Added new modules to help prevent Cross Site Request Forgery

Made changes to prevent arbitrary code exection on AdmPortal. Issue-ID: OJSI-40 Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
author: Rotundo, Al (ar3165) <ar3165@att.com> 2019-07-31 14:46:56 +0000
committer: Timoney, Dan (dt5972) <dtimoney@att.com> 2019-07-31 14:31:07 -0400
commit: 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch)
tree: 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/app.js
parent: 33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/admportal/server/app.js b/admportal/server/app.js
index 33cdb64f..898645e8 100644
--- a/admportal/server/app.js
+++ b/admportal/server/app.js
@@ -8,6 +8,7 @@ var PropertiesReader = require('properties-reader');
 var properties = PropertiesReader(process.argv[2]); //property file passed
 var morgan = require('morgan');
 var _ = require('lodash');
+var expressSanitizer = require('express-sanitizer');
 //var multer = require('multer');
 //var done=false;
 
@@ -47,6 +48,9 @@ app.use(bodyParser.urlencoded({
   extended: true
 }));
 
+// mount express-sanitizer here
+app.use(expressSanitizer()); // this line needs to follow bodyParser
+
 app.use(accesslog); // http access log
 app.use(express.static(process.cwd() + '/public')); // static files
author	Rotundo, Al (ar3165) <ar3165@att.com>	2019-07-31 14:46:56 +0000
committer	Timoney, Dan (dt5972) <dtimoney@att.com>	2019-07-31 14:31:07 -0400
commit	18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch)
tree	39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/app.js
parent	33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff)