summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-06-14Merge "XSS Vulnerability fix in AppsOSController"Sunder Tattavarada2-3/+32
2019-06-14Merge "XSS Vulnerability fix in AppsControllerExternalRequest"Sunder Tattavarada8-30/+210
2019-06-14Merge "Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImpl"Sunder Tattavarada1-25/+22
2019-06-14Merge "XSS Vulnerability fix in MicroserviceController"Sunder Tattavarada4-67/+112
2019-06-14Merge "XSS Vulnerability fix in DashboardSearchResultController"Sunder Tattavarada6-58/+270
2019-06-13Merge "Fix sonar issue: Override "equals(Object obj)""Sunder Tattavarada2-1/+27
2019-06-11Updated Dublin Release NotesWelch, Lorraine (lb2391)1-9/+10
Issue-ID: PORTAL-592 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I4d1e7e8bd83ed2adb7df25ccf4c694b1c81ef879
2019-06-07Added lorraineawelch to INFO.yamlWelch, Lorraine (lb2391)1-0/+5
Issue-ID: PORTAL-618 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I3d7f57c8cc20347f8adeefbada2eaffde0940262
2019-05-31XSS Vulnerability fix in AppsOSControllerDominik Mizyn2-3/+32
SecureString class used to secure PathVariable. Issue-ID: OJSI-207 Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-30Merge changes I1c586793,I47249407,Idad22dea,I5c3bee06,I5cb96956Manoop Talasila1-0/+6
* changes: Document OJSI-190 vulnerability Document OJSI-174 (CVE-2019-12318) vulnerability Document OJSI-92 (CVE-2019-12121) vulnerability Document OJSI-65 (CVE-2019-1212) vulnerability Document OJSI-15 (CVE-2019-12317) vulnerability
2019-05-30Merge "Don't give the user the exact stack trace of the exception"Manoop Talasila1-20/+26
2019-05-30Merge "Don't give user the exact exception description"Manoop Talasila1-0/+8
2019-05-30Document OJSI-190 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-190 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I1c586793b744a5807e7b1a7a1d416dfd43409ab0
2019-05-30Document OJSI-174 (CVE-2019-12318) vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-174 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I47249407ccb62ca7ffd1d8edc9ada8793f4c53c9
2019-05-30Document OJSI-92 (CVE-2019-12121) vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-92 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361
2019-05-30Document OJSI-65 (CVE-2019-1212) vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-65 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5c3bee06c2b1da3eca2bb583c57decb35b0f32c0
2019-05-30Document OJSI-15 (CVE-2019-12317) vulnerabilityKrzysztof Opasiak1-0/+2
Issue-ID: OJSI-15 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5cb96956f25e09a390ef24a52f6222c0cc7b9e94
2019-05-30XSS Vulnerability fix in AppsControllerExternalRequestDominik Mizyn8-30/+210
@SafeHtml annotation is used to fix this problem. This patch also fix some minor issues: * isAuxRESTfulCall() method delete. Method was nowhere used. * '.length() == 0' changed to '.isEmpty()' Issue-ID: PORTAL-604 Change-Id: Ib7091622081f507812654b50275ad7ac4c97bfc3 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-30Sonar issue: Correct this "&" to "&&" in MicroserviceServiceImplDominik Mizyn1-25/+22
This patch also fix some minor issues: * 'fori' loop replaced with 'foreach' * Sonar issue: Replace the type specification in this constructor call with the diamond operator ("<>"). * redundant 'throws'. Exception will never throw * unnecessary temporary local variable Issue-ID: PORTAL-603 Change-Id: If23afb9f4a10f0ad06c712cb95a38b54dc5cd089 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-30XSS Vulnerability fix in MicroserviceControllerDominik Mizyn4-67/+112
