Skip to content

Commit 101e3aa

Browse files
NMS-13126: Escape foreignSource and nodeLabel string in requisition UI
1 parent 9ea8e4c commit 101e3aa

File tree

12 files changed

+31
-26
lines changed

12 files changed

+31
-26
lines changed

Diff for: core/web-assets/src/main/assets/js/apps/onms-requisitions/lib/scripts/controllers/ForeignSource.js

+3-3
Original file line numberDiff line numberDiff line change
@@ -454,7 +454,7 @@ require('../services/Requisitions');
454454
RequisitionsService.startTiming();
455455
RequisitionsService.saveForeignSourceDefinition($scope.foreignSourceDef).then(
456456
function() { // success
457-
growl.success('The definition for the requisition ' + $scope.foreignSource + ' has been saved.');
457+
growl.success('The definition for the requisition ' + _.escape($scope.foreignSource) + ' has been saved.');
458458
form.$dirty = false;
459459
},
460460
$scope.errorHandler
@@ -474,7 +474,7 @@ require('../services/Requisitions');
474474
RequisitionsService.startTiming();
475475
RequisitionsService.deleteForeignSourceDefinition($scope.foreignSource).then(
476476
function() { // success
477-
growl.success('The foreign source definition for ' + $scope.foreignSource + 'has been reseted.');
477+
growl.success('The foreign source definition for ' + _.escape($scope.foreignSource) + 'has been reseted.');
478478
$scope.initialize();
479479
},
480480
$scope.errorHandler
@@ -517,7 +517,7 @@ require('../services/Requisitions');
517517
* @methodOf ForeignSourceController
518518
*/
519519
$scope.initialize = function() {
520-
growl.success('Retrieving definition for requisition ' + $scope.foreignSource + '...');
520+
growl.success('Retrieving definition for requisition ' + _.escape($scope.foreignSource) + '...');
521521
RequisitionsService.getForeignSourceDefinition($scope.foreignSource).then(
522522
function(foreignSourceDef) { // success
523523
$scope.foreignSourceDef = foreignSourceDef;

Diff for: core/web-assets/src/main/assets/js/apps/onms-requisitions/lib/scripts/controllers/Node.js

+3-3
Original file line numberDiff line numberDiff line change
@@ -326,7 +326,7 @@ const RequisitionMetaDataEntry = require('../model/RequisitionMetaDataEntry');
326326
$scope.goBack();
327327
// If node was just created, it has no label yet
328328
if (node.nodeLabel) {
329-
growl.success('The node ' + node.nodeLabel + ' has been deleted.');
329+
growl.success('The node ' + _.escape(node.nodeLabel) + ' has been deleted.');
330330
} else {
331331
growl.success('The node has been deleted.');
332332
}
@@ -497,7 +497,7 @@ const RequisitionMetaDataEntry = require('../model/RequisitionMetaDataEntry');
497497
RequisitionsService.startTiming();
498498
RequisitionsService.saveNode($scope.node).then(
499499
function() { // success
500-
growl.success('The node ' + $scope.node.nodeLabel + ' has been saved.');
500+
growl.success('The node ' + _.escape($scope.node.nodeLabel) + ' has been saved.');
501501
$scope.foreignId = $scope.node.foreignId;
502502
form.$dirty = false;
503503
},
@@ -513,7 +513,7 @@ const RequisitionMetaDataEntry = require('../model/RequisitionMetaDataEntry');
513513
* @methodOf NodeController
514514
*/
515515
$scope.refresh = function() {
516-
growl.success('Retrieving node ' + $scope.foreignId + ' from requisition ' + $scope.foreignSource + '...');
516+
growl.success('Retrieving node ' + _.escape($scope.foreignId) + ' from requisition ' + _.escape($scope.foreignSource) + '...');
517517
RequisitionsService.getNode($scope.foreignSource, $scope.foreignId).then(
518518
function(node) { // success
519519
$scope.node = node;

Diff for: core/web-assets/src/main/assets/js/apps/onms-requisitions/lib/scripts/controllers/QuickAddNode.js

