summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-overlay
diff options
context:
space:
mode:
authorst782s <statta@research.att.com>2018-01-03 14:30:16 -0500
committerTATTAVARADA <statta@research.att.com>2018-01-03 14:31:40 -0500
commit69062c0ec148ccadaced3ef1d6eff63ba422c055 (patch)
tree153af87b560baa991263ad66797f44e1c475431f /ecomp-sdk/epsdk-app-overlay
parented07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (diff)
Harden code
Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118 Harden code to address SQL injecton, XSS vulnerabilities; Separate docker images for portal, sdk app and DMaaPBC ui; Missing error page Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-overlay')
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties2
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp38
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html17
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html2
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css11
5 files changed, 62 insertions, 8 deletions
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
index d06d602c..3bf78f70 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
@@ -6,7 +6,7 @@
# If you need to troubleshoot a properties related problem, turning this on may help.
# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
# default for reasons of backward compatibility with earlier ESAPI versions.
-ESAPI.printProperties=true
+ESAPI.printProperties=false
# ESAPI is designed to be easily extensible. You can use the reference implementation
# or implement your own providers to take advantage of your enterprise's security
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp
index 3f31fe0a..8e1c3a5e 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp
@@ -6,7 +6,7 @@
===================================================================
Unless otherwise specified, all software contained herein is licensed
- under the Apache License, Version 2.0 (the “License”);
+ under the Apache License, Version 2.0 (the "License");
you may not use this software except in compliance with the License.
You may obtain a copy of the License at
@@ -19,7 +19,7 @@
limitations under the License.
Unless otherwise specified, all documentation contained herein is licensed
- under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+ under the Creative Commons License, Attribution 4.0 Intl. (the "€License"€);
you may not use this documentation except in compliance with the License.
You may obtain a copy of the License at
@@ -35,4 +35,36 @@
ECOMP is a trademark and service mark of AT&T Intellectual Property.
--%>
-${errMsg}
+<%@ page language="java" contentType="text/html;"
+ pageEncoding="US-ASCII" isErrorPage="true"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html;">
+ <title>Error Page</title>
+ </head>
+ <body>
+ <h1>Something went wrong. Please go back to the previous page or
+ try again later.</h1>
+
+ <h3>Please see the exception:</h3>
+
+ <table width="100%" border="1">
+ <tr valign="top">
+ <td width="40%"><b>Error:</b></td>
+ <td>${pageContext.exception}</td>
+ </tr>
+
+ <tr valign="top">
+ <td><b>URI:</b></td>
+ <td>${pageContext.errorData.requestURI}</td>
+ </tr>
+
+ <tr valign="top">
+ <td><b>Status code:</b></td>
+ <td>${pageContext.errorData.statusCode}</td>
+ </tr>
+ </table>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html
index a6912571..531c55e5 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html
@@ -12,18 +12,29 @@
style="height: 145px;">
<div class="field-group">
- Name <input id="textinputID-2a" ddh-reset ng-model="roleFun['name']"
+ <span ID="required" style="color: Red;" visible="false"> *</span>Name <input id="textinputID-2a" ddh-reset ng-model="roleFun['name']"
placeholder="Name" class="span12" type="text">
</div>
+ <div class="error-container"
+ ng-show="!roleFun['name']||roleFun['name']==0">
+ <small id="name-required" class="err-message">Name is Required</small>
+ </div>
+ <br>
<div class="field-group">
- Code <input id="textinputID-2a" ddh-reset ng-model="roleFun['code']"
+ <span ID="required" style="color: Red;" visible="false"> *</span>Code <input id="textinputID-2a" ddh-reset ng-model="roleFun['code']"
placeholder="Code" class="span12" type="text">
</div>
+ <div class="error-container"
+ ng-show="!roleFun['code']||roleFun['code']==0">
+ <small id="code-required" class="err-message">Code is Required</small>
+ </div>
+
</div>
+ <br>
<div class="b2b-modal-footer ng-scope ng-isolate-scope in">
<div class="cta-button-group in">
- <button class="btn btn-alt btn-medium" type="button"
+ <button class="btn btn-alt btn-medium" type="button" ng-disabled= "(!roleFun['name']||roleFun['name']==0)|| (!roleFun['code']||roleFun['code']==0)"
ng-click="save(roleFun);">Create</button>
<button class="btn btn-medium" type="button"
ng-click="$dismiss('cancel')">Cancel</button>
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html
index e325b8ab..e8820f95 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html
@@ -9,7 +9,7 @@
</div>
<div ng-hide="showLoader">
<div>
- <button type="submit" ng-click="addRoleFuncPopUp(rowData);" class="btn btn-alt btn-small" ng-if="isAppCentralized=='false'">Add New Role</button>
+ <button type="submit" onClick="window.location='admin#/role/0';" class="btn btn-alt btn-small" ng-if="isAppCentralized=='false'">Add New Role</button>
</div>
<h2 class="heading-small" ng-if="isAppCentralized=='false'">Click on a Role to view its details.</h2>
<table class="striped" ng-if="availableRoleFunctions" style="width: auto;">
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css
index 4c780f38..635ede44 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css
@@ -180,4 +180,15 @@ p,a{
max-height:300px;
overflow:auto;
display:block
+}
+.error-container {
+ position: absolute;
+ width: 220px;
+ display: block;
+ height: 12px;
+ line-height: 12px;
+}
+.err-message {
+ color: #cf2a2a;
+ font-size: 10px;
} \ No newline at end of file