summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java
diff options
context:
space:
mode:
authorrobertlo <wl849v@att.com>2018-01-08 17:08:00 -0500
committerrobertlo <wl849v@att.com>2018-01-08 17:08:00 -0500
commit304033445a8333cd088910fc3e43ca9222237816 (patch)
tree403346f9dfc7da2a1535cb0ba3cd08e619c4c8ed /ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java
parent69062c0ec148ccadaced3ef1d6eff63ba422c055 (diff)
Harden code
Issue-ID: PORTAL-145 Harden code to address Open Redirect in Portal SDK Change-Id: If7e923366be11b78c1359dfe5b8fc14a2927c668 Signed-off-by: robertlo <wl849v@att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java')
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java
index 2d491cfa..c1776959 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java
@@ -45,6 +45,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.owasp.esapi.ESAPI;
public class SSOUtil {
@@ -69,7 +70,7 @@ public class SSOUtil {
try {
encodedAppURL = URLEncoder.encode(appURL, "UTF-8");
} catch (UnsupportedEncodingException ex) {
- logger.error("getECOMPSSORedirectURL: Failed to encode app URL " + appURL, ex);
+ logger.error("getECOMPSSORedirectURL: Failed to encode app URL " + ESAPI.encoder().encodeForHTML(appURL), ex);
}
String portalURL = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
if (portalURL == null || portalURL.length() == 0) {