summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
diff options
context:
space:
mode:
authorst782s <statta@research.att.com>2017-11-22 11:41:10 -0500
committerSunder Tattavarada <statta@research.att.com>2017-11-28 20:24:36 +0000
commited07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (patch)
treeee4a6e53f01f15057f32b86f271c9b6d02b25615 /ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
parent418d7273d6d8f6fed2698df89c9910be8498a677 (diff)
Harden code
Issue-ID: PORTAL-145,PORTAL-119 Harden code to address SQL injecton, XSS vulnerabilities; Separate docker images for portal, sdk app and DMaaPBC ui Change-Id: I85fad4d3fcee3243207b8f0dfe21beaa41602204 Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java')
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java4
1 files changed, 2 insertions, 2 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
index 03c8214d..171dc7c8 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
@@ -500,7 +500,7 @@ public class ReportRuntime extends ReportWrapper implements Cloneable, Serializa
for (int i = 0; i < scheduleSessionParam.length; i++) {
//debugLogger.debug(" scheduleSessionParam[i] " + scheduleSessionParam[i] + " " + request.getParameter(scheduleSessionParam[i]) );
if(request.getParameter(scheduleSessionParam[i])!=null)
- paramList.add(new IdNameValue(scheduleSessionParam[i].toUpperCase(), request.getParameter(scheduleSessionParam[i])));
+ paramList.add(new IdNameValue(ESAPI.encoder().canonicalize(scheduleSessionParam[i].toUpperCase()), ESAPI.encoder().canonicalize(request.getParameter(scheduleSessionParam[i]))));
}
}
@@ -531,7 +531,7 @@ public class ReportRuntime extends ReportWrapper implements Cloneable, Serializa
String scheduleSessionDispParam = scheduleSessionParam[i];
if(nvl(scheduleSessionDispParam).length()>0) {
String scheduleSessionDispParamArr[] = scheduleSessionDispParam.split(";");
- paramList.add(new IdNameValue(scheduleSessionDispParamArr[1], nvl(request.getParameter(scheduleSessionDispParamArr[0]),"")));
+ paramList.add(new IdNameValue(ESAPI.encoder().canonicalize(scheduleSessionDispParamArr[1]), ESAPI.encoder().canonicalize(nvl(request.getParameter(scheduleSessionDispParamArr[0]),""))));
}
}
}