summaryrefslogtreecommitdiffstats
path: root/catalog-fe/src/main
AgeCommit message (Collapse)AuthorFilesLines
2022-10-18Fix security risk 'Improper Input Validation'vasraz1-0/+70
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I6a52148aec3b567db43ec57109214e52d106f73c Issue-ID: SDC-4189
2022-10-04Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection'vasraz2-18/+49
Add new Filter (ContentSecurityPolicyHeaderFilter) Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87 Issue-ID: SDC-4192
2022-09-08Fix high-severity bug 'application exposed to path traversal attack'vasraz1-112/+118
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I7f4b1e8d083cc39f8e57dcedddecc6af56fdc9c2 Issue-ID: SDC-4169
2022-04-26Replace deprecated GEventEvaluator with JaninoEventEvaluatorvasraz1-4/+2
Change-Id: I21bfd0aaa66a32ecc1755cbe1efd78b0cd4254cf Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3984
2022-03-07Update esapi dependency for sec vulnerabilityMichaelMorris1-1/+3
Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-3895 Change-Id: I457f6865f081faf9474e2f63006b339b7c1512ea
2022-02-28Increase FE timoutvasraz1-8/+9
Change-Id: Id25eb2931119404a90a48ee7a50b286c975a6f82 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3886
2022-02-26Implement improved MinIo clientvasraz1-1/+1
Change-Id: Ic9abd6b0bdaa17e9deff2279a64416d81f7ad606 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3886
2021-11-15Fix critical cross site scriptingvasraz1-7/+7
Change-Id: I66a220f71a2e950055107a725191b46bcbe8c6a6 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3607 Issue-ID: SDC-3755
2021-10-12Revert "Fix critical cross site scripting"vasraz1-4/+3
This reverts commit 7c8f40bc6df4a5a4d5822e48ecbe5ebe6a0d251a. Change-Id: I5719e82cffd36a21f265217265acf7eac060124b Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3755
2021-08-11Fix critical cross site scriptingaribeiro1-3/+4
xss (cross site scripting) issue identified in sonarcloud Issue-ID: SDC-3607 Signed-off-by: aribeiro <anderson.ribeiro@est.tech> Change-Id: I729f14587154a02759ec62d5134cd115ac6eff38
2021-07-29fix security vulnerabilityaribeiro1-5/+6
Issue-ID: SDC-3607 Signed-off-by: aribeiro <anderson.ribeiro@est.tech> Change-Id: I935898fcf1ae74dc8f162153ff2cf4744b8f2f99
2021-04-12Fix weak-cryptography issuesxuegao2-118/+1
Load the truststore/keystore of our own instead of using the default one. Issue-ID: SDC-3495 Change-Id: I0ecd764d5198480a065fd38299cc9ff9da66af29 Signed-off-by: xuegao <xue.gao@intl.att.com>
2021-03-29Reformat catalog-fevasraz23-826/+596
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3449 Change-Id: Ic4c34262e5cb4e5851af493400ccc01af5684a18
2021-03-18Improve test coveragevasraz1-1/+1
Use Lombok annotations to improve test coverage Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Iaaed0023960cfe0a31e1b50fb868196ab488cb4c Issue-ID: SDC-3428
2021-03-16Remove unused dcae-be healthcheckChrisC1-34/+1
Remove DCAE-DS backend Healthchecks that are noisy in the logs DCAE-DS was sunset in G release Issue-ID: SDC-3514 Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: Iad9d6738ec813be9b87766ed189deda34e711ab1
2021-02-03Fix potential NPExuegao1-1/+2
Fix the potentail NPE in FeProxyServlet. Issue-ID: SDC-3451 Signed-off-by: xuegao <xue.gao@intl.att.com> Change-Id: I156e33c92882a264b98ea9e476382ae90a3befd4
2021-01-20Remove dead codeJulienBe2-10/+4
Remove unused variables Remove unnecessary statements Issue-ID: SDC-3428 Signed-off-by: JulienBe <julien.bertozzi@intl.att.com> Change-Id: Iddc8ffdc141edd409d50f90c03cb6612f6ebf042 Signed-off-by: JulienBe <julien.bertozzi@intl.att.com>
2021-01-19Add basic authxuegao1-8/+15
Adding basic auth for SDC apis. Issue-ID: OJSI-90 Signed-off-by: xuegao <xue.gao@intl.att.com> Change-Id: Ie84e6bab8d8526f7f4d21a36bba52d8fe9abebbb Signed-off-by: xuegao <xue.gao@intl.att.com>
2020-10-30Remove the Log4j 1.2.15sebdet1-1/+1
