summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristopher Lott (cl778h) <clott@research.att.com>2017-10-25 09:55:06 -0400
committerChristopher Lott (cl778h) <clott@research.att.com>2017-10-25 09:55:52 -0400
commite22eec55bf0815dd1c303ac5fb1c6e6f211a70f0 (patch)
treede0e35104535e35452a2ef002cec6c3e94c2945e
parente3982f6c2a13c903947a66d89e1af1ccbb161e5f (diff)
Repair security filters
Revise app web.xml to remove typo in Java package name. Also drop unneeded test class. Issue: PORTAL-135 Change-Id: I49662928c5eed38520e9a9c5f839385148aef0fa Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java4
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java3
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java18
-rw-r--r--ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml2
-rw-r--r--ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/util/EncDecUtilTest.java109
-rw-r--r--ecomp-sdk/pom.xml13
6 files changed, 27 insertions, 122 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java
index 36c9d526..ba455899 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/controller/ActionHandler.java
@@ -1949,12 +1949,12 @@ public class ActionHandler extends org.onap.portalsdk.analytics.RaptorObject {
logger.debug(EELFLoggerDelegate.debugLogger, ("Command Executed "));
//Connection connection = DbUtils.getConnection();
Enumeration enum1 = rr.getParamKeys();
- String value = "", key = "";
+ String value = "";
String paramStr = "";
StringBuffer paramBuffer = new StringBuffer();
if(enum1!=null) {
for (; enum1.hasMoreElements();) {
- key = (String) enum1.nextElement();
+ String key = (String) enum1.nextElement();
value = rr.getParamValue(key);
paramBuffer.append(key+":"+value+" ");
}
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java
index b4c6faac..0afd354e 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java
@@ -167,6 +167,7 @@ import org.onap.portalsdk.analytics.xmlobj.Reports;
import org.onap.portalsdk.analytics.xmlobj.SemaphoreList;
import org.onap.portalsdk.analytics.xmlobj.SemaphoreType;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.owasp.esapi.ESAPI;
import com.lowagie.text.Document;
import com.lowagie.text.Paragraph;
@@ -3712,7 +3713,7 @@ public class ReportHandler extends org.onap.portalsdk.analytics.RaptorObject {
//strBuf.append("Run-time Parameters\n");
}
csvOut.print("\"" + value.getId() +":" + "\",");
- valueName = nvl(value.getName());
+ valueName = ESAPI.encoder().canonicalize(nvl(value.getName()));
if(valueName.indexOf("~")!= -1 && valueName.startsWith("(")) {
csvOut.print("\"'" + valueName.replaceAll("~",",")+ "'\",");
} else {
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java
index 1a8da8d0..f5c641a4 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ChartD3Helper.java
@@ -61,6 +61,7 @@ import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;
import org.onap.portalsdk.analytics.error.RaptorException;
import org.onap.portalsdk.analytics.model.ReportHandler;
@@ -1932,29 +1933,28 @@ public class ChartD3Helper {
wholeScript.append("<script> \n");
wholeScript.append("historicalBarChart = [ \n");
- double TOTAL = 0;
- double VALUE = 0;
+ double total = 0;
+ double value = 0;
int flagNull = 0;
- String KEY = "";
String COLOR = "";
TreeSet<String> colorList = new TreeSet<String>();
for (int i = 0; i < ds.getRowCount(); i++) {
- VALUE = 0;
+ value = 0;
try {
- VALUE = Double.parseDouble(ds.getString(i, 2));
- TOTAL = TOTAL+VALUE;
+ value = Double.parseDouble(ds.getString(i, 2));
+ total = total+value;
} catch (NumberFormatException ex) {
flagNull = 1;
}
- KEY = ds.getString(i, 0);
+ String key = ds.getString(i, 0);
try {
if(ds.getString(i, "chart_color")!=null) {
- colorList.add(KEY+"|"+ds.getString(i, "chart_color"));
+ colorList.add(key+"|"+ds.getString(i, "chart_color"));
}
} catch (ArrayIndexOutOfBoundsException ex) {
//System.out.println("No Chart Color");
}
- wholeScript.append("{ \""+ "key" +"\":\""+ KEY+"\", \""+ "y" +"\":"+VALUE+"}, \n");
