diff options
author | aribeiro <anderson.ribeiro@est.tech> | 2021-02-15 17:24:11 +0000 |
---|---|---|
committer | Christophe Closset <christophe.closset@intl.att.com> | 2021-03-16 13:27:37 +0000 |
commit | 7010ea90e14305837a30764db8a5e4bc1338e378 (patch) | |
tree | 31a674fad95261e123e1cd2348f24c11f51373c4 /catalog-ui | |
parent | 77680c6f9d99adcf5c6a97380043f1d86b0d46fa (diff) |
Fix Security Vulnerabilities
Issue-ID: SDC-3500
Signed-off-by: aribeiro <anderson.ribeiro@est.tech>
Change-Id: I3fa2ed2bc3a170d8256fbc91c98bbfbaf5c0a403
Diffstat (limited to 'catalog-ui')
-rw-r--r-- | catalog-ui/src/app/models/components/component.ts | 2 | ||||
-rw-r--r-- | catalog-ui/src/app/services/components/component-service.ts | 52 | ||||
-rw-r--r-- | catalog-ui/src/app/utils/validation-utils.ts | 5 |
3 files changed, 46 insertions, 13 deletions
diff --git a/catalog-ui/src/app/models/components/component.ts b/catalog-ui/src/app/models/components/component.ts index 1d48151be8..f787142460 100644 --- a/catalog-ui/src/app/models/components/component.ts +++ b/catalog-ui/src/app/models/components/component.ts @@ -247,7 +247,7 @@ export abstract class Component implements IComponent { let onError = (error:any):void => { deferred.reject(error); }; - this.componentService.changeLifecycleState(this, state, JSON.stringify(commentObj)).then(onSuccess, onError); + this.componentService.changeLifecycleState(this, state, commentObj).then(onSuccess, onError); return deferred.promise; }; diff --git a/catalog-ui/src/app/services/components/component-service.ts b/catalog-ui/src/app/services/components/component-service.ts index f22562f439..47eec26a77 100644 --- a/catalog-ui/src/app/services/components/component-service.ts +++ b/catalog-ui/src/app/services/components/component-service.ts @@ -19,8 +19,25 @@ */ 'use strict'; import * as _ from "lodash"; -import {ArtifactModel, IFileDownload, InstancesInputsPropertiesMap, InputModel, IValidate, RelationshipModel, PropertyModel, Component, ComponentInstance, - AttributeModel, IAppConfigurtaion, Resource, Module, DisplayModule, ArtifactGroupModel, InputsAndProperties} from "app/models"; +import { + ArtifactModel, + IFileDownload, + InstancesInputsPropertiesMap, + InputModel, + IValidate, + RelationshipModel, + PropertyModel, + Component, + ComponentInstance, + AttributeModel, + IAppConfigurtaion, + Resource, + Module, + DisplayModule, + ArtifactGroupModel, + InputsAndProperties, + AsdcComment +} from "app/models"; import {ComponentInstanceFactory, CommonUtils} from "app/utils"; import {SharingService} from "app/services-ng2"; import {ComponentMetadata} from "../../models/component-metadata"; @@ -29,7 +46,7 @@ export interface IComponentService { getComponent(id:string); updateComponent(component:Component):ng.IPromise<Component>; - changeLifecycleState(component:Component, state:string, userRemarks:any):ng.IPromise<ComponentMetadata> ; + changeLifecycleState(component:Component, state:string, userRemarks:AsdcComment):ng.IPromise<ComponentMetadata> ; validateName(newName:string, subtype?:string):ng.IPromise<IValidate>; createComponent(component:Component):ng.IPromise<Component>; //importComponent @@ -233,15 +250,28 @@ export class ComponentService implements IComponentService { return deferred.promise; }; - public changeLifecycleState = (component:Component, state:string, userRemarks:any):ng.IPromise<ComponentMetadata> => { + public changeLifecycleState = (component:Component, state:string, commentObj:AsdcComment):ng.IPromise<ComponentMetadata> => { let deferred = this.$q.defer<ComponentMetadata>(); - this.restangular.one(component.uniqueId).one(state).customPOST(userRemarks).then((response:ComponentMetadata) => { - this.sharingService.addUuidValue(response.uniqueId, response.uuid); - let component:ComponentMetadata = new ComponentMetadata().deserialize(response); - deferred.resolve(component); - }, (err)=> { - deferred.reject(err); - }); + let headerObj = {}; + if (commentObj.userRemarks) { + headerObj = this.getHeaderMd5(commentObj); + this.restangular.one(component.uniqueId).one(state).customPOST(JSON.stringify(commentObj), '', {}, headerObj) + .then((response:ComponentMetadata) => { + this.sharingService.addUuidValue(response.uniqueId, response.uuid); + let component:ComponentMetadata = new ComponentMetadata().deserialize(response); + deferred.resolve(component); + }, (err)=> { + deferred.reject(err); + }); + } else { + this.restangular.one(component.uniqueId).one(state).customPOST().then((response:ComponentMetadata) => { + this.sharingService.addUuidValue(response.uniqueId, response.uuid); + let component:ComponentMetadata = new ComponentMetadata().deserialize(response); + deferred.resolve(component); + }, (err)=> { + deferred.reject(err); + }); + } return deferred.promise; }; diff --git a/catalog-ui/src/app/utils/validation-utils.ts b/catalog-ui/src/app/utils/validation-utils.ts index b7e43f79ba..bcb49d8b89 100644 --- a/catalog-ui/src/app/utils/validation-utils.ts +++ b/catalog-ui/src/app/utils/validation-utils.ts @@ -64,7 +64,10 @@ export class ValidationUtils { if (!text) { return null; } - return text.replace(/\s+/g, ' ').replace(/%[A-Fa-f0-9]{2}/g, '').trim(); + return text.replace(/\s+/g, ' ').replace(/%[A-Fa-f0-9]{2}/g, '') + .replace(/&/g, "&").replace(/>/g, ">") + .replace(/</g, "<").replace(/"/g, """) + .replace(/'/g, "'").trim(); } public getValidationPattern = (validationType:string, parameterType?:string):RegExp => { |