security and Pom chanagesrelease-2.1.1

Issue-ID: PORTAL-155

provided fixes for security issues

Change-Id: I00a06dffe4c6efecff57272949fea9d0a614018c
Signed-off-by: sm921c <sm921c@att.com>

3 files changed, 32 insertions, 4 deletions

diff --git a/ecomp-sdk/epsdk-app-os/README.md b/ecomp-sdk/epsdk-app-os/README.md
index f74d043f..7304bd1c 100644
--- a/ecomp-sdk/epsdk-app-os/README.md
+++ b/ecomp-sdk/epsdk-app-os/README.md
@@ -18,6 +18,7 @@ Version 2.1.0
 - PORTAL 160 Refer epsdk-app-common
 - PORTAL 159 Refer epsdk-app-common
 - PORTAL 136 Junits for SDK
+- PORTAL 155 Review security issues: portal
 
 Version 1.4.0
 - PORTAL-19 Rename Java package base to org.onap
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index 059c5ea0..5ce068b9 100644
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
@@ -252,17 +252,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.mchange</groupId>
@@ -295,6 +295,12 @@
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
 			<version>2.2.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.lucene</groupId>
+					<artifactId>lucene-queryparser</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.json</groupId>
diff --git a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
index aad01286..be3b685d 100644
--- a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -44,6 +44,9 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ReadListener;
@@ -73,9 +76,27 @@ public class SecurityXssFilter extends OncePerRequestFilter {
 	public class RequestWrapper extends HttpServletRequestWrapper {
 
 		private ByteArrayOutputStream cachedBytes;
+		
+		private Map parameter = new HashMap();
+
+		@SuppressWarnings("unchecked")
 
 		public RequestWrapper(HttpServletRequest request) {
 			super(request);
+			Enumeration<String> parameterNames = request.getParameterNames();
+			while (parameterNames.hasMoreElements()) {
+				String paramName = parameterNames.nextElement();
+				String paramValue = request.getParameter(paramName);
+				parameter.put(paramName,paramValue);
+			}
+		}
+
+		@Override
+		public String getParameter(String name) {
+			if (parameter != null) {
+				return (String) parameter.get(name);
+			}
+			return null;
 		}
 
 		@Override