+3-3
Original file line numberDiff line numberDiff line change
@@ -111,8 +111,8 @@ const QuickNode = require('../model/QuickNode');
111111
*/
112112
$scope.provision = function() {
113113
$scope.isSaving = true;
114-
growl.info($sanitize('The node ' + $scope.node.nodeLabel + ' is being added to requisition ' + $scope.node.foreignSource + '. Please wait...'));
115-
var successMessage = $sanitize('The node ' + $scope.node.nodeLabel + ' has been added to requisition ' + $scope.node.foreignSource);
114+
growl.info('The node ' + _.escape($scope.node.nodeLabel) + ' is being added to requisition ' + _.escape($scope.node.foreignSource) + '. Please wait...');
115+
var successMessage = 'The node ' + _.escape($scope.node.nodeLabel) + ' has been added to requisition ' + _.escape($scope.node.foreignSource);
116116
RequisitionsService.quickAddNode($scope.node).then(
117117
function() { // success
118118
$scope.reset();
@@ -238,7 +238,7 @@ const QuickNode = require('../model/QuickNode');
238238
function() { // success
239239
RequisitionsService.synchronizeRequisition(foreignSource, false).then(
240240
function() {
241-
growl.success('The requisition ' + foreignSource + ' has been created and synchronized.');
241+
growl.success('The requisition ' + _.escape(foreignSource) + ' has been created and synchronized.');
242242
$scope.foreignSources.push(foreignSource);
243243
},
244244
$scope.errorHandler

Diff for: core/web-assets/src/main/assets/js/apps/onms-requisitions/lib/scripts/controllers/Requisition.js

+3-3
Original file line numberDiff line numberDiff line change
@@ -200,7 +200,7 @@ require('../services/Synchronize');
200200
* @param {object} The node's object to delete
201201
*/
202202
$scope.deleteNode = function(node) {
203-
bootbox.confirm('Are you sure you want to remove the node ' + node.nodeLabel + '?', function(ok) {
203+
bootbox.confirm('Are you sure you want to remove the node ' + _.escape(node.nodeLabel) + '?', function(ok) {
204204
if (ok) {
205205
RequisitionsService.startTiming();
206206
RequisitionsService.deleteNode(node).then(
@@ -214,7 +214,7 @@ require('../services/Synchronize');
214214
if (index > -1) {
215215
$scope.filteredNodes.splice(index,1);
216216
}
217-
growl.success('The node ' + node.nodeLabel + ' has been deleted.');
217+
growl.success('The node ' + _.escape(node.nodeLabel) + ' has been deleted.');
218218
},
219219
$scope.errorHandler
220220
);
@@ -295,7 +295,7 @@ require('../services/Synchronize');
295295
if (value) {
296296
$scope.pageSize = value;
297297
}
298-
growl.success('Retrieving requisition ' + $scope.foreignSource + '...');
298+
growl.success('Retrieving requisition ' + _.escape($scope.foreignSource) + '...');
299299
RequisitionsService.getRequisition($scope.foreignSource).then(
300300
function(requisition) { // success
301301
$scope.requisition = requisition;

Diff for: core/web-assets/src/main/assets/js/apps/onms-requisitions/lib/scripts/controllers/Requisitions.js

