diff options
| author |   Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:22:19 -0400 |
|---|---|---|
| committer | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:44:33 -0400 |
| commit | e3982f6c2a13c903947a66d89e1af1ccbb161e5f (patch) | |
| tree | 07db289541228dfaef258c267dd33635c33ebb34 /ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java | |
| parent | ddd8720d597fc9053a455b10445fb253adbc4bf7 (diff) | |
Role management; security vulnerabilities.
Extend user/role management interface to allow role deletion.
Add filters to defend against common web Javascript attacks.
Drop Greensock code with unusable license.
Use OParent in EPSDK web application.
Issue: US324470, US342324, PORTAL-127
Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142
Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java')
| -rw-r--r-- | ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java index 8a5e7e3c..b4c6faac 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/ReportHandler.java @@ -108,6 +108,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.io.FilenameUtils; import org.apache.poi.hssf.usermodel.HSSFCell; import org.apache.poi.hssf.usermodel.HSSFCellStyle; import org.apache.poi.hssf.usermodel.HSSFDateUtil; @@ -2791,8 +2792,8 @@ public class ReportHandler extends org.onap.portalsdk.analytics.RaptorObject { logger.debug(EELFLoggerDelegate.debugLogger, ("Xls File name " + AppUtils.getTempFolderPath() + xlsFName)); - FileOutputStream xlsOut = new FileOutputStream(AppUtils.getTempFolderPath() - + xlsFName); + FileOutputStream xlsOut = new FileOutputStream(FilenameUtils.normalize(AppUtils.getTempFolderPath() + + xlsFName)); // BufferedWriter xlsOut = new BufferedWriter(new // FileWriter(AppUtils // .getTempFolderPath() @@ -2904,8 +2905,8 @@ public class ReportHandler extends org.onap.portalsdk.analytics.RaptorObject { for(Iterator iter = setReportRuntime.iterator(); iter.hasNext(); ) { count++; try { - xlsIn = new FileInputStream (AppUtils.getTempFolderPath() - + xlsFName); + xlsIn = new FileInputStream (FilenameUtils.normalize(AppUtils.getTempFolderPath() + + xlsFName)); } catch (FileNotFoundException e) { System.out.println ("File not found in the specified path."); @@ -2914,11 +2915,11 @@ public class ReportHandler extends org.onap.portalsdk.analytics.RaptorObject { if(xlsIn != null) { fileSystem = new POIFSFileSystem (xlsIn); wb = new HSSFWorkbook(fileSystem); - xlsOut = new FileOutputStream(AppUtils.getTempFolderPath() - + xlsFName); + xlsOut = new FileOutputStream(FilenameUtils.normalize(AppUtils.getTempFolderPath() + + xlsFName)); } else { - xlsOut = new FileOutputStream(AppUtils.getTempFolderPath() - + xlsFName); + xlsOut = new FileOutputStream(FilenameUtils.normalize(AppUtils.getTempFolderPath() + + xlsFName)); wb = new HSSFWorkbook(); } |