Skip to content
Permalink
Browse files Browse the repository at this point in the history
NMS-13126: Escape foreignSource and nodeLabel string in requisition UI
  • Loading branch information
christianpape committed Mar 5, 2021
1 parent 9ea8e4c commit 101e3aa
Show file tree
Hide file tree
Showing 12 changed files with 31 additions and 26 deletions.
Expand Up @@ -454,7 +454,7 @@ require('../services/Requisitions');
RequisitionsService.startTiming();
RequisitionsService.saveForeignSourceDefinition($scope.foreignSourceDef).then(
function() { // success
growl.success('The definition for the requisition ' + $scope.foreignSource + ' has been saved.');
growl.success('The definition for the requisition ' + _.escape($scope.foreignSource) + ' has been saved.');
form.$dirty = false;
},
$scope.errorHandler
Expand All @@ -474,7 +474,7 @@ require('../services/Requisitions');
RequisitionsService.startTiming();
RequisitionsService.deleteForeignSourceDefinition($scope.foreignSource).then(
function() { // success
growl.success('The foreign source definition for ' + $scope.foreignSource + 'has been reseted.');
growl.success('The foreign source definition for ' + _.escape($scope.foreignSource) + 'has been reseted.');
$scope.initialize();
},
$scope.errorHandler
Expand Down Expand Up @@ -517,7 +517,7 @@ require('../services/Requisitions');
* @methodOf ForeignSourceController
*/
$scope.initialize = function() {
growl.success('Retrieving definition for requisition ' + $scope.foreignSource + '...');
growl.success('Retrieving definition for requisition ' + _.escape($scope.foreignSource) + '...');
RequisitionsService.getForeignSourceDefinition($scope.foreignSource).then(
function(foreignSourceDef) { // success
$scope.foreignSourceDef = foreignSourceDef;
Expand Down
Expand Up @@ -326,7 +326,7 @@ const RequisitionMetaDataEntry = require('../model/RequisitionMetaDataEntry');
$scope.goBack();
// If node was just created, it has no label yet
if (node.nodeLabel) {
growl.success('The node ' + node.nodeLabel + ' has been deleted.');
growl.success('The node ' + _.escape(node.nodeLabel) + ' has been deleted.');
} else {
growl.success('The node has been deleted.');
}
Expand Down Expand Up @@ -497,7 +497,7 @@ const RequisitionMetaDataEntry = require('../model/RequisitionMetaDataEntry');
RequisitionsService.startTiming();
RequisitionsService.saveNode($scope.node).then(
function() { // success
growl.success('The node ' + $scope.node.nodeLabel + ' has been saved.');
growl.success('The node ' + _.escape($scope.node.nodeLabel) + ' has been saved.');
$scope.foreignId = $scope.node.foreignId;
form.$dirty = false;
},
Expand All @@ -513,7 +513,7 @@ const RequisitionMetaDataEntry = require('../model/RequisitionMetaDataEntry');
* @methodOf NodeController
*/
$scope.refresh = function() {
growl.success('Retrieving node ' + $scope.foreignId + ' from requisition ' + $scope.foreignSource + '...');
growl.success('Retrieving node ' + _.escape($scope.foreignId) + ' from requisition ' + _.escape($scope.foreignSource) + '...');
RequisitionsService.getNode($scope.foreignSource, $scope.foreignId).then(
function(node) { // success
$scope.node = node;
Expand Down
Expand Up @@ -111,8 +111,8 @@ const QuickNode = require('../model/QuickNode');
*/
$scope.provision = function() {
$scope.isSaving = true;
growl.info($sanitize('The node ' + $scope.node.nodeLabel + ' is being added to requisition ' + $scope.node.foreignSource + '. Please wait...'));
var successMessage = $sanitize('The node ' + $scope.node.nodeLabel + ' has been added to requisition ' + $scope.node.foreignSource);
