summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-os
AgeCommit message (Collapse)AuthorFilesLines
2019-10-24Persistent XSS vulnerability in saveNewUser form fixDominik Mizyn1-7/+7
javax.validation.Validator used to fix this vulnerability issue. Issue-ID: OJSI-16 Change-Id: I50a7acc4f7e9294170628fd5b2894ee6cbdba8f0 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-10-03pom.xml fixDominik Mizyn1-1/+1
pom.xml fix Issue-ID: PORTAL-710 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: Ifcd9923791dfe28282cccc4fd5afad77df7aa777 pom.xml fix pom.xml fix Issue-ID: PORTAL-710 Change-Id: I50600e2f9ab829479f787998879de13b183d33cf Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-09-17HealthCheck & Namespace Checkstatta1-2/+5
Issue-ID: PORTAL-723 Change-Id: I97ac3c592ae1f7a6142384d70ac6038ccee1d8fb Signed-off-by: statta <statta@research.att.com>
2019-09-09Set secure flag & log exceptionParshad Patel3-179/+179
Make sure creating this cookie without the "secure" flag is safe here Either log or rethrow this exception Change this instance-reference to a static reference Issue-ID: PORTAL-562 Change-Id: I4b6e07ec54ec038c0d584816791ed5169e618676 Signed-off-by: Parshad Patel <pars.patel@samsung.com>
2019-08-27Portal Setup - App issuestatta2-0/+392
Issue-ID: PORTAL-723 Change-Id: Iff1523b2a474f56a74c9fcb9fd850e0e38f6fc68 Signed-off-by: statta <statta@research.att.com>
2019-08-13Merge "Fix sonar issues in portal"Manoop Talasila1-0/+2
2019-08-13Merge "EPUserUtils class fix"Manoop Talasila3-6/+4
2019-08-06Fix sonar issues in portalParshad Patel1-0/+2
Use a logger to log this exception Make sure creating this cookie without the "secure" flag is safe here Either re-interrupt this method or rethrow the "InterruptedException" Issue-ID: PORTAL-562 Change-Id: I91d6adce835d9adec4328642e8445f074f7d2d57 Signed-off-by: Parshad Patel <pars.patel@samsung.com>
2019-07-22Merge "XSS Vulnerability fix in AppsController"Manoop Talasila2-21/+12
2019-07-16EPUserUtils class fixDominik Mizyn3-6/+4
Sonar errors EPUserUtils class fix Issue-ID: PORTAL-667 Change-Id: I7a8a39ac52ee2da5d2c2ab0016a8bbea0acb4d21 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-07-12Unused classes delete from PortalDominik Mizyn3-514/+0
These classes are unused anywhere in the Portal project. Issue-ID: PORTAL-655 Change-Id: If92d0df0efb0b5120190a44c46b2fed31ba32b89 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-07-12XSS Vulnerability fix in AppsControllerDominik Mizyn2-21/+12
Custom XSS filter used to fix thisa issue. DataValidator upgrade to single instance of ValidatorFactory; Issue-ID: OJSI-15 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: I7222cfb84e1e5bb240619aac9c7bca85d215229a
2019-07-10Merge "EPAppServiceImpl class fix."Sunder Tattavarada1-35/+9
2019-07-09Merge "CommonWidget class DB constraints"Manoop Talasila1-4/+4
2019-07-01EPAppServiceImpl class fix.Dominik Mizyn1-35/+9
Sonar issues fix: Remove this unused "logger" private field. Remove this unused "syncRests" private field. unused imports delete and unneeded fields initialization fix. StringBuilder performance fix. Issue-ID: PORTAL-620 Change-Id: Ibd1cf732b216594b47801767d0a98e59b0aba200 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-06-21PeerBroadcastSocket sonar issues fix and code refactorDominik Mizyn1-39/+16
Sonar issues fix and code refactor. Session data save moved to another method. Rest of code don't really do anything. Issue-ID: PORTAL-624 Change-Id: I53b36377f2d2645d8c24ad2384959f0599e07303 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-06-21ONAPWelcomeController sonar issue fixDominik Mizyn1-11/+4
