Harden code

Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118 Harden code to address SQL injecton, XSS vulnerabilities; Separate docker images for portal, sdk app and DMaaPBC ui; Missing error page Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d Signed-off-by: st782s <statta@research.att.com>
author: st782s <statta@research.att.com> 2018-01-03 14:30:16 -0500
committer: TATTAVARADA <statta@research.att.com> 2018-01-03 14:31:40 -0500
commit: 69062c0ec148ccadaced3ef1d6eff63ba422c055 (patch)
tree: 153af87b560baa991263ad66797f44e1c475431f /ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java
parent: ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java
index 316f35cd..c4f0d430 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java
@@ -45,8 +45,10 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.json.JSONObject;
+import org.onap.portalapp.util.SecurityXssValidator;
 import org.onap.portalsdk.core.controller.RestrictedBaseController;
 import org.onap.portalsdk.core.domain.BroadcastMessage;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.service.BroadcastService;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.onap.portalsdk.core.web.support.AppUtils;
@@ -65,6 +67,8 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 @RequestMapping("/")
 public class BroadcastController extends RestrictedBaseController {
 
+	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(BroadcastController.class);
+	
 	@Autowired
 	private BroadcastService broadcastService;
 
@@ -77,7 +81,7 @@ public class BroadcastController extends RestrictedBaseController {
 			model.put("broadcastMessage", mapper.writeValueAsString(broadcastService.getBroadcastMessage(request)));
 			model.put("broadcastSites", mapper.writeValueAsString(referenceData(request).get("broadcastSites")));
 		} catch (Exception e) {
-			e.printStackTrace();
+			logger.error(EELFLoggerDelegate.errorLogger, "broadcast() failed", e);
 		}
 		return new ModelAndView(getViewName(), model);
 	}
@@ -96,7 +100,7 @@ public class BroadcastController extends RestrictedBaseController {
 			response.getWriter().write(j.toString());
 
 		} catch (Exception e) {
-			e.printStackTrace();
+			logger.error(EELFLoggerDelegate.errorLogger, "getBroadcast() failed", e);
 		}
 
 	}
@@ -141,7 +145,8 @@ public class BroadcastController extends RestrictedBaseController {
 			response.setCharacterEncoding("UTF-8");
 			request.setCharacterEncoding("UTF-8");
 			PrintWriter out = response.getWriter();
-			out.write(e.getMessage());
+			out.write("An error occurred while saving the BroadcastMessage in the save () mapping-/broadcast/save   ");
+			logger.error(EELFLoggerDelegate.errorLogger, "save() failed", e);
 			return null;
 		}
author	st782s <statta@research.att.com>	2018-01-03 14:30:16 -0500
committer	TATTAVARADA <statta@research.att.com>	2018-01-03 14:31:40 -0500
commit	69062c0ec148ccadaced3ef1d6eff63ba422c055 (patch)
tree	153af87b560baa991263ad66797f44e1c475431f /ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java
parent	ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (diff)