+10-10
Original file line numberDiff line numberDiff line change
@@ -172,14 +172,14 @@ require('../services/Synchronize');
172172
}
173173
});
174174
modalInstance.result.then(function(targetForeignSource) {
175-
bootbox.confirm('This action will override the existing foreign source definition for the requisition named ' + targetForeignSource + ', using ' + foreignSource + ' as a template. Are you sure you want to continue ? This cannot be undone.', function(ok) {
175+
bootbox.confirm('This action will override the existing foreign source definition for the requisition named ' + _.escape(targetForeignSource) + ', using ' + _.escape(foreignSource) + ' as a template. Are you sure you want to continue ? This cannot be undone.', function(ok) {
176176
if (!ok) {
177177
return;
178178
}
179179
RequisitionsService.startTiming();
180180
RequisitionsService.cloneForeignSourceDefinition(foreignSource, targetForeignSource).then(
181181
function() { // success
182-
growl.success('The foreign source definition for ' + foreignSource + ' has been cloned to ' + targetForeignSource);
182+
growl.success('The foreign source definition for ' + _.escape(foreignSource) + ' has been cloned to ' + _.escape(targetForeignSource));
183183
},
184184
$scope.errorHandler
185185
);
@@ -201,18 +201,18 @@ require('../services/Synchronize');
201201
if (foreignSource) {
202202
// Validate Requisition
203203
if (foreignSource.match(/[/\\?:&*'"]/)) {
204-
bootbox.alert('Cannot add the requisition ' + foreignSource + ' because the following characters are invalid:<br/>:, /, \\, ?, &, *, \', "');
204+
bootbox.alert('Cannot add the requisition ' + _.escape(foreignSource) + ' because the following characters are invalid:<br/>:, /, \\, ?, &, *, \', "');
205205
return;
206206
}
207207
var r = $scope.requisitionsData.getRequisition(foreignSource);
208208
if (r) {
209-
bootbox.alert('Cannot add the requisition ' + foreignSource+ ' because there is already a requisition with that name');
209+
bootbox.alert('Cannot add the requisition ' + _.escape(foreignSource) + ' because there is already a requisition with that name');
210210
return;
211211
}
212212
// Create Requisition
213213
RequisitionsService.addRequisition(foreignSource).then(
214214
function(r) { // success
215-
growl.success('The requisition ' + r.foreignSource + ' has been created.');
215+
growl.success('The requisition ' + _.escape(r.foreignSource) + ' has been created.');
216216
},
217217
$scope.errorHandler
218218
);
@@ -271,7 +271,7 @@ require('../services/Synchronize');
271271
RequisitionsService.startTiming();
272272
RequisitionsService.updateDeployedStatsForRequisition(requisition).then(
273273
function() { // success
274-
growl.success('The deployed statistics for ' + requisition.foreignSource + ' has been updated.');
274+
growl.success('The deployed statistics for ' + _.escape(requisition.foreignSource) + ' has been updated.');
275275
},
276276
$scope.errorHandler
277277
);
@@ -286,12 +286,12 @@ require('../services/Synchronize');
286286
* @param {string} foreignSource The name of the requisition
287287
*/
288288
$scope.removeAllNodes = function(foreignSource) {
289-
bootbox.confirm('Are you sure you want to remove all the nodes from ' + foreignSource + '?', function(ok) {
289+
bootbox.confirm('Are you sure you want to remove all the nodes from ' + _.escape(foreignSource) + '?', function(ok) {
290290
if (ok) {
291291
RequisitionsService.startTiming();
292292
RequisitionsService.removeAllNodesFromRequisition(foreignSource).then(
293293
function() { // success
294-
growl.success('All the nodes from ' + foreignSource + ' have been removed, and the requisition has been synchronized.');
294+
growl.success('All the nodes from ' + _.escape(foreignSource) + ' have been removed, and the requisition has been synchronized.');
295295
var req = $scope.requisitionsData.getRequisition(foreignSource);
296296
req.reset();
297297
},
@@ -310,12 +310,12 @@ require('../services/Synchronize');
310310
* @param {string} foreignSource The name of the requisition
311311
*/
312312
$scope.delete = function(foreignSource) {
313-
bootbox.confirm('Are you sure you want to remove the requisition ' + foreignSource + '?', function(ok) {
313+
bootbox.confirm('Are you sure you want to remove the requisition ' + _.escape(foreignSource) + '?', function(ok) {
314314
if (ok) {
315315
RequisitionsService.startTiming();
316316
RequisitionsService.deleteRequisition(foreignSource).then(
317317
function() { // success
318-
growl.success('The requisition ' + foreignSource + ' has been deleted.');
318+
growl.success('The requisition ' + _.escape(foreignSource) + ' has been deleted.');
319319
},
320320
$scope.errorHandler
321321
);

Diff for: core/web-assets/src/main/assets/js/apps/onms-requisitions/lib/scripts/services/Synchronize.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -46,14 +46,14 @@ require('./Requisitions');
4646
RequisitionsService.startTiming();
4747
RequisitionsService.synchronizeRequisition(requisition.foreignSource, rescanExisting).then(
4848
function() { // success
49-
growl.success('The import operation has been started for ' + requisition.foreignSource + ' (rescanExisting? ' + rescanExisting + ')<br/>Use <b>refresh</b> to update the deployed statistics');
49+
growl.success('The import operation has been started for ' + _.escape(requisition.foreignSource) + ' (rescanExisting? ' + rescanExisting + ')<br/>Use <b>refresh</b> to update the deployed statistics');
5050
requisition.setDeployed(true);
5151
},
5252
errorHandler
5353
);
5454
};
5555
bootbox.prompt({
56-
title: 'Synchronize Requisition ' + requisition.foreignSource,
56+
title: 'Synchronize Requisition ' + _.escape(requisition.foreignSource),
5757
message: '<p><b>Choose a scan option: </b></p>',
5858
inputType: 'radio',
5959
inputOptions: [