growl.info('The node ' + _.escape($scope.node.nodeLabel) + ' is being added to requisition ' + _.escape($scope.node.foreignSource) + '. Please wait...');
var successMessage = 'The node ' + _.escape($scope.node.nodeLabel) + ' has been added to requisition ' + _.escape($scope.node.foreignSource);
RequisitionsService.quickAddNode($scope.node).then(
function() { // success
$scope.reset();
Expand Down Expand Up @@ -238,7 +238,7 @@ const QuickNode = require('../model/QuickNode');
function() { // success
RequisitionsService.synchronizeRequisition(foreignSource, false).then(
function() {
growl.success('The requisition ' + foreignSource + ' has been created and synchronized.');
growl.success('The requisition ' + _.escape(foreignSource) + ' has been created and synchronized.');
$scope.foreignSources.push(foreignSource);
},
$scope.errorHandler
Expand Down
Expand Up @@ -200,7 +200,7 @@ require('../services/Synchronize');
* @param {object} The node's object to delete
*/
$scope.deleteNode = function(node) {
bootbox.confirm('Are you sure you want to remove the node ' + node.nodeLabel + '?', function(ok) {
bootbox.confirm('Are you sure you want to remove the node ' + _.escape(node.nodeLabel) + '?', function(ok) {
if (ok) {
RequisitionsService.startTiming();
RequisitionsService.deleteNode(node).then(
Expand All @@ -214,7 +214,7 @@ require('../services/Synchronize');
if (index > -1) {
$scope.filteredNodes.splice(index,1);
}
growl.success('The node ' + node.nodeLabel + ' has been deleted.');
growl.success('The node ' + _.escape(node.nodeLabel) + ' has been deleted.');
},
$scope.errorHandler
);
Expand Down Expand Up @@ -295,7 +295,7 @@ require('../services/Synchronize');
if (value) {
$scope.pageSize = value;
}
growl.success('Retrieving requisition ' + $scope.foreignSource + '...');
growl.success('Retrieving requisition ' + _.escape($scope.foreignSource) + '...');
RequisitionsService.getRequisition($scope.foreignSource).then(
function(requisition) { // success
$scope.requisition = requisition;
Expand Down
Expand Up @@ -172,14 +172,14 @@ require('../services/Synchronize');
}
});
modalInstance.result.then(function(targetForeignSource) {
bootbox.confirm('This action will override the existing foreign source definition for the requisition named ' + targetForeignSource + ', using ' + foreignSource + ' as a template. Are you sure you want to continue ? This cannot be undone.', function(ok) {
bootbox.confirm('This action will override the existing foreign source definition for the requisition named ' + _.escape(targetForeignSource) + ', using ' + _.escape(foreignSource) + ' as a template. Are you sure you want to continue ? This cannot be undone.', function(ok) {
if (!ok) {
return;
}
RequisitionsService.startTiming();
RequisitionsService.cloneForeignSourceDefinition(foreignSource, targetForeignSource).then(
function() { // success
growl.success('The foreign source definition for ' + foreignSource + ' has been cloned to ' + targetForeignSource);
growl.success('The foreign source definition for ' + _.escape(foreignSource) + ' has been cloned to ' + _.escape(targetForeignSource));
},
$scope.errorHandler
);
Expand All @@ -201,18 +201,18 @@ require('../services/Synchronize');
if (foreignSource) {
// Validate Requisition
if (foreignSource.match(/[/\\?:&*'"]/)) {
bootbox.alert('Cannot add the requisition ' + foreignSource + ' because the following characters are invalid:<br/>:, /, \\, ?, &, *, \', "');
bootbox.alert('Cannot add the requisition ' + _.escape(foreignSource) + ' because the following characters are invalid:<br/>:, /, \\, ?, &, *, \', "');
return;
}
