diff options
Diffstat (limited to 'ecomp-sdk/epsdk-app-os')
-rw-r--r-- | ecomp-sdk/epsdk-app-os/README.md | 1 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-app-os/pom.xml | 14 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java | 21 |
3 files changed, 32 insertions, 4 deletions
diff --git a/ecomp-sdk/epsdk-app-os/README.md b/ecomp-sdk/epsdk-app-os/README.md index f74d043f..7304bd1c 100644 --- a/ecomp-sdk/epsdk-app-os/README.md +++ b/ecomp-sdk/epsdk-app-os/README.md @@ -18,6 +18,7 @@ Version 2.1.0 - PORTAL 160 Refer epsdk-app-common - PORTAL 159 Refer epsdk-app-common - PORTAL 136 Junits for SDK +- PORTAL 155 Review security issues: portal Version 1.4.0 - PORTAL-19 Rename Java package base to org.onap diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml index 059c5ea0..5ce068b9 100644 --- a/ecomp-sdk/epsdk-app-os/pom.xml +++ b/ecomp-sdk/epsdk-app-os/pom.xml @@ -10,7 +10,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>2.1.0</version> + <version>2.1.1</version> </parent> <!-- GroupId is inherited from parent --> @@ -252,17 +252,17 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.mchange</groupId> @@ -295,6 +295,12 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.json</groupId> diff --git a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java index aad01286..be3b685d 100644 --- a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java +++ b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java @@ -44,6 +44,9 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; import javax.servlet.FilterChain; import javax.servlet.ReadListener; @@ -73,9 +76,27 @@ public class SecurityXssFilter extends OncePerRequestFilter { public class RequestWrapper extends HttpServletRequestWrapper { private ByteArrayOutputStream cachedBytes; + + private Map parameter = new HashMap(); + + @SuppressWarnings("unchecked") public RequestWrapper(HttpServletRequest request) { super(request); + Enumeration<String> parameterNames = request.getParameterNames(); + while (parameterNames.hasMoreElements()) { + String paramName = parameterNames.nextElement(); + String paramValue = request.getParameter(paramName); + parameter.put(paramName,paramValue); + } + } + + @Override + public String getParameter(String name) { + if (parameter != null) { + return (String) parameter.get(name); + } + return null; } @Override |