Remove the log4j 1.2.15 brought by Sigar library + update ESAPI to support slf4J instead of log4j Issue-ID: SDC-3310 Signed-off-by: sebdet <sebastien.determe@intl.att.com> Change-Id: I63cee67d113f51dbe82a64c69629c62b47918103 Signed-off-by: sebdet <sebastien.determe@intl.att.com>
2020-05-05Setting default store types when not defined in configuration for init of ↵ilanap1-3/+4
https client Issue-ID: SDC-2962 Signed-off-by: ilanap <ilanap@amdocs.com> Change-Id: I9d88031c7d20951a4a77138340b1ddc26f47c0b6 Signed-off-by: ilanap <ilanap@amdocs.com>
2020-04-21Fix 404 in sdc-FE calls to workflowandre.schmid1-11/+12
Fixes webpack workflow proxy configuration. Fixes FE proxy while rewriting URLs to workflow plugin. Fixes compilation problems to run locally the catalog-ui. Change-Id: I89f3f46bd8ce0159713b1d0d957a2e75f8a3d062 Issue-ID: SDC-2943 Signed-off-by: andre.schmid <andre.schmid@est.tech>
2020-04-21Fix catalog-fe plugin online checkingandre.schmid1-0/+452
ESAPI encoder cannot be loaded due to a missing ESAPI.properties file in path, which causes an exception and breaks the online checking call. The plugin is always shown as offline. Change-Id: I05088d200e9a1bea1de2e00c07d5bbf6e3a67d41 Issue-ID: SDC-2945 Signed-off-by: andre.schmid <andre.schmid@est.tech>
2020-04-19Removed explicit references to exceptions in log messagesChris André1-1/+1
Issue-ID: SDC-2884 Change-Id: I6f3e9503922cc3a4f4049fced8d23cede7b0455a Signed-off-by: Chris Andre <chris.andre@yoppworks.com>
2020-03-30Initial fix for https call to pluginsilanap2-3/+185
Creates an http/https client to check whether plugin is online. missing UI fixes still Issue-ID: SDC-2843 Signed-off-by: ilanap <ilanap@amdocs.com> Change-Id: I06ee08c73881c8a8c458198f9b6a0f9df1021f52 Signed-off-by: ilanap <ilanap@amdocs.com>
2020-03-12Disable SecurityFilterOfir Sonsino2-15/+16
Bumping version to 1.7.0 Change-Id: I041bb5ce967b687e10be97dbbaa3ba1d119d13ff Issue-ID: SDC-2825 Signed-off-by: Ofir Sonsino <os0695@intl.att.com>
2020-03-11portal url fixOfir Sonsino1-2/+2
Change-Id: Iab8c7cd48f7210d1833928e7ea075e2221db94c7 Issue-ID: SDC-2799 Signed-off-by: Ofir Sonsino <os0695@intl.att.com>
2020-03-05portal and cadi properties fixOfir Sonsino1-2/+1
Change-Id: Id83f0ddd1846e4887d1d5a7c3fb5bf8db406186a Issue-ID: SDC-2799 Signed-off-by: Ofir Sonsino <os0695@intl.att.com>
2020-01-22Catalog alignmentys969323-962/+1339
Issue-ID: SDC-2724 Signed-off-by: ys9693 <ys9693@att.com> Change-Id: I52b4aacb58cbd432ca0e1ff7ff1f7dd52099c6fe
2019-12-18Revert "Add Option to proxy to plugins"aribeiro1-80/+36
This reverts commit ee4c4d72 Issue-ID: SDC-2648 Change-Id: I1f6cba80d3fb803530573c75f2fc54ca207e768a Signed-off-by: aribeiro <anderson.ribeiro@est.tech>
2019-12-05Add Option to proxy to pluginsilanap1-36/+80
Added option to proxy the plugins throught the catalog proxy. Remove hardcoded redirect to workflow and added to the plugin configuration. Issue-ID: SDC-2691 Signed-off-by: ilanap <ilanap@amdocs.com> Change-Id: Ica479ff00e1a8c281b9280b5495ac022172775c4 Signed-off-by: ilanap <ilanap@amdocs.com>
2019-12-01Fix Security Hotspots issuesvasraz1-2/+6
Change-Id: Icc45769cff71c8153c0afba6e2363b0399144175 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-2671
2019-12-01Sonar fixes for API to retrieve UI configurationilanap1-6/+8
Added configuration file with the menu configuration from catalog-ui. Added to the configuration manager. to chef and to the ui rest APIs. Issue-ID: SDC-2663 Signed-off-by: ilanap <ilanap@amdocs.com> Change-Id: I032a7666f470e7d4797a555470bf9eb4a43cfcc4
2019-11-27Add API to retrieve UI configurationilanap1-0/+35
Added configuration file with the menu configuration from catalog-ui. Added to the configuration manager. to chef and to the ui rest APIs. Issue-ID: SDC-2663 Signed-off-by: ilanap <ilanap@amdocs.com> Change-Id: Ia5e014a273238981241821c0d81b0455bd662b28 Signed-off-by: ilanap <ilanap@amdocs.com>
2019-08-26Fully HTTPS support in the catalog-fek.kedron2-12/+51