var r = $scope.requisitionsData.getRequisition(foreignSource);
if (r) {
bootbox.alert('Cannot add the requisition ' + foreignSource+ ' because there is already a requisition with that name');
bootbox.alert('Cannot add the requisition ' + _.escape(foreignSource) + ' because there is already a requisition with that name');
return;
}
// Create Requisition
RequisitionsService.addRequisition(foreignSource).then(
function(r) { // success
growl.success('The requisition ' + r.foreignSource + ' has been created.');
growl.success('The requisition ' + _.escape(r.foreignSource) + ' has been created.');
},
$scope.errorHandler
);
Expand Down Expand Up @@ -271,7 +271,7 @@ require('../services/Synchronize');
RequisitionsService.startTiming();
RequisitionsService.updateDeployedStatsForRequisition(requisition).then(
function() { // success
growl.success('The deployed statistics for ' + requisition.foreignSource + ' has been updated.');
growl.success('The deployed statistics for ' + _.escape(requisition.foreignSource) + ' has been updated.');
},
$scope.errorHandler
);
Expand All @@ -286,12 +286,12 @@ require('../services/Synchronize');
* @param {string} foreignSource The name of the requisition
*/
$scope.removeAllNodes = function(foreignSource) {
bootbox.confirm('Are you sure you want to remove all the nodes from ' + foreignSource + '?', function(ok) {
bootbox.confirm('Are you sure you want to remove all the nodes from ' + _.escape(foreignSource) + '?', function(ok) {
if (ok) {
RequisitionsService.startTiming();
RequisitionsService.removeAllNodesFromRequisition(foreignSource).then(
function() { // success
growl.success('All the nodes from ' + foreignSource + ' have been removed, and the requisition has been synchronized.');
growl.success('All the nodes from ' + _.escape(foreignSource) + ' have been removed, and the requisition has been synchronized.');
var req = $scope.requisitionsData.getRequisition(foreignSource);
req.reset();
},
Expand All @@ -310,12 +310,12 @@ require('../services/Synchronize');
* @param {string} foreignSource The name of the requisition
*/
$scope.delete = function(foreignSource) {
bootbox.confirm('Are you sure you want to remove the requisition ' + foreignSource + '?', function(ok) {
bootbox.confirm('Are you sure you want to remove the requisition ' + _.escape(foreignSource) + '?', function(ok) {
if (ok) {
RequisitionsService.startTiming();
RequisitionsService.deleteRequisition(foreignSource).then(
function() { // success
growl.success('The requisition ' + foreignSource + ' has been deleted.');
growl.success('The requisition ' + _.escape(foreignSource) + ' has been deleted.');
},
$scope.errorHandler
);
Expand Down
Expand Up @@ -46,14 +46,14 @@ require('./Requisitions');
RequisitionsService.startTiming();
RequisitionsService.synchronizeRequisition(requisition.foreignSource, rescanExisting).then(
function() { // success
growl.success('The import operation has been started for ' + requisition.foreignSource + ' (rescanExisting? ' + rescanExisting + ')<br/>Use <b>refresh</b> to update the deployed statistics');
growl.success('The import operation has been started for ' + _.escape(requisition.foreignSource) + ' (rescanExisting? ' + rescanExisting + ')<br/>Use <b>refresh</b> to update the deployed statistics');
requisition.setDeployed(true);
},
errorHandler
);
};
bootbox.prompt({
title: 'Synchronize Requisition ' + requisition.foreignSource,
title: 'Synchronize Requisition ' + _.escape(requisition.foreignSource),
message: '<p><b>Choose a scan option: </b></p>',
inputType: 'radio',
inputOptions: [
Expand Down
Expand Up @@ -6,6 +6,7 @@
'use strict';