@SafeHtml annotation is used to fix this problem. This commit also fix: * redundant local variable issue * sonar issue: Replace the type specification in this constructor call with the diamond operator ("<>"). * performance issue - String concatenation argument as argument to 'StringBuilder.append()' call * redundant cast * redundant 'throws Exception'. 'Exception' is never thrown * access static member via instance reference * unused declarations Issue-ID: PORTAL-602 Change-Id: Id92fe2d9cfe239474403f611f3d5d0170acf63cc Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-30XSS Vulnerability fix in DashboardSearchResultControllerDominik Mizyn6-58/+270
@SafeHtml annotation is used to fix this problem. New class 'SecureString' must be added to project to valid incoming Strings from '@RequestParam String incoming String' pom.xml file update. This patch also fix: * remove unnecessary semicolon * Sonar issue: Replace the type specification in this constructor call with the diamond operator ("<>") Issue-ID: PORTAL-601 Change-Id: Id214b6e65f0c486141679fd23725a7fb66443acd Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-30Fix sonar issue: Override "equals(Object obj)"Dominik Mizyn2-1/+27
This commit provide equals method for CentralV2UserApp and test for this method. Issue-ID: PORTAL-599 Change-Id: Ied44c680032831ec6a02211f658ec16f0aad8f4a Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-29Don't give the user the exact stack trace of the exceptionPiotr Borelowski1-20/+26
Catching the exception in the SecurityXssFilter class. Issue-ID: OJSI-192 Change-Id: I8d9d7a3032f98afcb58285b13b13d5ce35fddadd Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
2019-05-28Merge "Removed user password from portal's profile API"Manoop Talasila3-13/+7
2019-05-28Don't give user the exact exception descriptionPiotr Borelowski1-0/+8
The exact description of the exception especially if related to cryptography cannot be given to the user as it may be abused by the attacker. To fix that, we started to use @ExceptionHandler for all exceptions in the LoginController as well. CVE: CVE-2019-12121 Issue-ID: OJSI-92 Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8 Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com> Acked-by: Manoop Talasila <talasila@research.att.com>
2019-05-28Removed user password from portal's profile APIr.bogacki3-13/+7
ONAP Portal allowed to retrieve password of currently active user via "/portalApi/loggedinUser" endpoint. Prefilled "Login Password" field has been changed to "*****" and password is not send anymore to the frontend. Only after change of this default value password will be updated. Confirm Password field has been removed from the UI. In the future password change could be additionally also checked on the backend side to verify current password before updating it. Issue-ID: OJSI-65 Signed-off-by: Robert Bogacki <r.bogacki@samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com> Acked-by: Manoop Talasila <talasila@research.att.com> Change-Id: I00b7713557247d211927c437f31f118095ad0726
2019-05-27Document OJSI-106 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-106 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I549009cf3c313b0f5307b99ce22b56243e933f8f
2019-05-24Document OJSI-105 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-105 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I8c3a00ce98886f7175e5cf85f09309bd50ef702c
2019-05-24Document OJSI-97 vulnerabilityKrzysztof Opasiak1-0/+1
Issue-ID: OJSI-97 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I56d194918b91580d5d9f6b25e564923fe29c51f3
2019-05-24Improve security release notesKrzysztof Opasiak1-6/+12
In order to provide users with more details of project's state in terms of security let's divide the security release notes into three sections: - Fixed Security Issues Contains a list of security fixes merged during this release (especially those reported via OJSI tickets). - Known Security Issues Contains a list of vulnerabilities detected in project during release which have not been fixed yet and thus should be mitigated by the user. - Known Vulnerabilities in Used Modules Contains information about NexusIQ scan results Issue-ID: SECCOM-238 Change-Id: Ief8825c38c7723c26e8c7e10a6a13f4b8f9c169d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-05-23Dublin Release Notes for PortalWelch, Lorraine (lb2391)1-1/+51
