Sonarcloud identified the following security bugs in your project and, as agreed by the TSC, should be fixed within the Istanbul release. Any not finished in Istanbul must be fixed within the Jakarta release. Follow each of the URLs for details on each each bug, along with recommended fixes.

The verification URLs for these issues will be <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=xss&projects=onap_aai-search-data-service> and <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=xss&projects=onap_aai-aai-common>.
 
If any of the links below fail, please find your code on the master list found at <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=xss>.
 

Project: onap_aai-search-data-service
Component: onap_aai-search-data-service:search-data-service-app/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
Message: Change this code to not reflect user-controlled data.
Severity: BLOCKER
Line: 730
Effort: 30min
Creation-Date: 2018-09-21T13:56:25+0200
URL: https://sonarcloud.io/project/issues?id=onap_aai-search-data-service&issues=AXGfly3lqwu6yuMdgcWN&open=AXGfly3lqwu6yuMdgcWN

wreehil: Above is no longer being scanned (last was January since its deprecated) We will not address this 

Project: onap_aai-aai-common
Component: onap_aai-aai-common:aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java
Message: Change this code to not place user-controlled data in the header.
Severity: CRITICAL
Line: 50
Effort: 30min
Creation-Date: 2020-02-26T05:59:33+0100
URL: https://sonarcloud.io/project/issues?id=onap_aai-aai-common&issues=AXIxKp7BoGGFeVILYKIl&open=AXIxKp7BoGGFeVILYKIl