diff options
author | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:22:19 -0400 |
---|---|---|
committer | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:44:33 -0400 |
commit | e3982f6c2a13c903947a66d89e1af1ccbb161e5f (patch) | |
tree | 07db289541228dfaef258c267dd33635c33ebb34 /ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/AppUtils.java | |
parent | ddd8720d597fc9053a455b10445fb253adbc4bf7 (diff) |
Role management; security vulnerabilities.
Extend user/role management interface to allow role deletion.
Add filters to defend against common web Javascript attacks.
Drop Greensock code with unusable license.
Use OParent in EPSDK web application.
Issue: US324470, US342324, PORTAL-127
Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142
Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/AppUtils.java')
-rw-r--r-- | ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/AppUtils.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/AppUtils.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/AppUtils.java index 96bc609f..55735090 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/AppUtils.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/AppUtils.java @@ -47,6 +47,8 @@ import javax.servlet.http.HttpServletRequest; import org.onap.portalsdk.analytics.error.RaptorException; import org.onap.portalsdk.analytics.util.AppConstants; import org.onap.portalsdk.analytics.util.HtmlStripper; +import org.onap.portalsdk.core.util.SecurityCodecUtil; +import org.owasp.esapi.ESAPI; public class AppUtils /* implements IAppUtils */{ private static String baseURL = null; @@ -69,7 +71,7 @@ public class AppUtils /* implements IAppUtils */{ public static String getRequestValue(HttpServletRequest request, String valueID) { String value = (String) request.getAttribute(valueID); if (value == null) - value = request.getParameter(valueID); + value = ESAPI.encoder().encodeForSQL( SecurityCodecUtil.getCodec(), request.getParameter(valueID)); return value; } // getRequestValue |