fixing security issues found in onap admportal

changed exec command to spawn command to prevent arbitray code execution Issue-ID: SDNC-978 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Change-Id: I4487b5c7a14d7a7b1e4985b89e646cf6801845e0 Former-commit-id: 484d74555c481f055a7f33909071962cace85aa0
author: Rotundo, Al (ar3165) <ar3165@att.com> 2019-11-22 15:07:18 +0000
committer: Rotundo, Al (ar3165) <ar3165@att.com> 2019-11-22 15:07:18 +0000
commit: 6d9e9c449782cbf560a0dd591509c596326b8bf0 (patch)
tree: de91df55c586e26db0ac16a1acdc995c53629485 /admportal/server/router/routes/mobility.js
parent: 34f2213be95352e1643bbeaadfe5723fbddf1c35 (diff)
1 files changed, 7 insertions, 14 deletions
diff --git a/admportal/server/router/routes/mobility.js b/admportal/server/router/routes/mobility.js
index cd798dc8..8b5adabd 100644
--- a/admportal/server/router/routes/mobility.js
+++ b/admportal/server/router/routes/mobility.js
@@ -195,8 +195,7 @@ router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res
 
 	// if successful then update the status
 	tasks.push(function(arg1,callback){
-		dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
-            + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
+		dbRoutes.updatePreloadStatus("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve'",req,res,callback);
 	});
 
 	// use the waterfall method of making calls
@@ -220,7 +219,7 @@ router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res
 router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res) 
 {
 	var privilegeObj = req.session.loggedInAdmin;
-	var full_path_file_name = process.cwd() + "/uploads/" + req.query.filename
+	var full_path_file_name = process.cwd() + "/uploads/" + req.sanitize(req.query.filename)
   var msgArray = new Array();
 
 	if ( req.query.status != 'pending' )
@@ -234,7 +233,7 @@ router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res)
 	var now = new Date();
 	var df = dateFormat(now,"isoDateTime");
 	const rnum = crypto.randomBytes(4);
-	var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');
+	var svc_req_id = req.sanitize(req.query.id) + "-" + df + "-" + rnum.toString('hex');
 	var tasks = [];
 
 	// first get the contents of the file from the db
@@ -272,8 +271,7 @@ router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res)
 
 	// if successful then update the status
 	tasks.push(function(arg1,callback){
-		dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
-			+ svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
+		dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve'",req,res,callback);
 	});
 
 	// use the waterfall method of making calls
@@ -298,13 +296,12 @@ router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection
 
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
-    var sql = 'DELETE FROM PRE_LOAD_VNF_NETWORK_DATA WHERE id=' + req.query.id;
 
     // if status is pending, then we do not have to call
     // ODL, just remove from db
     if (req.query.status == 'pending'){
         tasks.push(function(callback) {
-            dbRoutes.executeSQL(sql,req,res,callback);
+            dbRoutes.deleteVnfNetworkData(req,res,callback);
         });
     } else {
 		// format the request to ODL
@@ -349,17 +346,14 @@ router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection
 
 router.get('/deleteVnfData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
 
-console.log('deleteVnfData');
-
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
-    var sql = 'DELETE FROM PRE_LOAD_VNF_DATA WHERE id=' + req.query.id;
 
     // if status is pending, then we do not have to call
     // ODL, just remove from db
     if (req.query.status == 'pending'){
         tasks.push(function(callback) {
-            dbRoutes.executeSQL(sql,req,res,callback);
+            dbRoutes.deleteVnfData(req,res,callback);
         });
     } else {
 			var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
@@ -448,10 +442,9 @@ router.get('/deleteVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, fu
     var tasks = [];
     var sql = '';
 
-    sql = "DELETE FROM VNF_PROFILE WHERE vnf_type='" + req.query.vnf_type + "'";
 
     tasks.push(function(callback) {
-        dbRoutes.executeSQL(sql,req,res,callback);
+        dbRoutes.deleteVnfProfile(req,res,callback);
     });
     async.series(tasks, function(err,result)
     {
author	Rotundo, Al (ar3165) <ar3165@att.com>	2019-11-22 15:07:18 +0000
committer	Rotundo, Al (ar3165) <ar3165@att.com>	2019-11-22 15:07:18 +0000
commit	6d9e9c449782cbf560a0dd591509c596326b8bf0 (patch)
tree	de91df55c586e26db0ac16a1acdc995c53629485 /admportal/server/router/routes/mobility.js
parent	34f2213be95352e1643bbeaadfe5723fbddf1c35 (diff)