From 69062c0ec148ccadaced3ef1d6eff63ba422c055 Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Wed, 3 Jan 2018 14:30:16 -0500
Subject: Harden code

Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118

Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui; Missing error page

Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d
Signed-off-by: st782s <statta@research.att.com>
---
 .../src/main/webapp/WEB-INF/jsp/error.jsp          | 38 ++++++++++++++++++++--
 1 file changed, 35 insertions(+), 3 deletions(-)

(limited to 'ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp')

diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp
index 3f31fe0a..8e1c3a5e 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp
@@ -6,7 +6,7 @@
   ===================================================================
  
   Unless otherwise specified, all software contained herein is licensed
-  under the Apache License, Version 2.0 (the “License”);
+  under the Apache License, Version 2.0 (the "License");
   you may not use this software except in compliance with the License.
   You may obtain a copy of the License at
  
@@ -19,7 +19,7 @@
   limitations under the License.
  
   Unless otherwise specified, all documentation contained herein is licensed
-  under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+  under the Creative Commons License, Attribution 4.0 Intl. (the "€License"€);
   you may not use this documentation except in compliance with the License.
   You may obtain a copy of the License at
  
@@ -35,4 +35,36 @@
  
   ECOMP is a trademark and service mark of AT&T Intellectual Property.
   --%>
-${errMsg}
+<%@ page language="java" contentType="text/html;"
+	pageEncoding="US-ASCII" isErrorPage="true"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+	<head>
+		<meta http-equiv="Content-Type" content="text/html;">
+		<title>Error Page</title>
+	</head>
+	<body>
+		<h1>Something went wrong. Please go back to the previous page or
+			try again later.</h1>
+			
+		<h3>Please see the exception:</h3>
+	
+		<table width="100%" border="1">
+			<tr valign="top">
+				<td width="40%"><b>Error:</b></td>
+				<td>${pageContext.exception}</td>
+			</tr>
+	
+			<tr valign="top">
+				<td><b>URI:</b></td>
+				<td>${pageContext.errorData.requestURI}</td>
+			</tr>
+	
+			<tr valign="top">
+				<td><b>Status code:</b></td>
+				<td>${pageContext.errorData.statusCode}</td>
+			</tr>
+		</table>
+	
+	</body>
+</html>
\ No newline at end of file
-- 
cgit 1.2.3-korg