From 944ec97d2b75bf63d596c529dc495c74e2cc7033 Mon Sep 17 00:00:00 2001
From: st398c <st398c@research.att.com>
Date: Wed, 29 May 2019 15:03:01 -0400
Subject: AtomicPutWithDeleteLock Copy Report, SQL Injection

Issue-ID: PORTAL-581, PORTAL-582,PORTAL-583, PORTAL-594

Change-Id: Ibbd7a2a63f41a75109fb3916a5de1ab6a0bacfe2
Signed-off-by: st398c <st398c@research.att.com>
---
 .../system/fusion/web/RaptorControllerAsync.java        | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

(limited to 'ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java')

diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java
index dbecbbd8..9e11affe 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java
@@ -452,6 +452,7 @@ public class RaptorControllerAsync extends RestrictedBaseController {
 			ReportDefinition rdef = rh.loadReportDefinition(request, reportID);
 			rdef.setAsCopy(request);
 			request.getSession().setAttribute(AppConstants.SI_REPORT_DEFINITION, rdef);
+			request.getSession().setAttribute("COPY_REPORT_EVENT", "true");
 			messageJSON.setMessage("Success- Report Copied.");
 			messageJSON.setAnyStacktrace(rdef.getReportID() + " is Modified and added to session and DB.");
 
@@ -671,12 +672,10 @@ public class RaptorControllerAsync extends RestrictedBaseController {
 		ReportRuntime rr = null;
 		boolean newReport = false;
 		MessageJSON messageJSON = new MessageJSON();
-		if("-1".equals(id)) {
-			id = "Create";
-		}
 		try {
-			if (id.equals("InSession")) {
-				rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
+			String copyReportEvent = (String)request.getSession().getAttribute("COPY_REPORT_EVENT");
+			if (id.equals("InSession") || "true".equals(copyReportEvent)) {
+			    rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
 				newReport = false;
 
 			} else if (id.equals("Create")) {
@@ -833,7 +832,7 @@ public class RaptorControllerAsync extends RestrictedBaseController {
 				persistReportDefinition(request, rdef);
 			messageJSON.setMessage("Success Definition of given report is saved in session.");
 			messageJSON.setAnyStacktrace((newReport ? " New Report info is added to Session "
-					: rdef.getReportID() + " is Modified and added to session and DB."));
+					: rdef.getReportID() + "- is Modified and added to session and DB."));
 
 		} catch (Exception ex) {
 			messageJSON.setMessage("Error occured while saving definition Tab");
@@ -1389,9 +1388,9 @@ public class RaptorControllerAsync extends RestrictedBaseController {
 		if (!Globals.isSystemInitialized()) {
 			Globals.initializeSystem(servletContext);
 		}
-
-		if (tabId.equals("Def") && id.equals("InSession")) {
-			rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
+		String copyReportEvent = (String)request.getSession().getAttribute("COPY_REPORT_EVENT");
+		if (tabId.equals("Def") && id.equals("InSession") || "true".equals(copyReportEvent)) {
+		    rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
 			newReport = false;
 
 		} else if (tabId.equals("Def") && id.equals("Create")) {
-- 
cgit 1.2.3-korg