Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.67.x] RHPAM-4719: Persistent Cross-Site Scripting (XSS) #1401

Merged
merged 1 commit into from
Aug 11, 2023
Merged

[7.67.x] RHPAM-4719: Persistent Cross-Site Scripting (XSS) #1401

merged 1 commit into from
Aug 11, 2023

Conversation

github-actions[bot]
Copy link

Backport: #1393

Fixes RHPAM-4716 & RHPAM-4717 by using StringEscapeUtils:: escapeHtml4() meth
od in ProjectResource and by implementing helper method, using escapeHtml4(), to escape contributors names in OrganizationalUnitServiceImpl

JIRA: RHPAM-4719

Resulted contributor page after calling update with XSS valid name.
Screenshot from 2023-06-15 09-17-19

@domhanak @web-flow
RHPAM-4719: Persistent Cross-Site Scripting (XSS) (#1393)
e1943b5 
* RHPAM-4719: Persistent Cross-Site Scripting (XSS)

Fixes RHPAM-4716 & RHPAM-4717 by using StringEscapeUtils::
escapeHtml4() method in ProjectResource and by implementing
helper method, using escapeHtml4(), to escape conrtributors
names in OrganizationalUnitServiceImpl

* RHPAM-4719: Add unit test cases for XSS data

* RHPAM-4719: Replace single qoute with nothing

* RHPAM-4917: Expand escaping to RepositoryService

Refactors unit tests to use same methods as in main classes
Add some unit tests

* Fix code duplication

Moves methods for escaping out of services

* Increase coverage and remove code smells
@mareknovotny
Copy link
Member

ok to test

@mareknovotny
Copy link
Member

jenkins do fdb

@mareknovotny
Copy link
Member

jenkins retest this please

@mareknovotny
Copy link
Member

jenkins do fdb

@sonarcloud
Copy link

sonarcloud bot commented Aug 10, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

100.0% 100.0% Coverage
0.0% 0.0% Duplication

warning The version of Java (11.0.20) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
Read more here

@mareknovotny
Copy link
Member

failed flaky test org.kie.server.client.LoadBalancerClientTest.testDefaultLoadBalancerNoServersAvailable which is not related to UI changes here

@mareknovotny mareknovotny merged commit 3bc9c47 into 7.67.x Aug 11, 2023
2 checks passed
@mareknovotny mareknovotny deleted the 7.67.x_RHPAM-4719 branch August 11, 2023 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulovmr paulovmr paulovmr approved these changes

@adrielparedes adrielparedes Awaiting requested review from adrielparedes

@domhanak domhanak Awaiting requested review from domhanak

Assignees
No one assigned
Labels
cherry-pick 🍒
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mareknovotny @paulovmr @domhanak