| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Issue-ID: OJSI-190
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I1c586793b744a5807e7b1a7a1d416dfd43409ab0
|
|
Issue-ID: OJSI-174
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I47249407ccb62ca7ffd1d8edc9ada8793f4c53c9
|
|
Issue-ID: OJSI-92
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361
|
|
Issue-ID: OJSI-65
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5c3bee06c2b1da3eca2bb583c57decb35b0f32c0
|
|
Issue-ID: OJSI-15
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5cb96956f25e09a390ef24a52f6222c0cc7b9e94
|
|
@SafeHtml annotation is used to fix this problem.
This patch also fix some minor issues:
* isAuxRESTfulCall() method delete. Method was nowhere used.
* '.length() == 0' changed to '.isEmpty()'
Issue-ID: PORTAL-604
Change-Id: Ib7091622081f507812654b50275ad7ac4c97bfc3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
This patch also fix some minor issues:
* 'fori' loop replaced with 'foreach'
* Sonar issue: Replace the type specification in this constructor call
with the diamond operator ("<>").
* redundant 'throws'. Exception will never throw
* unnecessary temporary local variable
Issue-ID: PORTAL-603
Change-Id: If23afb9f4a10f0ad06c712cb95a38b54dc5cd089
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
@SafeHtml annotation is used to fix this problem.
This commit also fix:
* redundant local variable issue
* sonar issue: Replace the type specification in this constructor call with
the diamond operator ("<>").
* performance issue - String concatenation argument as argument
to 'StringBuilder.append()' call
* redundant cast
* redundant 'throws Exception'. 'Exception' is never thrown
* access static member via instance reference
* unused declarations
Issue-ID: PORTAL-602
Change-Id: Id92fe2d9cfe239474403f611f3d5d0170acf63cc
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
@SafeHtml annotation is used to fix this problem.
New class 'SecureString' must be added to project to valid incoming Strings
from '@RequestParam String incoming String'
pom.xml file update.
This patch also fix:
* remove unnecessary semicolon
* Sonar issue: Replace the type specification in this constructor call with
the diamond operator ("<>")
Issue-ID: PORTAL-601
Change-Id: Id214b6e65f0c486141679fd23725a7fb66443acd
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
This commit provide equals method for CentralV2UserApp and test for this method.
Issue-ID: PORTAL-599
Change-Id: Ied44c680032831ec6a02211f658ec16f0aad8f4a
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
Use a variable binding instead of concatenation.
Add new test for function 'createLocalUserIfNecessary'.
Issue-ID: OJSI-174
Change-Id: Iddd65893bb2cb16c90d4f8db59816fdf261874bc
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
|
|
Reduce the number of conditional operators for equals(). Improve
testEquals() to better cover this method.
This patch also:
* immediately returns expression instead of assigning it to the
temporary variable "str",
* adds the "@Override" annotation above equals() method signature.
Issue-ID: PORTAL-595
Change-Id: I15f600acce873eb3f22cc405d06a50890c7e87c3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
|
|
Catching the exception in the SecurityXssFilter class.
Issue-ID: OJSI-192
Change-Id: I8d9d7a3032f98afcb58285b13b13d5ce35fddadd
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
|
|
|
|
The exact description of the exception especially if related to
cryptography cannot be given to the user as it may be abused by the
attacker.
To fix that, we started to use @ExceptionHandler for all exceptions
in the LoginController as well.
CVE: CVE-2019-12121
Issue-ID: OJSI-92
Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
|
|
ONAP Portal allowed to retrieve password of currently active user via
"/portalApi/loggedinUser" endpoint. Prefilled "Login Password" field
has been changed to "*****" and password is not send anymore to the
frontend. Only after change of this default value
password will be updated. Confirm Password field has been removed
from the UI. In the future password change could be additionally also
checked on the backend side to verify current password
before updating it.
Issue-ID: OJSI-65
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
Change-Id: I00b7713557247d211927c437f31f118095ad0726
|
|
Issue-ID: OJSI-106
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I549009cf3c313b0f5307b99ce22b56243e933f8f
|
|
Issue-ID: OJSI-105
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I8c3a00ce98886f7175e5cf85f09309bd50ef702c
|
|
Issue-ID: OJSI-97
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I56d194918b91580d5d9f6b25e564923fe29c51f3
|
|
In order to provide users with more details of project's state in
terms of security let's divide the security release notes into three
sections:
- Fixed Security Issues
Contains a list of security fixes merged during this
release (especially those reported via OJSI tickets).
- Known Security Issues
Contains a list of vulnerabilities detected in project during
release which have not been fixed yet and thus should be mitigated
by the user.
