From 69062c0ec148ccadaced3ef1d6eff63ba422c055 Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Wed, 3 Jan 2018 14:30:16 -0500
Subject: Harden code

Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118

Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui; Missing error page

Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d
Signed-off-by: st782s <statta@research.att.com>
---
 .../src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ecomp-sdk/epsdk-analytics/src/main')

diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java
index a6043ea7..863f510c 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java
@@ -295,7 +295,7 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject {
 		} else {
 			rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%%') ";
 		}
-		sql = sql.replace("[fReportName]", ESAPI.encoder().encodeForSQL( SecurityCodecUtil.getCodec(),rep_name_sql));
+		sql = sql.replace("[fReportName]",rep_name_sql);
 
 		if (menuId.length() > 0){
 			/*sql += "AND INSTR('|'||cr.menu_id||'|', '|'||'" + menuId + "'||'|') > 0 "
-- 
cgit 1.2.3-korg