RHPAM-4719: Persistent Cross-Site Scripting (XSS) #1393
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@paulovmr @adrielparedes @tomasdavidorg Hello there, submitting early version of the PR for testing purposes, I am working on adding some tests in the meantime. Initial manual testing looks to be working well. |
|
jenkins execute compile downstream build |
|
jenkins do fdb |
|
jenkins do cdb |
tomasdavidorg
approved these changes
Jun 19, 2023
|
Logging the discussions here: |
domhanak
force-pushed
the
RHPAM-4719
branch
2 times, most recently
from
fb0c235
to
72ea5ed
Compare
|
@tomasdavidorg @paulovmr added the Still ready for some additional tests |
|
jenkins do fdb |
1 similar comment
|
jenkins do fdb |
|
@tomasdavidorg @paulovmr updated let me know |
|
jenkins test this |
|
jenkins do fdb |
1 similar comment
|
jenkins do fdb |
tomasdavidorg
approved these changes
Jun 29, 2023
paulovmr
approved these changes
Jun 29, 2023
|
jenkins do fdb |
|
jenkins do fdb |
1 similar comment
|
jenkins do fdb |
Fixes RHPAM-4716 & RHPAM-4717 by using StringEscapeUtils:: escapeHtml4() method in ProjectResource and by implementing helper method, using escapeHtml4(), to escape conrtributors names in OrganizationalUnitServiceImpl
Refactors unit tests to use same methods as in main classes Add some unit tests
Moves methods for escaping out of services
|
Kudos, SonarCloud Quality Gate passed! |
|
jenkins do cdb |
github-actions bot
pushed a commit
that referenced
this pull request
Jul 13, 2023
* RHPAM-4719: Persistent Cross-Site Scripting (XSS) Fixes RHPAM-4716 & RHPAM-4717 by using StringEscapeUtils:: escapeHtml4() method in ProjectResource and by implementing helper method, using escapeHtml4(), to escape conrtributors names in OrganizationalUnitServiceImpl * RHPAM-4719: Add unit test cases for XSS data * RHPAM-4719: Replace single qoute with nothing * RHPAM-4917: Expand escaping to RepositoryService Refactors unit tests to use same methods as in main classes Add some unit tests * Fix code duplication Moves methods for escaping out of services * Increase coverage and remove code smells
mareknovotny
added
the
backport-7.67.x-blue
github-actions bot
pushed a commit
that referenced
this pull request
Jul 18, 2023
* RHPAM-4719: Persistent Cross-Site Scripting (XSS) Fixes RHPAM-4716 & RHPAM-4717 by using StringEscapeUtils:: escapeHtml4() method in ProjectResource and by implementing helper method, using escapeHtml4(), to escape conrtributors names in OrganizationalUnitServiceImpl * RHPAM-4719: Add unit test cases for XSS data * RHPAM-4719: Replace single qoute with nothing * RHPAM-4917: Expand escaping to RepositoryService Refactors unit tests to use same methods as in main classes Add some unit tests * Fix code duplication Moves methods for escaping out of services * Increase coverage and remove code smells
This was referenced Jul 21, 2023
mareknovotny
pushed a commit
that referenced
this pull request
Aug 11, 2023
* RHPAM-4719: Persistent Cross-Site Scripting (XSS) Fixes RHPAM-4716 & RHPAM-4717 by using StringEscapeUtils:: escapeHtml4() method in ProjectResource and by implementing helper method, using escapeHtml4(), to escape conrtributors names in OrganizationalUnitServiceImpl * RHPAM-4719: Add unit test cases for XSS data * RHPAM-4719: Replace single qoute with nothing * RHPAM-4917: Expand escaping to RepositoryService Refactors unit tests to use same methods as in main classes Add some unit tests * Fix code duplication Moves methods for escaping out of services * Increase coverage and remove code smells Co-authored-by: Dominik Hanák <domhanak@users.noreply.github.com>
mareknovotny
pushed a commit
that referenced
this pull request
Aug 11, 2023
* RHPAM-4719: Persistent Cross-Site Scripting (XSS) Fixes RHPAM-4716 & RHPAM-4717 by using StringEscapeUtils:: escapeHtml4() method in ProjectResource and by implementing helper method, using escapeHtml4(), to escape conrtributors names in OrganizationalUnitServiceImpl * RHPAM-4719: Add unit test cases for XSS data * RHPAM-4719: Replace single qoute with nothing * RHPAM-4917: Expand escaping to RepositoryService Refactors unit tests to use same methods as in main classes Add some unit tests * Fix code duplication Moves methods for escaping out of services * Increase coverage and remove code smells Co-authored-by: Dominik Hanák <domhanak@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes RHPAM-4716 & RHPAM-4717 by using
StringEscapeUtils:: escapeHtml4()method in
ProjectResourceand by implementing helper method, usingescapeHtml4(), to escape contributors names inOrganizationalUnitServiceImplJIRA: RHPAM-4719
Resulted contributor page after calling update with XSS valid name.