Diff for: core/web-assets/src/test/javascript/ng-requisitions/controllers/ForeignSource.test.js

+1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
'use strict';
77

88
const angular = require('angular-js');
9+
const _ = require('underscore-js');
910
require('angular-mocks');
1011
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');
1112

Diff for: core/web-assets/src/test/javascript/ng-requisitions/controllers/Node.test.js

+1
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
'use strict';
99

1010
const angular = require('angular-js');
11+
const _ = require('underscore-js');
1112
require('angular-mocks');
1213
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');
1314

Diff for: core/web-assets/src/test/javascript/ng-requisitions/controllers/Requisition.test.js

+1
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
'use strict';
99

1010
const angular = require('angular-js');
11+
const _ = require('underscore-js');
1112
require('angular-mocks');
1213
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');
1314

Diff for: core/web-assets/src/test/javascript/ng-requisitions/controllers/Requisitions.test.js

+1
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
'use strict';
99

1010
const angular = require('angular-js');
11+
const _ = require('underscore-js');
1112
require('angular-mocks');
1213
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');
1314

Diff for: opennms-webapp/src/main/webapp/WEB-INF/tags/element/nodelist.tag

+2-1
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
<%@ attribute name="isMaclikeSearch" type="java.lang.Boolean" rtexprvalue="true" required="true" %>
44

55
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
6+
<%@taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
67

78
<ul class="list-unstyled mb-0">
89
<c:forEach var="nodeModel" items="${nodes}">
@@ -12,7 +13,7 @@
1213
<li>
1314
<c:choose>
1415
<c:when test="${!empty nodeModel.node.foreignSource}">
15-
<div class="NLnode"><a href="${nodeLink}">${nodeModel.node.label}</a>&nbsp;&nbsp;<span class="NLdbid label label-default" title="Database ID: ${nodeModel.node.id}"><i class="fa fa-database"></i>&nbsp;${nodeModel.node.id}</span>&nbsp;<span class="NLfs label label-default" title="Requisition: ${nodeModel.node.foreignSource}"><i class="fa fa-list-alt"></i>&nbsp;${nodeModel.node.foreignSource}</span>&nbsp;<span class="NLfid label label-default" title="Foreign ID: ${nodeModel.node.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${nodeModel.node.foreignId}</span>&nbsp;<span class="NLloc label label-default" title="Location: ${nodeModel.node.location.locationName}"><i class="fa fa-map-marker"></i>&nbsp;${nodeModel.node.location.locationName}</span><c:if test="${nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress/egress flow data available"><i class="fa fa-exchange"></i>&nbsp;ingress/egress flow data</span></c:if><c:if test="${nodeModel.node.hasIngressFlows && !nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress flow data available"><i class="fa fa-long-arrow-left"></i>&nbsp;ingress flow data</span></c:if><c:if test="${!nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: egress flow data available"><i class="fa fa-long-arrow-right"></i>&nbsp;egress flow data</span></c:if></div>
16+
<div class="NLnode"><a href="${nodeLink}">${nodeModel.node.label}</a>&nbsp;&nbsp;<span class="NLdbid label label-default" title="Database ID: ${nodeModel.node.id}"><i class="fa fa-database"></i>&nbsp;${nodeModel.node.id}</span>&nbsp;<span class="NLfs label label-default" title="Requisition: ${fn:escapeXml(nodeModel.node.foreignSource)}"><i class="fa fa-list-alt"></i>&nbsp;${fn:escapeXml(nodeModel.node.foreignSource)}</span>&nbsp;<span class="NLfid label label-default" title="Foreign ID: ${nodeModel.node.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${nodeModel.node.foreignId}</span>&nbsp;<span class="NLloc label label-default" title="Location: ${nodeModel.node.location.locationName}"><i class="fa fa-map-marker"></i>&nbsp;${nodeModel.node.location.locationName}</span><c:if test="${nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress/egress flow data available"><i class="fa fa-exchange"></i>&nbsp;ingress/egress flow data</span></c:if><c:if test="${nodeModel.node.hasIngressFlows && !nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress flow data available"><i class="fa fa-long-arrow-left"></i>&nbsp;ingress flow data</span></c:if><c:if test="${!nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: egress flow data available"><i class="fa fa-long-arrow-right"></i>&nbsp;egress flow data</span></c:if></div>
1617
</c:when>
1718
<c:otherwise>
1819
<div class="NLnode"><a href="${nodeLink}">${nodeModel.node.label}</a>&nbsp;&nbsp;<span class="NLdbid label label-default" title="Database ID: ${nodeModel.node.id}"><i class="fa fa-database"></i>&nbsp;${nodeModel.node.id}</span>&nbsp;<span class="NLloc label label-default" title="Location: ${nodeModel.node.location.locationName}"><i class="fa fa-map-marker"></i>&nbsp;${nodeModel.node.location.locationName}</span> <c:if test="${nodeModel.node.hasFlows}"><span class="NLflows label label-default" title="Flows: flow data available"><i class="fa fa-exchange"></i>&nbsp;flow data</span></c:if></div>

