diff options
author | robertlo <wl849v@att.com> | 2018-01-08 17:08:00 -0500 |
---|---|---|
committer | robertlo <wl849v@att.com> | 2018-01-08 17:08:00 -0500 |
commit | 304033445a8333cd088910fc3e43ca9222237816 (patch) | |
tree | 403346f9dfc7da2a1535cb0ba3cd08e619c4c8ed /ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util | |
parent | 69062c0ec148ccadaced3ef1d6eff63ba422c055 (diff) |
Harden code
Issue-ID: PORTAL-145
Harden code to address Open Redirect in Portal SDK
Change-Id: If7e923366be11b78c1359dfe5b8fc14a2927c668
Signed-off-by: robertlo <wl849v@att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util')
-rw-r--r-- | ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java index 2d491cfa..c1776959 100644 --- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java +++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/SSOUtil.java @@ -45,6 +45,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.owasp.esapi.ESAPI; public class SSOUtil { @@ -69,7 +70,7 @@ public class SSOUtil { try { encodedAppURL = URLEncoder.encode(appURL, "UTF-8"); } catch (UnsupportedEncodingException ex) { - logger.error("getECOMPSSORedirectURL: Failed to encode app URL " + appURL, ex); + logger.error("getECOMPSSORedirectURL: Failed to encode app URL " + ESAPI.encoder().encodeForHTML(appURL), ex); } String portalURL = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL); if (portalURL == null || portalURL.length() == 0) { |