diff options
| author |   st782s <statta@research.att.com> | 2018-01-03 14:30:16 -0500 |
|---|---|---|
| committer | TATTAVARADA <statta@research.att.com> | 2018-01-03 14:31:40 -0500 |
| commit | 69062c0ec148ccadaced3ef1d6eff63ba422c055 (patch) | |
| tree | 153af87b560baa991263ad66797f44e1c475431f /ecomp-sdk/epsdk-app-overlay | |
| parent | ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (diff) | |
Harden code
Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui; Missing error page
Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-overlay')
5 files changed, 62 insertions, 8 deletions
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties index d06d602c..3bf78f70 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties +++ b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties @@ -6,7 +6,7 @@ # If you need to troubleshoot a properties related problem, turning this on may help. # This is 'false' in the src/test/resources/.esapi version. It is 'true' by # default for reasons of backward compatibility with earlier ESAPI versions. -ESAPI.printProperties=true +ESAPI.printProperties=false # ESAPI is designed to be easily extensible. You can use the reference implementation # or implement your own providers to take advantage of your enterprise's security diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp index 3f31fe0a..8e1c3a5e 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp +++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp @@ -6,7 +6,7 @@ =================================================================== Unless otherwise specified, all software contained herein is licensed - under the Apache License, Version 2.0 (the “License”); + under the Apache License, Version 2.0 (the "License"); you may not use this software except in compliance with the License. You may obtain a copy of the License at @@ -19,7 +19,7 @@ limitations under the License. Unless otherwise specified, all documentation contained herein is licensed - under the Creative Commons License, Attribution 4.0 Intl. (the “License”); + under the Creative Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except in compliance with the License. You may obtain a copy of the License at @@ -35,4 +35,36 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property. --%> -${errMsg} +<%@ page language="java" contentType="text/html;" + pageEncoding="US-ASCII" isErrorPage="true"%> +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta http-equiv="Content-Type" content="text/html;"> + <title>Error Page</title> + </head> + <body> + <h1>Something went wrong. Please go back to the previous page or + try again later.</h1> + + <h3>Please see the exception:</h3> + + <table width="100%" border="1"> + <tr valign="top"> + <td width="40%"><b>Error:</b></td> + <td>${pageContext.exception}</td> + </tr> + + <tr valign="top"> + <td><b>URI:</b></td> + <td>${pageContext.errorData.requestURI}</td> + </tr> + + <tr valign="top"> + <td><b>Status code:</b></td> + <td>${pageContext.errorData.statusCode}</td> + </tr> + </table> + + </body> +</html>
\ No newline at end of file diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html index a6912571..531c55e5 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html +++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html @@ -12,18 +12,29 @@ style="height: 145px;"> <div class="field-group"> - Name <input id="textinputID-2a" ddh-reset ng-model="roleFun['name']" + <span ID="required" style="color: Red;" visible="false"> *</span>Name <input id="textinputID-2a" ddh-reset ng-model="roleFun['name']" placeholder="Name" class="span12" type="text"> </div> + <div class="error-container" + ng-show="!roleFun['name']||roleFun['name']==0"> + <small id="name-required" class="err-message">Name is Required</small> + </div> + <br> <div class="field-group"> - Code <input id="textinputID-2a" ddh-reset ng-model="roleFun['code']" + <span ID="required" style="color: Red;" visible="false"> *</span>Code <input id="textinputID-2a" ddh-reset ng-model="roleFun['code']" placeholder="Code" class="span12" type="text"> </div> + <div class="error-container" + ng-show="!roleFun['code']||roleFun['code']==0"> + <small id="code-required" class="err-message">Code is Required</small> + </div> + </div> + <br> <div class="b2b-modal-footer ng-scope ng-isolate-scope in"> <div class="cta-button-group in"> - <button class="btn btn-alt btn-medium" type="button" + <button class="btn btn-alt btn-medium" type="button" ng-disabled= "(!roleFun['name']||roleFun['name']==0)|| (!roleFun['code']||roleFun['code']==0)" ng-click="save(roleFun);">Create</button> <button class="btn btn-medium" type="button" ng-click="$dismiss('cancel')">Cancel</button> diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html index e325b8ab..e8820f95 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html +++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html @@ -9,7 +9,7 @@ </div> <div ng-hide="showLoader"> <div> - <button type="submit" ng-click="addRoleFuncPopUp(rowData);" class="btn btn-alt btn-small" ng-if="isAppCentralized=='false'">Add New Role</button> + <button type="submit" onClick="window.location='admin#/role/0';" class="btn btn-alt btn-small" ng-if="isAppCentralized=='false'">Add New Role</button> </div> <h2 class="heading-small" ng-if="isAppCentralized=='false'">Click on a Role to view its details.</h2> <table class="striped" ng-if="availableRoleFunctions" style="width: auto;"> diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css index 4c780f38..635ede44 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css +++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/styles/ecomp.css @@ -180,4 +180,15 @@ p,a{ max-height:300px; overflow:auto; display:block +} +.error-container { + position: absolute; + width: 220px; + display: block; + height: 12px; + line-height: 12px; +} +.err-message { + color: #cf2a2a; + font-size: 10px; }
\ No newline at end of file |