+ wholeScript.append("{ \""+ "key" +"\":\""+ key+"\", \""+ "y" +"\":"+value+"}, \n");
}
StringBuffer color = new StringBuffer("");
diff --git a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
index 7441508a..f5039df4 100644
--- a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
+++ b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
@@ -15,7 +15,7 @@
</session-config>
<filter>
<filter-name>SecurityXssFilter</filter-name>
- <filter-class>org.onap.portalapp.filtersss.SecurityXssFilter</filter-class>
+ <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityXssFilter</filter-name>
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/util/EncDecUtilTest.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/util/EncDecUtilTest.java
deleted file mode 100644
index 926ed347..00000000
--- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/util/EncDecUtilTest.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * ============LICENSE_START==========================================
- * ONAP Portal SDK
- * ===================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- */
-package org.onap.portalsdk.core.util;
-
-import java.io.UnsupportedEncodingException;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.commons.codec.binary.Base64;
-
-public class EncDecUtilTest {
-
- private static final String WORD = "test";
- private static final String SALT = "r n�HN~��|f��X�";
- private static final int ITERATIONS = 65536;
- private static final int KEY_SIZE = 256;
- private byte[] ivBytes;
-
- public String encrypt(String plainText) throws UnsupportedEncodingException, GeneralSecurityException {
-
- // get salt
- // salt = generateSalt();
- byte[] saltBytes = SALT.getBytes("UTF-8");
-
- // Derive the key
- SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- PBEKeySpec spec = new PBEKeySpec(WORD.toCharArray(), saltBytes, ITERATIONS, KEY_SIZE);
-
- SecretKey secretKey = factory.generateSecret(spec);
- SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES");
-
- // encrypt the message
- Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
- cipher.init(Cipher.ENCRYPT_MODE, secret);
- AlgorithmParameters params = cipher.getParameters();
- ivBytes = params.getParameterSpec(IvParameterSpec.class).getIV();
- byte[] encryptedTextBytes = cipher.doFinal(plainText.getBytes("UTF-8"));
- return Base64.encodeBase64String(encryptedTextBytes);
- }
-
- public String decrypt(String encryptedText) throws UnsupportedEncodingException, GeneralSecurityException {
- byte[] saltBytes = SALT.getBytes("UTF-8");
- byte[] encryptedTextBytes = Base64.decodeBase64(encryptedText);
-
- // Derive the key
- SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- PBEKeySpec spec = new PBEKeySpec(WORD.toCharArray(), saltBytes, ITERATIONS, KEY_SIZE);
-
- SecretKey secretKey = factory.generateSecret(spec);
- SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES");
-
- // Decrypt the message
- Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
- cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(ivBytes));
-
- byte[] decryptedTextBytes = cipher.doFinal(encryptedTextBytes);
- return new String(decryptedTextBytes);
- }
-
- public String generateSalt() {
- SecureRandom random = new SecureRandom();
- byte [] bytes = new byte[20];
- random.nextBytes(bytes);
- return new String(bytes);
- }
-} \ No newline at end of file
diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml
index bb390560..8cae0a58 100644
--- a/ecomp-sdk/pom.xml
+++ b/ecomp-sdk/pom.xml
@@ -134,6 +134,19 @@
</lifecycleMappingMetadata>
</configuration>
</plugin>
+ <!-- maven-site-plugin config is provided by OParent -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>3.6</version>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.wagon</groupId>
+ <artifactId>wagon-webdav-jackrabbit</artifactId>
+ <version>2.10</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</pluginManagement>