Issue-ID: PORTAL-592 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I93a2ff82f52f709d12bfa92c0d14859d2298b6a1
2019-05-10Merge "Added Functional Menu Entries, del bad thumbnail"Manoop Talasila1-60/+73
2019-05-09Merge "Revert "Update oparent version""Manoop Talasila2-56/+56
2019-05-08Revert "Update oparent version"Sunder Tattavarada2-56/+56
Issue-ID: PORTAL-571 This reverts commit 64c7491aa9208ed3024b81ab78a73751c1cc859e. Change-Id: I72fefbceccea7d723d02e0b38efebf9aafc7018e Signed-off-by: statta <statta@research.att.com>
2019-05-03Update version textstatta1-1/+1
Issue-ID: PORTAL-557 Change-Id: Id3feb4f800d6593c373efd5a35b6f19e4ddc7044 Signed-off-by: statta <statta@research.att.com>
2019-05-02Added Functional Menu Entries, del bad thumbnailWelch, Lorraine (lb2391)1-60/+73
Issue-ID: PORTAL-515 Change-Id: Ibac6ae65fc4df39a7bab2a98946d664bf47413b8 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-05-02Merge "Fix Sonar Bugs NullPointers"Manoop Talasila4-96/+137
2019-05-02Fix Sonar Bugs NullPointersk.kazak4-96/+137
Fix Sonar bugs - potential NullPointerException in portal-BE-common: ExternalAppsRestfulController and ApplicationRestClientServiceImpl Changed Tests for updated method in ExternalAppsRestfulController Added new test Formatted according to ONAP formatting guidelines Change-Id: I7c0587127e32ba3f06a138a0b4b2526fa10ea1f6 Issue-ID: PORTAL-556 Signed-off-by: k.kazak <k.kazak@samsung.com>
2019-05-02update .gitignorek.kazak1-0/+2
Add Intellij IDEA project files to .gitignore Change-Id: I88cbd101369ed74842cb85e61f9058ae5dd65221 Issue-ID: PORTAL-572 Signed-off-by: k.kazak <k.kazak@samsung.com>
2019-05-02Merge "Fix unknow language option display bug"Manoop Talasila1-0/+6
2019-05-02Merge "Fix no name language option bug"Manoop Talasila1-11/+27
2019-05-01Update oparent versionJessica Wagantall2-56/+56
Update oparent version to 2.0.0 which supports global-jjb maven-stage job. Change-Id: I3aa28f3369164a7ca28ecc20a1334f949611d5b8 Issue-ID: CIMAN-234 Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
2019-04-30Merge "Fix Sonar Bugs NullPointers"Manoop Talasila6-39/+111
2019-04-30Fix unknow language option display bugshentao9991-0/+6
Change-Id: Ice97b508145a057ec07b7db584f20a27fa16ad3d Issue-ID: PORTAL-565 Signed-off-by: shentao999 <shentao@chinamobile.com>
2019-04-30Fix no name language option bugshentao9991-11/+27
Change-Id: I0bfc185ea41324d040ffa23c831bbbaa8f51ef3c Issue-ID: PORTAL-566 Signed-off-by: shentao999 <shentao@chinamobile.com>
2019-04-29Fix Sonar Bugs NullPointersk.kazak6-39/+111
Fix Sonar bugs - potential NullPointerException Remove unused code Add/Update Tests for updated methods Change-Id: Iaf28a0ee5f6507da1caf4b497e2d73bf35bc0b58 Issue-ID: PORTAL-556 Signed-off-by: k.kazak <k.kazak@samsung.com>
2019-04-29Fix no reaction bug about changing language optionguochuyicmri4-17/+19
Change-Id: Ie1f75224d0cc70a87e77f5c357ed6e34b0cb3220 Issue-ID: PORTAL-565 Signed-off-by: shentao999 <shentao@chinamobile.com>
2019-04-24Use all available information in audit log outputPawel Wieczorek1-1/+1
Comment is now also appended to the audit log. Issue-ID: PORTAL-553 Change-Id: Ia30d6f61b04131d4456dfc55575b1f7678e26967 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-04-23App_id chged to 11, Acumos logo fixedWelch, Lorraine (lb2391)1-1/+6
Issue-ID: PORTAL-563 Change-Id: I10b9d63e4c27410ab73a64028c7a94814305b901 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-04-19Sonar fix too mnay method paramArindam Mondal4-3828/+3872
+) Reduced too many method param ++) Code format Issue-ID: PORTAL-561 Change-Id: I2c27344477b318ab0f1a77442579be459c3597fd Signed-off-by: Arindam Mondal <arind.mondal@samsung.com>