String viewName and getter/setter can be romoved from his class. ONAPWelcomeController Overrides this field 1 to 1. Issue-ID: PORTAL-652 Change-Id: Idbb41f52a63c6ea681f6ba7753991d766849e3a2 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-06-21ONAPLoginController sonar issues fix.Dominik Mizyn1-16/+21
Sonar issues fix plus @Autowired in constructor not in fields. Issue-ID: PORTAL-651 Change-Id: I99329b986877d040c6fdda9daf42a5c501a39605 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-06-21SimpleLoginStrategy sonar issues fixDominik Mizyn1-16/+18
"Either remove or fill this block of code." "Move the "" string literal on the left side of this string comparison." "Define and throw a dedicated exception instead of using a generic one." Issue-ID: PORTAL-650 Change-Id: I92018287a6f585020f0ae6f042b1bb1de84a5e14 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-06-21OpenIdConnectLoginStrategy sonar issues fixDominik Mizyn1-7/+4
Redundant suppression("rawtypes") removed. Sonar issue: Move the "" string literal on the left side of this string comparison. Define and throw a dedicated exception instead of using a generic one. Issue-ID: PORTAL-649 Change-Id: Ia2c80ad4848c22c94a2db731425250784d382841 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-06-18CommonWidget class DB constraintsDominik Mizyn1-4/+4
Java Bean Validation SR 380 annotations added to classes Issue-ID: PORTAL-637 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: I64741f835deb8aed14ad8d716d21bb4c1901b55f
2019-06-17Application Onboarding page changes Kotta, Shireesha (sk434m)4-41/+80
Issue-ID: PORTAL-644 Application Onboarding page changes , DB scripts Change-Id: Id689e15f5abd56192420e6761440659531108ab4 Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>
2019-06-14Merge "XSS Vulnerability fix in DashboardSearchResultController"Sunder Tattavarada2-11/+143
2019-06-14Merge "XSS Vulnerability fix in AppsOSController"Sunder Tattavarada2-3/+32
2019-06-05XSS Vulnerability fix in DashboardSearchResultControllerDominik Mizyn2-11/+143
Custom Validator is used to secure this endpoints. Issue-ID: OJSI-15 Change-Id: Idf523a53bc5fe9e1df8110526d56336953759c86 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-31XSS Vulnerability fix in AppsOSControllerDominik Mizyn2-3/+32
SecureString class used to secure PathVariable. Issue-ID: OJSI-207 Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2019-05-30Merge "Don't give the user the exact stack trace of the exception"Manoop Talasila1-20/+26
2019-05-29Don't give the user the exact stack trace of the exceptionPiotr Borelowski1-20/+26
Catching the exception in the SecurityXssFilter class. Issue-ID: OJSI-192 Change-Id: I8d9d7a3032f98afcb58285b13b13d5ce35fddadd Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
2019-05-28Don't give user the exact exception descriptionPiotr Borelowski1-0/+8
The exact description of the exception especially if related to cryptography cannot be given to the user as it may be abused by the attacker. To fix that, we started to use @ExceptionHandler for all exceptions in the LoginController as well. CVE: CVE-2019-12121 Issue-ID: OJSI-92 Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8 Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com> Acked-by: Manoop Talasila <talasila@research.att.com>
2019-04-29Fix no reaction bug about changing language optionguochuyicmri1-1/+2
Change-Id: Ie1f75224d0cc70a87e77f5c357ed6e34b0cb3220 Issue-ID: PORTAL-565 Signed-off-by: shentao999 <shentao@chinamobile.com>
2019-03-20CADI AAF Integration and merging the codehb123f8-22/+82
Issue-ID: PORTAL-319 CADI AAF Integration and code merge Change-Id: I6e44f3b2741858d8d403b77a49ec9a0153084801 Signed-off-by: hb123f <hbindu@research.att.com>
2019-02-07Merge "PeerBroadcastSocket(Make "channelMap" field final)"Manoop Talasila1-1/+3
