From d832e0acf41e74b6036ae256429a127252782f1b Mon Sep 17 00:00:00 2001 From: st398c Date: Tue, 23 Jul 2019 14:02:06 -0400 Subject: Blackduck scan fixes and PenTest Issue-ID: PORTAL-631 Change-Id: I606837e3aefd0bbb7ff45ac2e597d214da06e7ed Signed-off-by: st398c --- .../onap/portalsdk/core/web/support/UserUtils.java | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'ecomp-sdk/epsdk-core') diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java index bb58e647..f69a6dda 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java @@ -56,6 +56,7 @@ import javax.servlet.http.HttpSession; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.RoleFunction; import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.UserApp; import org.onap.portalsdk.core.exception.SessionExpiredException; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.menu.MenuBuilder; @@ -72,6 +73,8 @@ public class UserUtils { private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserUtils.class); public static final String KEY_USER_ROLES_CACHE = "userRoles"; + + private static final String DISPLAY_TEXT = "*******"; public static void setUserSession(HttpServletRequest request, User user, Set applicationMenuData, Set businessDirectMenuData, String loginMethod, List roleFunctionList) { @@ -393,5 +396,20 @@ public class UserUtils { ecompRoleFunction.setAction(rolefun.getAction()); return ecompRoleFunction; } - + public static Set getUserApps(Set userCurrentApps) + { + Set userapplications = new HashSet<>(); + for (UserApp userApp : userCurrentApps) { + obfuscateSensitiveDataUserApps(userApp); + userapplications.add(userApp); + } + return userapplications; + } + + private static void obfuscateSensitiveDataUserApps(UserApp userApp) + { + userApp.getApp().setAppPassword(DISPLAY_TEXT); + userApp.getApp().setUebKey(DISPLAY_TEXT); + userApp.getApp().setUebSecret(DISPLAY_TEXT); + } } -- cgit 1.2.3-korg