diff options
author | st782s <statta@research.att.com> | 2018-01-03 14:30:16 -0500 |
---|---|---|
committer | TATTAVARADA <statta@research.att.com> | 2018-01-03 14:31:40 -0500 |
commit | 69062c0ec148ccadaced3ef1d6eff63ba422c055 (patch) | |
tree | 153af87b560baa991263ad66797f44e1c475431f /ecomp-sdk/epsdk-analytics/src | |
parent | ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (diff) |
Harden code
Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui; Missing error page
Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-analytics/src')
-rw-r--r-- | ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java index a6043ea7..863f510c 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java @@ -295,7 +295,7 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject { } else { rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%%') "; } - sql = sql.replace("[fReportName]", ESAPI.encoder().encodeForSQL( SecurityCodecUtil.getCodec(),rep_name_sql)); + sql = sql.replace("[fReportName]",rep_name_sql); if (menuId.length() > 0){ /*sql += "AND INSTR('|'||cr.menu_id||'|', '|'||'" + menuId + "'||'|') > 0 " |