Fix Security Vulnerabilities
Issue-ID: SDC-3500
Signed-off-by: aribeiro <anderson.ribeiro@est.tech>
Change-Id: I3fa2ed2bc3a170d8256fbc91c98bbfbaf5c0a403
diff --git a/catalog-ui/src/app/models/components/component.ts b/catalog-ui/src/app/models/components/component.ts
index 1d48151..f787142 100644
--- a/catalog-ui/src/app/models/components/component.ts
+++ b/catalog-ui/src/app/models/components/component.ts
@@ -247,7 +247,7 @@
let onError = (error:any):void => {
deferred.reject(error);
};
- this.componentService.changeLifecycleState(this, state, JSON.stringify(commentObj)).then(onSuccess, onError);
+ this.componentService.changeLifecycleState(this, state, commentObj).then(onSuccess, onError);
return deferred.promise;
};
diff --git a/catalog-ui/src/app/services/components/component-service.ts b/catalog-ui/src/app/services/components/component-service.ts
index f22562f..47eec26 100644
--- a/catalog-ui/src/app/services/components/component-service.ts
+++ b/catalog-ui/src/app/services/components/component-service.ts
@@ -19,8 +19,25 @@
*/
'use strict';
import * as _ from "lodash";
-import {ArtifactModel, IFileDownload, InstancesInputsPropertiesMap, InputModel, IValidate, RelationshipModel, PropertyModel, Component, ComponentInstance,
- AttributeModel, IAppConfigurtaion, Resource, Module, DisplayModule, ArtifactGroupModel, InputsAndProperties} from "app/models";
+import {
+ ArtifactModel,
+ IFileDownload,
+ InstancesInputsPropertiesMap,
+ InputModel,
+ IValidate,
+ RelationshipModel,
+ PropertyModel,
+ Component,
+ ComponentInstance,
+ AttributeModel,
+ IAppConfigurtaion,
+ Resource,
+ Module,
+ DisplayModule,
+ ArtifactGroupModel,
+ InputsAndProperties,
+ AsdcComment
+} from "app/models";
import {ComponentInstanceFactory, CommonUtils} from "app/utils";
import {SharingService} from "app/services-ng2";
import {ComponentMetadata} from "../../models/component-metadata";
@@ -29,7 +46,7 @@
getComponent(id:string);
updateComponent(component:Component):ng.IPromise<Component>;
- changeLifecycleState(component:Component, state:string, userRemarks:any):ng.IPromise<ComponentMetadata> ;
+ changeLifecycleState(component:Component, state:string, userRemarks:AsdcComment):ng.IPromise<ComponentMetadata> ;
validateName(newName:string, subtype?:string):ng.IPromise<IValidate>;
createComponent(component:Component):ng.IPromise<Component>;
//importComponent
@@ -233,15 +250,28 @@
return deferred.promise;
};
- public changeLifecycleState = (component:Component, state:string, userRemarks:any):ng.IPromise<ComponentMetadata> => {
+ public changeLifecycleState = (component:Component, state:string, commentObj:AsdcComment):ng.IPromise<ComponentMetadata> => {
let deferred = this.$q.defer<ComponentMetadata>();
- this.restangular.one(component.uniqueId).one(state).customPOST(userRemarks).then((response:ComponentMetadata) => {
- this.sharingService.addUuidValue(response.uniqueId, response.uuid);
- let component:ComponentMetadata = new ComponentMetadata().deserialize(response);
- deferred.resolve(component);
- }, (err)=> {
- deferred.reject(err);
- });
+ let headerObj = {};
+ if (commentObj.userRemarks) {
+ headerObj = this.getHeaderMd5(commentObj);
+ this.restangular.one(component.uniqueId).one(state).customPOST(JSON.stringify(commentObj), '', {}, headerObj)
+ .then((response:ComponentMetadata) => {
+ this.sharingService.addUuidValue(response.uniqueId, response.uuid);
+ let component:ComponentMetadata = new ComponentMetadata().deserialize(response);
+ deferred.resolve(component);
+ }, (err)=> {
+ deferred.reject(err);
+ });
+ } else {
+ this.restangular.one(component.uniqueId).one(state).customPOST().then((response:ComponentMetadata) => {
+ this.sharingService.addUuidValue(response.uniqueId, response.uuid);
+ let component:ComponentMetadata = new ComponentMetadata().deserialize(response);
+ deferred.resolve(component);
+ }, (err)=> {
+ deferred.reject(err);
+ });
+ }
return deferred.promise;
};
diff --git a/catalog-ui/src/app/utils/validation-utils.ts b/catalog-ui/src/app/utils/validation-utils.ts
index b7e43f7..bcb49d8 100644
--- a/catalog-ui/src/app/utils/validation-utils.ts
+++ b/catalog-ui/src/app/utils/validation-utils.ts
@@ -64,7 +64,10 @@
if (!text) {
return null;
}
- return text.replace(/\s+/g, ' ').replace(/%[A-Fa-f0-9]{2}/g, '').trim();
+ return text.replace(/\s+/g, ' ').replace(/%[A-Fa-f0-9]{2}/g, '')
+ .replace(/&/g, "&").replace(/>/g, ">")
+ .replace(/</g, "<").replace(/"/g, """)
+ .replace(/'/g, "'").trim();
}
public getValidationPattern = (validationType:string, parameterType?:string):RegExp => {