aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:11:45 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:11:45 +0100
commit5f2ad9d48b83d5979b1a147190f5177e3327744a (patch)
tree81cfcaae779036292c0fbe2213d22d7bab2fa0d1 /id/server/modules
parentaca73741002d4285492d2b95f88779a14171b4e7 (diff)
downloadmoa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.tar.gz
moa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.tar.bz2
moa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.zip
add escaping on some places
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java59
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java2
2 files changed, 31 insertions, 30 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 7d1bfd7b9..16b4ba841 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -50,6 +50,7 @@ import javax.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
@@ -159,15 +160,15 @@ public class SSOTransferServlet{
} catch (MOAIDException | MOADatabaseException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (Exception e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
}
}
@@ -220,51 +221,51 @@ public class SSOTransferServlet{
} catch (OperatorCreationException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CredentialsNotAvailableException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (PKCSException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CertificateException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeyException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeySpecException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (SessionDataStorageException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (ParseException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (IllegalBlockSizeException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (BadPaddingException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchPaddingException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
}
@@ -322,50 +323,50 @@ public class SSOTransferServlet{
} catch (OperatorCreationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CredentialsNotAvailableException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (PKCSException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (SessionDataStorageException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (BadPaddingException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchPaddingException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
}
@@ -424,15 +425,15 @@ public class SSOTransferServlet{
} catch (MOAIDException | MOADatabaseException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (Exception e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
}
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index 13a278d1d..fe164c514 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -105,7 +105,7 @@ public class GUIUtils {
config.putCustomParameter("QRImage", base64EncodedImage);
config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");
- config.putCustomParameter("timeoutURL", containerURL);
+ config.putCustomParameterWithOutEscaption("timeoutURL", containerURL);
config.putCustomParameter("timeout", REFESH_TIMEOUT);
guiBuilder.build(response, config, "SSO-Transfer-Module");