aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-fe
diff options
context:
space:
mode:
authoraribeiro <anderson.ribeiro@est.tech>2021-07-23 15:10:54 +0100
committerMichael Morris <michael.morris@est.tech>2021-07-29 15:07:08 +0000
commit89fe88168e2a1284e2e2b2601de4c65decd8f988 (patch)
tree15f2221e2a1aec70c9d08fc2a7c3f55a01b8d5a8 /catalog-fe
parenta86a4ceff920f3362ac8f171c7d7e05881fe4931 (diff)
fix security vulnerability
Issue-ID: SDC-3607 Signed-off-by: aribeiro <anderson.ribeiro@est.tech> Change-Id: I935898fcf1ae74dc8f162153ff2cf4744b8f2f99
Diffstat (limited to 'catalog-fe')
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java11
1 files changed, 6 insertions, 5 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
index 64b8cb1e69..6378b996cf 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
@@ -37,6 +37,7 @@ import org.onap.sdc.security.AuthenticationCookie;
import org.onap.sdc.security.RepresentationUtils;
import org.openecomp.sdc.common.impl.MutableHttpServletRequest;
import org.openecomp.sdc.common.log.wrappers.Logger;
+import org.openecomp.sdc.common.util.ValidationUtils;
import org.openecomp.sdc.fe.Constants;
import org.openecomp.sdc.fe.config.Configuration;
import org.openecomp.sdc.fe.config.ConfigurationManager;
@@ -242,12 +243,12 @@ public class PortalServlet extends HttpServlet {
* @param request
* @param headers
*/
- private void addCookies(HttpServletResponse response, HttpServletRequest request, String[] headers) {
- for (int i = 0; i < headers.length; i++) {
- String currHeader = headers[i];
- String headerValue = request.getHeader(currHeader);
+ private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) {
+ for (var i = 0; i < headers.length; i++) {
+ final var currHeader = ValidationUtils.sanitizeInputString(headers[i]);
+ final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader));
if (headerValue != null) {
- final Cookie cookie = new Cookie(currHeader, headerValue);
+ final var cookie = new Cookie(currHeader, headerValue);
cookie.setSecure(true);
response.addCookie(cookie);
}