
2019-05-03Update version textstatta1-1/+1
Issue-ID: PORTAL-557 Change-Id: Id3feb4f800d6593c373efd5a35b6f19e4ddc7044 Signed-off-by: statta <statta@research.att.com>
2019-05-02Added Functional Menu Entries, del bad thumbnailWelch, Lorraine (lb2391)1-60/+73
Issue-ID: PORTAL-515 Change-Id: Ibac6ae65fc4df39a7bab2a98946d664bf47413b8 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-05-02Merge "Fix Sonar Bugs NullPointers"Manoop Talasila4-96/+137
2019-05-02Fix Sonar Bugs NullPointersk.kazak4-96/+137
Fix Sonar bugs - potential NullPointerException in portal-BE-common: ExternalAppsRestfulController and ApplicationRestClientServiceImpl Changed Tests for updated method in ExternalAppsRestfulController Added new test Formatted according to ONAP formatting guidelines Change-Id: I7c0587127e32ba3f06a138a0b4b2526fa10ea1f6 Issue-ID: PORTAL-556 Signed-off-by: k.kazak <k.kazak@samsung.com>
2019-05-02update .gitignorek.kazak1-0/+2
Add Intellij IDEA project files to .gitignore Change-Id: I88cbd101369ed74842cb85e61f9058ae5dd65221 Issue-ID: PORTAL-572 Signed-off-by: k.kazak <k.kazak@samsung.com>
2019-05-02Merge "Fix unknow language option display bug"Manoop Talasila1-0/+6
2019-05-02Merge "Fix no name language option bug"Manoop Talasila1-11/+27
2019-05-01Update oparent versionJessica Wagantall2-56/+56
Update oparent version to 2.0.0 which supports global-jjb maven-stage job. Change-Id: I3aa28f3369164a7ca28ecc20a1334f949611d5b8 Issue-ID: CIMAN-234 Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
2019-04-30Merge "Fix Sonar Bugs NullPointers"Manoop Talasila6-39/+111
2019-04-30Fix unknow language option display bugshentao9991-0/+6
Change-Id: Ice97b508145a057ec07b7db584f20a27fa16ad3d Issue-ID: PORTAL-565 Signed-off-by: shentao999 <shentao@chinamobile.com>
2019-04-30Fix no name language option bugshentao9991-11/+27
Change-Id: I0bfc185ea41324d040ffa23c831bbbaa8f51ef3c Issue-ID: PORTAL-566 Signed-off-by: shentao999 <shentao@chinamobile.com>
2019-04-29Fix Sonar Bugs NullPointersk.kazak6-39/+111
Fix Sonar bugs - potential NullPointerException Remove unused code Add/Update Tests for updated methods Change-Id: Iaf28a0ee5f6507da1caf4b497e2d73bf35bc0b58 Issue-ID: PORTAL-556 Signed-off-by: k.kazak <k.kazak@samsung.com>
2019-04-29Fix no reaction bug about changing language optionguochuyicmri4-17/+19
Change-Id: Ie1f75224d0cc70a87e77f5c357ed6e34b0cb3220 Issue-ID: PORTAL-565 Signed-off-by: shentao999 <shentao@chinamobile.com>
2019-04-24Use all available information in audit log outputPawel Wieczorek1-1/+1
Comment is now also appended to the audit log. Issue-ID: PORTAL-553 Change-Id: Ia30d6f61b04131d4456dfc55575b1f7678e26967 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-04-23App_id chged to 11, Acumos logo fixedWelch, Lorraine (lb2391)1-1/+6
Issue-ID: PORTAL-563 Change-Id: I10b9d63e4c27410ab73a64028c7a94814305b901 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-04-19Sonar fix too mnay method paramArindam Mondal4-3828/+3872
+) Reduced too many method param ++) Code format Issue-ID: PORTAL-561 Change-Id: I2c27344477b318ab0f1a77442579be459c3597fd Signed-off-by: Arindam Mondal <arind.mondal@samsung.com>
2019-04-18fix .gitattributes for *.rstk.kazak1-0/+1
Fixed line endings setting for *.rst files Change-Id: If2d86d51dc330fedc32329b1e07ee48805af37c4 Issue-ID: PORTAL-560 Signed-off-by: k.kazak <k.kazak@samsung.com>
2019-04-16Merge "Rel Notes for HTTP security check for SDC"Manoop Talasila1-1/+3
2019-04-16Rel Notes for HTTP security check for SDCWelch, Lorraine (lb2391)1-1/+3
Issue-ID: PORTAL-555 Change-Id: I4e7c15ca60b92aa6185eba596920c2c26dcbc92b Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-04-16Update Docker Image Numberstatta1-1/+1
Issue-ID: PORTAL-557 Change-Id: I1e828f922f23a7d04e6fdeff2265e0260b308b87 Signed-off-by: statta<statta@research.att.com>
2019-04-15Added work around for VID access in the rel. notesWelch, Lorraine (lb2391)1-0/+8
Issue-ID: PORTAL-555 Change-Id: Ic1a207cd93894c601358502b101bae22a7e2d578 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-04-11Merge "Add multi-language APIs into BE-common"Manoop Talasila10-3/+302
2019-04-11Merge "Add language tables and init data into DB-common"Manoop Talasila2-1/+46
2019-04-11Merge "Modify html label to support multi-language"Manoop Talasila12-113/+130
2019-04-11Merge "Add translate javascript into FE-common"Manoop Talasila2-0/+173
2019-04-11Merge "Modify html label to support multi-language"Manoop Talasila4-7/+17
2019-04-11Merge "Add multi-language APIs configuration into FE-os"Manoop Talasila1-1/+4
2019-04-11Merge "Add language files into FE-os"Manoop Talasila2-0/+114
2019-04-11Merge "Add angular-translate plugin into FE-os"Manoop Talasila2-1/+23