2019-02-07Merge "Sonar issue-fix -- (ExternalAppConfig.java)"Manoop Talasila1-4/+2
2019-01-03PeerBroadcastSocket(Make "channelMap" field final)Driptaroop Das1-1/+3
PeerBroadcastSocket.java - Make this "public static channelMap" field final(line:58) Issue-ID: PORTAL-500 Change-Id: Id1227b06e64d37b29c66083da0ef8f37b2c032df Signed-off-by: Driptaroop Das <driptaroop.das@in.ibm.com>
2018-12-05Sonar Issue Fix - PORTAL-486Driptaroop Das1-9/+3
Remove this method to simply inherit it.(ExternalAppInitializer.java) Issue-ID: PORTAL-486 Change-Id: Ifce3ea6ab7dc58e199f4a93dd75c427eebae9f6c Signed-off-by: Driptaroop Das <driptaroop.das@in.ibm.com>
2018-12-04Sonar issue-fix -- (ExternalAppConfig.java)Driptaroop Das1-4/+2
Fixed sonar issue - Remove this method to simply inherit it. (ExternalAppConfig.java) Issue-ID: PORTAL-483 Change-Id: Id624b5a9b2bb70f1ab08dbbe0b5669fa63aed1ec Signed-off-by: Driptaroop Das <driptaroop.das@in.ibm.com>
2018-11-05Fix typosStanislav Chlebec1-2/+2
Change-Id: I9b8fbaf7ccfd20d5a7ec8075e47e40ae6671812d Signed-off-by: Stanislav Chlebec <stanislav.chlebec@pantheon.tech> Issue-ID: AAF-582
2018-10-09Add roles to userKotta, Shireesha (sk434m)3-20/+14
Issue-ID: PORTAL-432 add roles to user when the app is centralized Change-Id: I46a782be24ea1804597dc7205bf98170731ffe4d Signed-off-by: Kotta, Shireesha (sk434m) <shireesha.kotta@att.com>
2018-10-03search user changesKishore Reddy, Gujja (kg811t)1-6/+4
Issue-ID: PORTAL-386 failed to create user with special char in login_id Change-Id: I613daa21efed9f6f137bd817a1a8aa2f9669cee8 Signed-off-by: Kishore Reddy, Gujja (kg811t) <kishore.reddy.gujja@att.com>
2018-09-26login and Certman AAF Integration changesKishore Reddy, Gujja (kg811t)6-209/+27
Issue-ID: PORTAL-386, PORTAL-389 failed to create user with special char in login_id Change-Id: I415adf615a7af97319d8d11a740e75d3dfa11583 Signed-off-by: Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com>
2018-09-12Merge "OpenCollaborationController.Java:fixed sonar issue"Manoop Talasila1-3/+2
2018-09-12Merge "TicketEventServiceImpl : Fixed sonar issue"Manoop Talasila1-3/+3
2018-09-12Merge "LoginStrategy.java : Fixed sonar issue"Manoop Talasila1-0/+3
2018-08-24LoginStrategy.java : Fixed sonar issueArundathi Patil1-0/+3
Fixed sonar issue, annotate interface with @FunctionalInterface annotation Issue-ID: PORTAL-374 Change-Id: I30472b6c18ef350b687d74acce4545c250462f6d Signed-off-by: Arundathi Patil <arundpil@in.ibm.com>
2018-08-24TicketEventServiceImpl : Fixed sonar issueArundathi Patil1-3/+3
Fixed below sonar issue at line 52, Immediately return this expression instead of assigning it to the temporary variable 'hyperlink' Issue-ID: PORTAL-364 Change-Id: I33b854b15e163146415040bf98dbd7e992d04b61 Signed-off-by: Arundathi Patil <arundpil@in.ibm.com>
2018-08-24OpenCollaborationController.Java:fixed sonar issueArundathi Patil1-3/+2
Fixed the below sonar issue at line number 40 and 41, 'Remove unused imports'. Issue-ID: PORTAL-370 Change-Id: Id009380e96bb38391ae90e599e0f90c6344642ca Signed-off-by: Arundathi Patil <arundpil@in.ibm.com>
2018-08-17Sonar CriticalShubhada Ramkrishna Vaze1-0/+2
Either log or rethrow this exception. Change-Id: Icad977130e20d5a4d1fe972be73277b5d45d41b7 Issue-ID: PORTAL-363 Signed-off-by: Shubhada Ramkrishna Vaze <SV00449682@TechMahindra.com>
2018-07-30JUnits for coveragesa282w7-85/+513
Issue-ID: PORTAL-273 JUnits for sonar coverage Change-Id: Icb88d8563164281d29877bbc2de9c8f1f780aa0c Signed-off-by: sa282w <sa282w@att.com>
2018-06-27JUnits for coverageHima Elisetty3-0/+291
Issue-ID: PORTAL-273 JUnits for sonar coverage Change-Id: Ibfa06dcbc7809d9d2598af4ba31dd8c88943aa20 Signed-off-by: Hima Elisetty <hb123f@att.com>
2018-06-13Merge "Adding Junit"Sunder Tattavarada4-0/+199