Diff for: opennms-webapp/src/main/webapp/element/node.jsp

+1-1
Original file line numberDiff line numberDiff line change
@@ -311,7 +311,7 @@ function confirmAssetEdit() {
311311

312312
<h5>
313313
<c:if test="${model.foreignSource != null}">
314-
<div class="NPnode">Node: <strong>${model.label}</strong>&nbsp;&nbsp;&nbsp;<span class="NPdbid badge badge-secondary " title="Database ID: ${model.id}"><i class="fa fa-database"></i>&nbsp;${model.id}</span>&nbsp;<span class="NPfs badge badge-secondary " title="Requisition: ${model.foreignSource}"><i class="fa fa-list-alt"></i>&nbsp;${model.foreignSource}</span>&nbsp;<span class="NPfid badge badge-secondary " title="Foreign ID: ${model.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${model.foreignId}</span>&nbsp;<span class="NPloc badge badge-secondary " title="Location: ${model.location}"><i class="fa fa-map-marker"></i>&nbsp;${model.location}</span> <c:if test="${model.node.hasFlows}"><span class="NPflows badge badge-secondary " title="Flows: flow data available"><i class="fa fa-exchange"></i> flow data</span></c:if></div>
314+
<div class="NPnode">Node: <strong>${model.label}</strong>&nbsp;&nbsp;&nbsp;<span class="NPdbid badge badge-secondary " title="Database ID: ${model.id}"><i class="fa fa-database"></i>&nbsp;${model.id}</span>&nbsp;<span class="NPfs badge badge-secondary " title="Requisition: ${fn:escapeXml(model.foreignSource)}"><i class="fa fa-list-alt"></i>&nbsp;${fn:escapeXml(model.foreignSource)}</span>&nbsp;<span class="NPfid badge badge-secondary " title="Foreign ID: ${model.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${model.foreignId}</span>&nbsp;<span class="NPloc badge badge-secondary " title="Location: ${model.location}"><i class="fa fa-map-marker"></i>&nbsp;${model.location}</span> <c:if test="${model.node.hasFlows}"><span class="NPflows badge badge-secondary " title="Flows: flow data available"><i class="fa fa-exchange"></i> flow data</span></c:if></div>
315315
</c:if>
316316
<c:if test="${model.foreignSource == null}">
317317
<div class="NPnode">Node: <strong>${model.label}</strong>&nbsp;&nbsp;&nbsp;<span class="NPdbid badge badge-secondary " title="Database ID: ${model.id}"><i class="fa fa-database"></i>&nbsp;${model.id}</span>&nbsp;<span class="NPloc badge badge-secondary " title="Location: ${model.location}"><i class="fa fa-map-marker"></i>&nbsp;${model.location}</span> <c:if test="${model.node.hasFlows}"><span class="NPflows badge badge-secondary " title="Flows: flow data available"><i class="fa fa-exchange"></i> flow data</span></c:if></div>

0 commit comments

Comments
 (0)