- Known Vulnerabilities in Used Modules
Contains information about NexusIQ scan results
Issue-ID: SECCOM-238
Change-Id: Ief8825c38c7723c26e8c7e10a6a13f4b8f9c169d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Issue-ID: PORTAL-592
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
Change-Id: I93a2ff82f52f709d12bfa92c0d14859d2298b6a1
|
|
Change-Id: I6a1bb2f1b6b501662c7ae2ca902c3d61c7534125
Issue-ID: PORTAL-565
Signed-off-by: shentao999 <shentao@chinamobile.com>
|
|
|
|
|
|
Issue-ID: PORTAL-571
This reverts commit 64c7491aa9208ed3024b81ab78a73751c1cc859e.
Change-Id: I72fefbceccea7d723d02e0b38efebf9aafc7018e
Signed-off-by: statta <statta@research.att.com>
|
|
Issue-ID: PORTAL-557
Change-Id: Id3feb4f800d6593c373efd5a35b6f19e4ddc7044
Signed-off-by: statta <statta@research.att.com>
|
|
Issue-ID: PORTAL-515
Change-Id: Ibac6ae65fc4df39a7bab2a98946d664bf47413b8
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
|
|
|
|
Fix Sonar bugs - potential NullPointerException in portal-BE-common:
ExternalAppsRestfulController and ApplicationRestClientServiceImpl
Changed Tests for updated method in ExternalAppsRestfulController
Added new test
Formatted according to ONAP formatting guidelines
Change-Id: I7c0587127e32ba3f06a138a0b4b2526fa10ea1f6
Issue-ID: PORTAL-556
Signed-off-by: k.kazak <k.kazak@samsung.com>
|
|
Add Intellij IDEA project files to .gitignore
Change-Id: I88cbd101369ed74842cb85e61f9058ae5dd65221
Issue-ID: PORTAL-572
Signed-off-by: k.kazak <k.kazak@samsung.com>
|
|
|
|
|
|
Update oparent version to 2.0.0 which supports
global-jjb maven-stage job.
Change-Id: I3aa28f3369164a7ca28ecc20a1334f949611d5b8
Issue-ID: CIMAN-234
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
|
|
|
|
Change-Id: Ice97b508145a057ec07b7db584f20a27fa16ad3d
Issue-ID: PORTAL-565
Signed-off-by: shentao999 <shentao@chinamobile.com>
|
|
Change-Id: I0bfc185ea41324d040ffa23c831bbbaa8f51ef3c
Issue-ID: PORTAL-566
Signed-off-by: shentao999 <shentao@chinamobile.com>
|
|
Fix Sonar bugs - potential NullPointerException
Remove unused code
Add/Update Tests for updated methods
Change-Id: Iaf28a0ee5f6507da1caf4b497e2d73bf35bc0b58
Issue-ID: PORTAL-556
Signed-off-by: k.kazak <k.kazak@samsung.com>
|
|
Change-Id: Ie1f75224d0cc70a87e77f5c357ed6e34b0cb3220
Issue-ID: PORTAL-565
Signed-off-by: shentao999 <shentao@chinamobile.com>
|
|
Comment is now also appended to the audit log.
Issue-ID: PORTAL-553
Change-Id: Ia30d6f61b04131d4456dfc55575b1f7678e26967
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: PORTAL-563
Change-Id: I10b9d63e4c27410ab73a64028c7a94814305b901
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
|
|
+) Reduced too many method param
++) Code format
Issue-ID: PORTAL-561
Change-Id: I2c27344477b318ab0f1a77442579be459c3597fd
Signed-off-by: Arindam Mondal <arind.mondal@samsung.com>
|
|
Fixed line endings setting for *.rst files
Change-Id: If2d86d51dc330fedc32329b1e07ee48805af37c4
Issue-ID: PORTAL-560
Signed-off-by: k.kazak <k.kazak@samsung.com>
|
|
|
|
Issue-ID: PORTAL-555
Change-Id: I4e7c15ca60b92aa6185eba596920c2c26dcbc92b
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
|
|
Issue-ID: PORTAL-557
Change-Id: I1e828f922f23a7d04e6fdeff2265e0260b308b87
Signed-off-by: statta<statta@research.att.com>
|
|
Issue-ID: PORTAL-555
Change-Id: Ic1a207cd93894c601358502b101bae22a7e2d578
Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
|
|
|
|
|
Manoop Talasila
Krzysztof Opasiak
Dominik Mizyn
Dominik Orliński
Piotr Borelowski
r.bogacki
Welch, Lorraine (lb2391)
shentao999
Sunder Tattavarada
k.kazak
Jessica Wagantall
guochuyicmri
Pawel Wieczorek
Arindam Mondal