Fully HTTPS support: -Updated jvm configuration to support call to the SDC components using HTTPS. -Checkstyle in the recipes -Added buildRestClient method to create the CloseableHttpClient supporting the SSL connection -Sonar fixes in the PluginStatusBL class Issue-ID: SDC-2516 Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com> Change-Id: I35b9e22026898d2cc67a4b2d86d9d508a33fcb59
2019-08-05Additional unit testsTomasz Golabek2-1/+5
Some tests for catalog-fe Change-Id: I383021c7d1e85131adebd559e4763e12e36cba67 Issue-ID: SDC-2326 Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>
2019-07-17fixing warnings from checkstyle in catalog-feBartosz Gardziejewski20-813/+820
Issue-ID: SDC-2454 Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> Change-Id: I1fbeccb8c661233b81fea787457631f4a898fd46
2019-07-11Added oparent to sdc mainTomasz Golabek4-2/+82
Removed errors regarding to a missing license and others. Started locally and executed basic api tests Change-Id: Iea37613defc97f7b40613d60c10990841cb2a209 Issue-ID: SDC-2419 Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>
2019-06-20Clean up MdcData and ImportMetadataTomasz Golabek3-118/+37
Removed duplicated class. Added assertions to check the logic. Change-Id: Ia953ee0c88d71214cf620cdd286f6ecdd3f3d26d Issue-ID: SDC-2326 Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>
2019-06-12Upgrade SDC from Titan to Janus Graphshrikantawachar1-1/+1
Upgrade SDC from Titan to Janus Graph Change-Id: I67fb8b8e60cc6751697bc5ff2f06754c92803786 Issue-ID: SDC-2296 Signed-off-by: shrikantawachar <shrikant.awachar@amdocs.com>
2019-06-02Added unit tests for KibanaServletPiotr Borelowski1-52/+53
Improve unit test coverage in sdc/catalog-fe Remove sonar code smells Issue-ID: SDC-2327 Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com> Change-Id: I365ec437e999d7e0505a9345268405ac26495762
2019-03-25fix a typoLiang Ding2-2/+2
retrive -- > retrieve Change-Id: Ic6bce5b991c042cc2d19f1f72dd827644111b105 Issue-ID: SDC-2207 Signed-off-by: Liang Ding <liang.ding@intel.com>
2019-02-14Update workflow contextshrikantawachar1-1/+1
Update workflow context Change-Id: I068b5dd66383cfef52e966abee5958f326df042c Issue-ID: SDC-2121 Signed-off-by: shrikantawachar <shrikant.awachar@amdocs.com>
2019-01-22Allow custom plugins in SDCshrikantawachar1-23/+0
Allow custom plugins in SDC Change-Id: I09475a4f795734f7911e24652560f7d41ddb8d14 Issue-ID: SDC-2022 Signed-off-by: shrikantawachar <shrikant.awachar@amdocs.com>
2018-11-07Error displayed on deleting VF/VFCTal Gitelman2-33/+7
- from Service Composition Change-Id: I48c2256b0584c69b94c870eefd834eaf2891f56d Issue-ID: SDC-1888 Signed-off-by: Tal Gitelman <tal.gitelman@att.com>
2018-11-02Access workflow from SDC in Portal1.3.2priyanshu1-1/+1
Access workflow from SDC in Portal Change-Id: I6c0b64d2ed009f1a51567d4b3f9053cde8116eac Issue-ID: SDC-1887 Signed-off-by: priyanshu <pagarwal@amdocs.com>
2018-10-17fix issue that the user id is not assigned.Michael Lando1-1/+1
Change-Id: I99f19ef5b385c83877b303e5a74c58fe5954c892 Issue-ID: SDC-1839 Signed-off-by: Michael Lando <michael.lando@intl.att.com>
2018-10-17Portal integrationKotta, Shireesha (sk434m)1-1/+1
Issue-ID: SDC-1749 Update SDC Portal integration decryption for userId Change-Id: Ibaa48057f272955e9711e48f4e74d62df2725b05 Signed-off-by: Kotta, Shireesha (sk434m) <shireesha.kotta@att.com>
2018-10-12update sdc portal integrationTal Gitelman2-5/+48
Change-Id: I6e17434f753c2eaa562da80c1eade8688601f510 Issue-ID: SDC-1749 Signed-off-by: Tal Gitelman <tg851x@intl.att.com>
2018-10-10Plugin load by the UIIdan Amit2-31/+79
Changed the original plugin API to only return the plugins list Changed the plugin Iframe to check if the plugin is online on every init Change-Id: I7916668de17c49a2639047ef243939889a933067 Issue-ID: SDC-1400 Signed-off-by: Idan Amit <ia096e@intl.att.com>
2018-08-20fix issue in ui loadMichael Lando2-1/+4
in case the plugin response is not valid json. Change-Id: Ib58158def846c14e85325c521b9b210f61e03ba3 Issue-ID: SDC-1666 Signed-off-by: Michael Lando <ml636r@att.com>