diff options
author | st782s <statta@research.att.com> | 2018-01-03 14:30:16 -0500 |
---|---|---|
committer | TATTAVARADA <statta@research.att.com> | 2018-01-03 14:31:40 -0500 |
commit | 69062c0ec148ccadaced3ef1d6eff63ba422c055 (patch) | |
tree | 153af87b560baa991263ad66797f44e1c475431f /ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample | |
parent | ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (diff) |
Harden code
Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui; Missing error page
Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample')
2 files changed, 10 insertions, 5 deletions
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java index 316f35cd..c4f0d430 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastController.java @@ -45,8 +45,10 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.json.JSONObject; +import org.onap.portalapp.util.SecurityXssValidator; import org.onap.portalsdk.core.controller.RestrictedBaseController; import org.onap.portalsdk.core.domain.BroadcastMessage; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.service.BroadcastService; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.AppUtils; @@ -65,6 +67,8 @@ import com.fasterxml.jackson.databind.ObjectMapper; @RequestMapping("/") public class BroadcastController extends RestrictedBaseController { + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(BroadcastController.class); + @Autowired private BroadcastService broadcastService; @@ -77,7 +81,7 @@ public class BroadcastController extends RestrictedBaseController { model.put("broadcastMessage", mapper.writeValueAsString(broadcastService.getBroadcastMessage(request))); model.put("broadcastSites", mapper.writeValueAsString(referenceData(request).get("broadcastSites"))); } catch (Exception e) { - e.printStackTrace(); + logger.error(EELFLoggerDelegate.errorLogger, "broadcast() failed", e); } return new ModelAndView(getViewName(), model); } @@ -96,7 +100,7 @@ public class BroadcastController extends RestrictedBaseController { response.getWriter().write(j.toString()); } catch (Exception e) { - e.printStackTrace(); + logger.error(EELFLoggerDelegate.errorLogger, "getBroadcast() failed", e); } } @@ -141,7 +145,8 @@ public class BroadcastController extends RestrictedBaseController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write("An error occurred while saving the BroadcastMessage in the save () mapping-/broadcast/save "); + logger.error(EELFLoggerDelegate.errorLogger, "save() failed", e); return null; } diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastListController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastListController.java index aeeaca56..2a9af812 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastListController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/sample/BroadcastListController.java @@ -121,7 +121,7 @@ public class BroadcastListController extends RestrictedBaseController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write("An error occurred while removing the BroadcastMessage in the remove ()"); logger.error(EELFLoggerDelegate.errorLogger, "remove() failed", e); return null; } @@ -156,7 +156,7 @@ public class BroadcastListController extends RestrictedBaseController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write("An error occurred while saving the BroadcastMessage in the toggleActive () "); logger.error(EELFLoggerDelegate.errorLogger, "toggleActive() failed", e); return null; } |