Fix Security Vulnerabilities

Issue-ID: SDC-3500 Signed-off-by: aribeiro <anderson.ribeiro@est.tech> Change-Id: I3fa2ed2bc3a170d8256fbc91c98bbfbaf5c0a403
author: aribeiro <anderson.ribeiro@est.tech> 2021-02-15 17:24:11 +0000
committer: Christophe Closset <christophe.closset@intl.att.com> 2021-03-16 13:27:37 +0000
commit: 7010ea90e14305837a30764db8a5e4bc1338e378 (patch)
tree: 31a674fad95261e123e1cd2348f24c11f51373c4 /catalog-ui
parent: 77680c6f9d99adcf5c6a97380043f1d86b0d46fa (diff)
3 files changed, 46 insertions, 13 deletions
diff --git a/catalog-ui/src/app/models/components/component.ts b/catalog-ui/src/app/models/components/component.ts
index 1d48151be8..f787142460 100644
--- a/catalog-ui/src/app/models/components/component.ts
+++ b/catalog-ui/src/app/models/components/component.ts
@@ -247,7 +247,7 @@ export abstract class Component implements IComponent {
         let onError = (error:any):void => {
             deferred.reject(error);
         };
-        this.componentService.changeLifecycleState(this, state, JSON.stringify(commentObj)).then(onSuccess, onError);
+        this.componentService.changeLifecycleState(this, state, commentObj).then(onSuccess, onError);
         return deferred.promise;
     };
 
diff --git a/catalog-ui/src/app/services/components/component-service.ts b/catalog-ui/src/app/services/components/component-service.ts
index f22562f439..47eec26a77 100644
--- a/catalog-ui/src/app/services/components/component-service.ts
+++ b/catalog-ui/src/app/services/components/component-service.ts
@@ -19,8 +19,25 @@
  */
 'use strict';
 import * as _ from "lodash";
-import {ArtifactModel, IFileDownload, InstancesInputsPropertiesMap, InputModel, IValidate, RelationshipModel, PropertyModel, Component, ComponentInstance,
-    AttributeModel, IAppConfigurtaion, Resource, Module, DisplayModule, ArtifactGroupModel, InputsAndProperties} from "app/models";
+import {
+    ArtifactModel,
+    IFileDownload,
+    InstancesInputsPropertiesMap,
+    InputModel,
+    IValidate,
+    RelationshipModel,
+    PropertyModel,
+    Component,
+    ComponentInstance,
+    AttributeModel,
+    IAppConfigurtaion,
+    Resource,
+    Module,
+    DisplayModule,
+    ArtifactGroupModel,
+    InputsAndProperties,
+    AsdcComment
+} from "app/models";
 import {ComponentInstanceFactory, CommonUtils} from "app/utils";
 import {SharingService} from "app/services-ng2";
 import {ComponentMetadata} from "../../models/component-metadata";
@@ -29,7 +46,7 @@ export interface IComponentService {
 
     getComponent(id:string);
     updateComponent(component:Component):ng.IPromise<Component>;
-    changeLifecycleState(component:Component, state:string, userRemarks:any):ng.IPromise<ComponentMetadata> ;
+    changeLifecycleState(component:Component, state:string, userRemarks:AsdcComment):ng.IPromise<ComponentMetadata> ;
     validateName(newName:string, subtype?:string):ng.IPromise<IValidate>;
     createComponent(component:Component):ng.IPromise<Component>;
     //importComponent
@@ -233,15 +250,28 @@ export class ComponentService implements IComponentService {
         return deferred.promise;
     };
 
-    public changeLifecycleState = (component:Component, state:string, userRemarks:any):ng.IPromise<ComponentMetadata> => {
+    public changeLifecycleState = (component:Component, state:string, commentObj:AsdcComment):ng.IPromise<ComponentMetadata> => {
         let deferred = this.$q.defer<ComponentMetadata>();
-        this.restangular.one(component.uniqueId).one(state).customPOST(userRemarks).then((response:ComponentMetadata) => {
-            this.sharingService.addUuidValue(response.uniqueId, response.uuid);
-            let component:ComponentMetadata = new ComponentMetadata().deserialize(response);
-            deferred.resolve(component);
-        }, (err)=> {
-            deferred.reject(err);
-        });
+        let headerObj = {};
+        if (commentObj.userRemarks) {
+            headerObj = this.getHeaderMd5(commentObj);
+            this.restangular.one(component.uniqueId).one(state).customPOST(JSON.stringify(commentObj), '', {}, headerObj)
+            .then((response:ComponentMetadata) => {
+                this.sharingService.addUuidValue(response.uniqueId, response.uuid);
+                let component:ComponentMetadata = new ComponentMetadata().deserialize(response);
+                deferred.resolve(component);
+            }, (err)=> {
+                deferred.reject(err);
+            });
+        } else {
+            this.restangular.one(component.uniqueId).one(state).customPOST().then((response:ComponentMetadata) => {
+                this.sharingService.addUuidValue(response.uniqueId, response.uuid);
+                let component:ComponentMetadata = new ComponentMetadata().deserialize(response);
+                deferred.resolve(component);
+            }, (err)=> {
+                deferred.reject(err);
+            });
+        }
         return deferred.promise;
     };
 
diff --git a/catalog-ui/src/app/utils/validation-utils.ts b/catalog-ui/src/app/utils/validation-utils.ts
index b7e43f79ba..bcb49d8b89 100644
--- a/catalog-ui/src/app/utils/validation-utils.ts
+++ b/catalog-ui/src/app/utils/validation-utils.ts
@@ -64,7 +64,10 @@ export class ValidationUtils {
         if (!text) {
             return null;
         }
-        return text.replace(/\s+/g, ' ').replace(/%[A-Fa-f0-9]{2}/g, '').trim();
+        return text.replace(/\s+/g, ' ').replace(/%[A-Fa-f0-9]{2}/g, '')
+        .replace(/&/g, "&amp;").replace(/>/g, "&gt;")
+        .replace(/</g, "&lt;").replace(/"/g, "&quot;")
+        .replace(/'/g, "&apos;").trim();
     }
 
     public getValidationPattern = (validationType:string, parameterType?:string):RegExp => {
author	aribeiro <anderson.ribeiro@est.tech>	2021-02-15 17:24:11 +0000
committer	Christophe Closset <christophe.closset@intl.att.com>	2021-03-16 13:27:37 +0000
commit	7010ea90e14305837a30764db8a5e4bc1338e378 (patch)
tree	31a674fad95261e123e1cd2348f24c11f51373c4 /catalog-ui
parent	77680c6f9d99adcf5c6a97380043f1d86b0d46fa (diff)