diff options
author | st782s <statta@research.att.com> | 2017-11-22 11:41:10 -0500 |
---|---|---|
committer | Sunder Tattavarada <statta@research.att.com> | 2017-11-28 20:24:36 +0000 |
commit | ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (patch) | |
tree | ee4a6e53f01f15057f32b86f271c9b6d02b25615 /ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest | |
parent | 418d7273d6d8f6fed2698df89c9910be8498a677 (diff) |
Harden code
Issue-ID: PORTAL-145,PORTAL-119
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui
Change-Id: I85fad4d3fcee3243207b8f0dfe21beaa41602204
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest')
-rw-r--r-- | ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java | 28 |
1 files changed, 4 insertions, 24 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java index 91f019be..a752055f 100644 --- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java +++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java @@ -51,7 +51,6 @@ import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; import org.owasp.esapi.ESAPI; - /** * Simple REST client for GET, POST and DELETE operations against the Portal * application. @@ -211,7 +210,9 @@ public class RestWebServiceClient { // add request header con.setRequestProperty("uebkey", appUebKey); - con.setRequestProperty("LoginId", ESAPI.encoder().canonicalize(loginId)); + if (loginId != null) { + con.setRequestProperty("LoginId", ESAPI.encoder().canonicalize(loginId)); + } con.setRequestProperty("user-agent", appName); con.setRequestProperty("X-ECOMP-RequestID", requestId); con.setRequestProperty("username", appUserName); @@ -527,31 +528,10 @@ public class RestWebServiceClient { int bytes; while ((bytes = in.read(buf)) > 0) sb.append(new String(buf, 0, bytes)); - } - catch (Exception ex) { + } catch (Exception ex) { logger.error("readAndCloseStream", ex); } return sb.toString(); } - /** - * Basic unit test for the client to call Portal app on localhost. - * - * @param args - * Ignored - * @throws IOException - * On failure - */ - public static void main(String[] args) throws IOException { - RestWebServiceClient client = RestWebServiceClient.getInstance(); - final String getUrl = "http://www.ecomp.openecomp.org:8080/ecompportal/auxapi/analytics"; - String get = client.get(getUrl, "userId", "appName", null, "appUebKey", "appUserName", "appPassword", null); - System.out.println("Get result:\n" + get); - final String postUrl = "http://www.ecomp.openecomp.org:8080/ecompportal/auxapi/storeAnalytics"; - final String content = " { " + " \"action\" : \"test1\", " + " \"page\" : \"test2\", " - + " \"function\" : \"test3\", " + " \"userid\" : \"ab1234\" " + "}"; - String post = client.post(postUrl, "userId", "appName", null, "appUebKey", "appUserName", "appPassword", - "application/json", content, true); - System.out.println("Post result:\n" + post); - } } |