diff options
author | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-25 09:55:06 -0400 |
---|---|---|
committer | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-25 09:55:52 -0400 |
commit | e22eec55bf0815dd1c303ac5fb1c6e6f211a70f0 (patch) | |
tree | de0e35104535e35452a2ef002cec6c3e94c2945e | |
parent | e3982f6c2a13c903947a66d89e1af1ccbb161e5f (diff) |
Repair security filters
Revise app web.xml to remove typo in Java package name.
Also drop unneeded test class.
Issue: PORTAL-135
Change-Id: I49662928c5eed38520e9a9c5f839385148aef0fa
Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
6 files changed, 27 insertions, 122 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java index 36c9d526..ba455899 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java @@ -1949,12 +1949,12 @@ public class ActionHandler extends org.onap.portalsdk.analytics.RaptorObject { logger.debug(EELFLoggerDelegate.debugLogger, ("Command Executed ")); //Connection connection = DbUtils.getConnection(); Enumeration enum1 = rr.getParamKeys(); - String value = "", key = ""; + String value = ""; String paramStr = ""; StringBuffer paramBuffer = new StringBuffer(); if(enum1!=null) { for (; enum1.hasMoreElements();) { - key = (String) enum1.nextElement(); + String key = (String) enum1.nextElement(); value = rr.getParamValue(key); paramBuffer.append(key+":"+value+" "); } diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java index b4c6faac..0afd354e 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java @@ -167,6 +167,7 @@ import org.onap.portalsdk.analytics.xmlobj.Reports; import org.onap.portalsdk.analytics.xmlobj.SemaphoreList; import org.onap.portalsdk.analytics.xmlobj.SemaphoreType; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.owasp.esapi.ESAPI; import com.lowagie.text.Document; import com.lowagie.text.Paragraph; @@ -3712,7 +3713,7 @@ public class ReportHandler extends org.onap.portalsdk.analytics.RaptorObject { //strBuf.append("Run-time Parameters\n"); } csvOut.print("\"" + value.getId() +":" + "\","); - valueName = nvl(value.getName()); + valueName = ESAPI.encoder().canonicalize(nvl(value.getName())); if(valueName.indexOf("~")!= -1 && valueName.startsWith("(")) { csvOut.print("\"'" + valueName.replaceAll("~",",")+ "'\","); } else { diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java index 1a8da8d0..f5c641a4 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java @@ -61,6 +61,7 @@ import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.time.DateUtils; import org.onap.portalsdk.analytics.error.RaptorException; import org.onap.portalsdk.analytics.model.ReportHandler; @@ -1932,29 +1933,28 @@ public class ChartD3Helper { wholeScript.append("<script> \n"); wholeScript.append("historicalBarChart = [ \n"); - double TOTAL = 0; - double VALUE = 0; + double total = 0; + double value = 0; int flagNull = 0; - String KEY = ""; String COLOR = ""; TreeSet<String> colorList = new TreeSet<String>(); for (int i = 0; i < ds.getRowCount(); i++) { - VALUE = 0; + value = 0; try { - VALUE = Double.parseDouble(ds.getString(i, 2)); - TOTAL = TOTAL+VALUE; + value = Double.parseDouble(ds.getString(i, 2)); + total = total+value; } catch (NumberFormatException ex) { flagNull = 1; } - KEY = ds.getString(i, 0); + String key = ds.getString(i, 0); try { if(ds.getString(i, "chart_color")!=null) { - colorList.add(KEY+"|"+ds.getString(i, "chart_color")); + colorList.add(key+"|"+ds.getString(i, "chart_color")); } } catch (ArrayIndexOutOfBoundsException ex) { //System.out.println("No Chart Color"); } - wholeScript.append("{ \""+ "key" +"\":\""+ KEY+"\", \""+ "y" +"\":"+VALUE+"}, \n"); + wholeScript.append("{ \""+ "key" +"\":\""+ key+"\", \""+ "y" +"\":"+value+"}, \n"); } StringBuffer color = new StringBuffer(""); diff --git a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml index 7441508a..f5039df4 100644 --- a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml +++ b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml @@ -15,7 +15,7 @@ </session-config> <filter> <filter-name>SecurityXssFilter</filter-name> - <filter-class>org.onap.portalapp.filtersss.SecurityXssFilter</filter-class> + <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class> </filter> <filter-mapping> <filter-name>SecurityXssFilter</filter-name> diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/util/EncDecUtilTest.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/util/EncDecUtilTest.java deleted file mode 100644 index 926ed347..00000000 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/util/EncDecUtilTest.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * ============LICENSE_START========================================== - * ONAP Portal SDK - * =================================================================== - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. - */ -package org.onap.portalsdk.core.util; - -import java.io.UnsupportedEncodingException; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.SecureRandom; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import org.apache.commons.codec.binary.Base64; - -public class EncDecUtilTest { - - private static final String WORD = "test"; - private static final String SALT = "r n�HN~��|f��X�"; - private static final int ITERATIONS = 65536; - private static final int KEY_SIZE = 256; - private byte[] ivBytes; - - public String encrypt(String plainText) throws UnsupportedEncodingException, GeneralSecurityException { - - // get salt - // salt = generateSalt(); - byte[] saltBytes = SALT.getBytes("UTF-8"); - - // Derive the key - SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); - PBEKeySpec spec = new PBEKeySpec(WORD.toCharArray(), saltBytes, ITERATIONS, KEY_SIZE); - - SecretKey secretKey = factory.generateSecret(spec); - SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES"); - - // encrypt the message - Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); - cipher.init(Cipher.ENCRYPT_MODE, secret); - AlgorithmParameters params = cipher.getParameters(); - ivBytes = params.getParameterSpec(IvParameterSpec.class).getIV(); - byte[] encryptedTextBytes = cipher.doFinal(plainText.getBytes("UTF-8")); - return Base64.encodeBase64String(encryptedTextBytes); - } - - public String decrypt(String encryptedText) throws UnsupportedEncodingException, GeneralSecurityException { - byte[] saltBytes = SALT.getBytes("UTF-8"); - byte[] encryptedTextBytes = Base64.decodeBase64(encryptedText); - - // Derive the key - SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); - PBEKeySpec spec = new PBEKeySpec(WORD.toCharArray(), saltBytes, ITERATIONS, KEY_SIZE); - - SecretKey secretKey = factory.generateSecret(spec); - SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES"); - - // Decrypt the message - Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); - cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(ivBytes)); - - byte[] decryptedTextBytes = cipher.doFinal(encryptedTextBytes); - return new String(decryptedTextBytes); - } - - public String generateSalt() { - SecureRandom random = new SecureRandom(); - byte [] bytes = new byte[20]; - random.nextBytes(bytes); - return new String(bytes); - } -}
\ No newline at end of file diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml index bb390560..8cae0a58 100644 --- a/ecomp-sdk/pom.xml +++ b/ecomp-sdk/pom.xml @@ -134,6 +134,19 @@ </lifecycleMappingMetadata> </configuration> </plugin> + <!-- maven-site-plugin config is provided by OParent --> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-site-plugin</artifactId> + <version>3.6</version> + <dependencies> + <dependency> + <groupId>org.apache.maven.wagon</groupId> + <artifactId>wagon-webdav-jackrabbit</artifactId> + <version>2.10</version> + </dependency> + </dependencies> + </plugin> </plugins> </pluginManagement> |