From 7c8f40bc6df4a5a4d5822e48ecbe5ebe6a0d251a Mon Sep 17 00:00:00 2001 From: aribeiro Date: Mon, 9 Aug 2021 22:08:42 +0100 Subject: Fix critical cross site scripting xss (cross site scripting) issue identified in sonarcloud Issue-ID: SDC-3607 Signed-off-by: aribeiro Change-Id: I729f14587154a02759ec62d5134cd115ac6eff38 --- .../src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'catalog-fe/src/main/java') diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java index 6378b996cf..97c4ac60fa 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java @@ -113,7 +113,7 @@ public class PortalServlet extends HttpServlet { * @throws IOException */ private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response) - throws ServletException, IOException { + throws ServletException, IOException, CipherUtilException { response.setContentType("text/html"); // Create new request object to dispatch MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request); @@ -243,12 +243,13 @@ public class PortalServlet extends HttpServlet { * @param request * @param headers */ - private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) { + private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) + throws CipherUtilException { for (var i = 0; i < headers.length; i++) { final var currHeader = ValidationUtils.sanitizeInputString(headers[i]); final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader)); if (headerValue != null) { - final var cookie = new Cookie(currHeader, headerValue); + final var cookie = new Cookie(currHeader, CipherUtil.encryptPKC(headerValue)); cookie.setSecure(true); response.addCookie(cookie); } -- cgit 1.2.3-korg