summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoraribeiro <anderson.ribeiro@est.tech>2021-08-09 22:08:42 +0100
committerMichael Morris <michael.morris@est.tech>2021-08-11 08:24:08 +0000
commit7c8f40bc6df4a5a4d5822e48ecbe5ebe6a0d251a (patch)
treee17aa14e6e7f89cc5c98e303fec1b872625f7989
parent47bcc63a9daff1f310125fed006f27c93656fa83 (diff)
Fix critical cross site scripting
xss (cross site scripting) issue identified in sonarcloud Issue-ID: SDC-3607 Signed-off-by: aribeiro <anderson.ribeiro@est.tech> Change-Id: I729f14587154a02759ec62d5134cd115ac6eff38
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java7
1 files changed, 4 insertions, 3 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
index 6378b996cf..97c4ac60fa 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
@@ -113,7 +113,7 @@ public class PortalServlet extends HttpServlet {
* @throws IOException
*/
private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response)
- throws ServletException, IOException {
+ throws ServletException, IOException, CipherUtilException {
response.setContentType("text/html");
// Create new request object to dispatch
MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request);
@@ -243,12 +243,13 @@ public class PortalServlet extends HttpServlet {
* @param request
* @param headers
*/
- private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) {
+ private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers)
+ throws CipherUtilException {
for (var i = 0; i < headers.length; i++) {
final var currHeader = ValidationUtils.sanitizeInputString(headers[i]);
final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader));
if (headerValue != null) {
- final var cookie = new Cookie(currHeader, headerValue);
+ final var cookie = new Cookie(currHeader, CipherUtil.encryptPKC(headerValue));
cookie.setSecure(true);
response.addCookie(cookie);
}