From 2bb9251043b543bb5005b7cf9af6ac4f58a0f733 Mon Sep 17 00:00:00 2001
From: "Smokowski, Steve (ss835w)" <ss835w@us.att.com>
Date: Wed, 5 Dec 2018 08:30:51 -0500
Subject: Resolve Security Exploits

normalize all file paths before using them

Change-Id: I67aaa00d7218b95dde96f3679efe92c3c0cd33f9
Issue-ID: SO-1275
Signed-off-by: Smokowski, Steve (ss835w) <ss835w@us.att.com>
---
 common/src/main/java/org/onap/so/client/RestClientSSL.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'common/src/main')

diff --git a/common/src/main/java/org/onap/so/client/RestClientSSL.java b/common/src/main/java/org/onap/so/client/RestClientSSL.java
index ac4a8d1a7c..8369eba859 100644
--- a/common/src/main/java/org/onap/so/client/RestClientSSL.java
+++ b/common/src/main/java/org/onap/so/client/RestClientSSL.java
@@ -22,6 +22,7 @@ package org.onap.so.client;
 
 import java.io.FileInputStream;
 import java.net.URI;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
 import java.util.Optional;
@@ -72,7 +73,7 @@ public abstract class RestClientSSL extends RestClient {
 	private KeyStore getKeyStore() {
 		KeyStore ks = null;
 	    char[] password = System.getProperty(RestClientSSL.SSL_KEY_STORE_PASSWORD_KEY).toCharArray();
-	    try(FileInputStream fis = new FileInputStream(System.getProperty(RestClientSSL.SSL_KEY_STORE_KEY))) {
+	    try(FileInputStream fis = new FileInputStream(Paths.get(System.getProperty(RestClientSSL.SSL_KEY_STORE_KEY)).normalize().toString())) {
 	    	ks = KeyStore.getInstance(KeyStore.getDefaultType());
 	        
 	        ks.load(fis, password);
-- 
cgit 1.2.3-korg