From 69062c0ec148ccadaced3ef1d6eff63ba422c055 Mon Sep 17 00:00:00 2001 From: st782s Date: Wed, 3 Jan 2018 14:30:16 -0500 Subject: Harden code Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118 Harden code to address SQL injecton, XSS vulnerabilities; Separate docker images for portal, sdk app and DMaaPBC ui; Missing error page Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d Signed-off-by: st782s --- .../src/main/resources/ESAPI.properties | 2 +- .../src/main/webapp/WEB-INF/jsp/error.jsp | 38 ++++++++++++++++++++-- .../ds2-admin/modals/role-function-add.html | 17 ++++++++-- .../DS2-view-models/ds2-admin/role_list.html | 2 +- .../src/main/webapp/app/fusion/styles/ecomp.css | 11 +++++++ 5 files changed, 62 insertions(+), 8 deletions(-) (limited to 'ecomp-sdk/epsdk-app-overlay') diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties index d06d602c..3bf78f70 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties +++ b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties @@ -6,7 +6,7 @@ # If you need to troubleshoot a properties related problem, turning this on may help. # This is 'false' in the src/test/resources/.esapi version. It is 'true' by # default for reasons of backward compatibility with earlier ESAPI versions. -ESAPI.printProperties=true +ESAPI.printProperties=false # ESAPI is designed to be easily extensible. You can use the reference implementation # or implement your own providers to take advantage of your enterprise's security diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp index 3f31fe0a..8e1c3a5e 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp +++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/jsp/error.jsp @@ -6,7 +6,7 @@ =================================================================== Unless otherwise specified, all software contained herein is licensed - under the Apache License, Version 2.0 (the “License”); + under the Apache License, Version 2.0 (the "License"); you may not use this software except in compliance with the License. You may obtain a copy of the License at @@ -19,7 +19,7 @@ limitations under the License. Unless otherwise specified, all documentation contained herein is licensed - under the Creative Commons License, Attribution 4.0 Intl. (the “License”); + under the Creative Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except in compliance with the License. You may obtain a copy of the License at @@ -35,4 +35,36 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property. --%> -${errMsg} +<%@ page language="java" contentType="text/html;" + pageEncoding="US-ASCII" isErrorPage="true"%> + + + + + Error Page + + +

Something went wrong. Please go back to the previous page or + try again later.

+ +

Please see the exception:

+ + + + + + + + + + + + + + + + +

Error:	${pageContext.exception}
URI:	${pageContext.errorData.requestURI}
Status code:	${pageContext.errorData.statusCode}

+ + + \ No newline at end of file diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html index a6912571..531c55e5 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html +++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/modals/role-function-add.html @@ -12,18 +12,29 @@ style="height: 145px;">

- Name *Name

+ Name is Required +

- Code *Code

+ Code is Required +

+ +

Something went wrong. Please go back to the previous page or + try again later.

Please see the exception:

Click on a Role to view its details.