diff options
author | aribeiro <anderson.ribeiro@est.tech> | 2021-07-23 15:10:54 +0100 |
---|---|---|
committer | Michael Morris <michael.morris@est.tech> | 2021-07-29 15:07:08 +0000 |
commit | 89fe88168e2a1284e2e2b2601de4c65decd8f988 (patch) | |
tree | 15f2221e2a1aec70c9d08fc2a7c3f55a01b8d5a8 /catalog-fe | |
parent | a86a4ceff920f3362ac8f171c7d7e05881fe4931 (diff) |
fix security vulnerability
Issue-ID: SDC-3607
Signed-off-by: aribeiro <anderson.ribeiro@est.tech>
Change-Id: I935898fcf1ae74dc8f162153ff2cf4744b8f2f99
Diffstat (limited to 'catalog-fe')
-rw-r--r-- | catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java index 64b8cb1e69..6378b996cf 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java @@ -37,6 +37,7 @@ import org.onap.sdc.security.AuthenticationCookie; import org.onap.sdc.security.RepresentationUtils; import org.openecomp.sdc.common.impl.MutableHttpServletRequest; import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.common.util.ValidationUtils; import org.openecomp.sdc.fe.Constants; import org.openecomp.sdc.fe.config.Configuration; import org.openecomp.sdc.fe.config.ConfigurationManager; @@ -242,12 +243,12 @@ public class PortalServlet extends HttpServlet { * @param request * @param headers */ - private void addCookies(HttpServletResponse response, HttpServletRequest request, String[] headers) { - for (int i = 0; i < headers.length; i++) { - String currHeader = headers[i]; - String headerValue = request.getHeader(currHeader); + private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) { + for (var i = 0; i < headers.length; i++) { + final var currHeader = ValidationUtils.sanitizeInputString(headers[i]); + final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader)); if (headerValue != null) { - final Cookie cookie = new Cookie(currHeader, headerValue); + final var cookie = new Cookie(currHeader, headerValue); cookie.setSecure(true); response.addCookie(cookie); } |