-
Bug
-
Resolution: Done
-
Highest
-
Istanbul Release
Sonarcloud identified the following security bugs in your project and, as agreed by the TSC, should be fixed within the Istanbul release. Any not finished in Istanbul must be fixed within the Jakarta release. Follow each of the URLs for details on each each bug, along with recommended fixes.
The verification URL for these issues will be <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=xss&projects=onap_aaf-authz>.
If any of the links below fail, please find your code on the master list found at <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=xss>.
Project: onap_aaf-authz
Component: onap_aaf-authz:auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
Message: Change this code to not place user-controlled data in the header.
Severity: CRITICAL
Line: 224
Effort: 30min
Creation-Date: 2020-08-04T02:54:55+0200
URL: https://sonarcloud.io/project/issues?id=onap_aaf-authz&issues=AXO2-Xx8n0BNPpj1Wj5z&open=AXO2-Xx8n0BNPpj1Wj5z
Project: onap_aaf-authz
Component: onap_aaf-authz:auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
Message: Change this code to not reflect user-controlled data.
Severity: BLOCKER
Line: 73
Effort: 30min
Creation-Date: 2020-07-30T02:55:00+0200
URL: https://sonarcloud.io/project/issues?id=onap_aaf-authz&issues=AXOdOdf-GR10QreeQhOn&open=AXOdOdf-GR10QreeQhOn
Project: onap_aaf-authz
Component: onap_aaf-authz:auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
Message: Change this code to not reflect user-controlled data.
Severity: BLOCKER
Line: 85
Effort: 30min
Creation-Date: 2020-07-30T02:55:00+0200
URL: https://sonarcloud.io/project/issues?id=onap_aaf-authz&issues=AXOdOdf-GR10QreeQhOl&open=AXOdOdf-GR10QreeQhOl
Project: onap_aaf-authz
Component: onap_aaf-authz:auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
Message: Change this code to not reflect user-controlled data.
Severity: BLOCKER
Line: 147
Effort: 30min
Creation-Date: 2020-07-30T02:55:00+0200
URL: https://sonarcloud.io/project/issues?id=onap_aaf-authz&issues=AXOdOdf-GR10QreeQhOm&open=AXOdOdf-GR10QreeQhOm
Project: onap_aaf-authz
Component: onap_aaf-authz:misc/xgen/src/main/java/org/onap/aaf/misc/xgen/XGen.java
Message: Change this code to not reflect user-controlled data.
Severity: BLOCKER
Line: 155
Effort: 30min
Creation-Date: 2021-02-23T01:52:36+0100
URL: https://sonarcloud.io/project/issues?id=onap_aaf-authz&issues=AXfMYYBMvqNLFAURbowM&open=AXfMYYBMvqNLFAURbowM
- clones
-
AAI-3345 fix CRITICAL xss (cross site scripting) issues identified in sonarcloud
- Closed
- is cloned by
-
SDC-3608 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
- relates to
-
REQ-443 CONTINUATION OF BEST PRACTICES BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL
- In Progress