const angular = require('angular-js');
const _ = require('underscore-js');
require('angular-mocks');
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');

Expand Down
Expand Up @@ -8,6 +8,7 @@
'use strict';

const angular = require('angular-js');
const _ = require('underscore-js');
require('angular-mocks');
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');

Expand Down
Expand Up @@ -8,6 +8,7 @@
'use strict';

const angular = require('angular-js');
const _ = require('underscore-js');
require('angular-mocks');
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');

Expand Down
Expand Up @@ -8,6 +8,7 @@
'use strict';

const angular = require('angular-js');
const _ = require('underscore-js');
require('angular-mocks');
require('../../../../../src/main/assets/js/apps/onms-requisitions/requisitions');

Expand Down
Expand Up @@ -3,6 +3,7 @@
<%@ attribute name="isMaclikeSearch" type="java.lang.Boolean" rtexprvalue="true" required="true" %>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>

<ul class="list-unstyled mb-0">
<c:forEach var="nodeModel" items="${nodes}">
Expand All @@ -12,7 +13,7 @@
<li>
<c:choose>
<c:when test="${!empty nodeModel.node.foreignSource}">
<div class="NLnode"><a href="${nodeLink}">${nodeModel.node.label}</a>&nbsp;&nbsp;<span class="NLdbid label label-default" title="Database ID: ${nodeModel.node.id}"><i class="fa fa-database"></i>&nbsp;${nodeModel.node.id}</span>&nbsp;<span class="NLfs label label-default" title="Requisition: ${nodeModel.node.foreignSource}"><i class="fa fa-list-alt"></i>&nbsp;${nodeModel.node.foreignSource}</span>&nbsp;<span class="NLfid label label-default" title="Foreign ID: ${nodeModel.node.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${nodeModel.node.foreignId}</span>&nbsp;<span class="NLloc label label-default" title="Location: ${nodeModel.node.location.locationName}"><i class="fa fa-map-marker"></i>&nbsp;${nodeModel.node.location.locationName}</span><c:if test="${nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress/egress flow data available"><i class="fa fa-exchange"></i>&nbsp;ingress/egress flow data</span></c:if><c:if test="${nodeModel.node.hasIngressFlows && !nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress flow data available"><i class="fa fa-long-arrow-left"></i>&nbsp;ingress flow data</span></c:if><c:if test="${!nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: egress flow data available"><i class="fa fa-long-arrow-right"></i>&nbsp;egress flow data</span></c:if></div>
<div class="NLnode"><a href="${nodeLink}">${nodeModel.node.label}</a>&nbsp;&nbsp;<span class="NLdbid label label-default" title="Database ID: ${nodeModel.node.id}"><i class="fa fa-database"></i>&nbsp;${nodeModel.node.id}</span>&nbsp;<span class="NLfs label label-default" title="Requisition: ${fn:escapeXml(nodeModel.node.foreignSource)}"><i class="fa fa-list-alt"></i>&nbsp;${fn:escapeXml(nodeModel.node.foreignSource)}</span>&nbsp;<span class="NLfid label label-default" title="Foreign ID: ${nodeModel.node.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${nodeModel.node.foreignId}</span>&nbsp;<span class="NLloc label label-default" title="Location: ${nodeModel.node.location.locationName}"><i class="fa fa-map-marker"></i>&nbsp;${nodeModel.node.location.locationName}</span><c:if test="${nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress/egress flow data available"><i class="fa fa-exchange"></i>&nbsp;ingress/egress flow data</span></c:if><c:if test="${nodeModel.node.hasIngressFlows && !nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: ingress flow data available"><i class="fa fa-long-arrow-left"></i>&nbsp;ingress flow data</span></c:if><c:if test="${!nodeModel.node.hasIngressFlows && nodeModel.node.hasEgressFlows}"><span class="NLflows label label-default" title="Flows: egress flow data available"><i class="fa fa-long-arrow-right"></i>&nbsp;egress flow data</span></c:if></div>
</c:when>
<c:otherwise>
<div class="NLnode"><a href="${nodeLink}">${nodeModel.node.label}</a>&nbsp;&nbsp;<span class="NLdbid label label-default" title="Database ID: ${nodeModel.node.id}"><i class="fa fa-database"></i>&nbsp;${nodeModel.node.id}</span>&nbsp;<span class="NLloc label label-default" title="Location: ${nodeModel.node.location.locationName}"><i class="fa fa-map-marker"></i>&nbsp;${nodeModel.node.location.locationName}</span> <c:if test="${nodeModel.node.hasFlows}"><span class="NLflows label label-default" title="Flows: flow data available"><i class="fa fa-exchange"></i>&nbsp;flow data</span></c:if></div>
Expand Down
2 changes: 1 addition & 1 deletion opennms-webapp/src/main/webapp/element/node.jsp
Expand Up @@ -311,7 +311,7 @@ function confirmAssetEdit() {

<h5>
<c:if test="${model.foreignSource != null}">
<div class="NPnode">Node: <strong>${model.label}</strong>&nbsp;&nbsp;&nbsp;<span class="NPdbid badge badge-secondary " title="Database ID: ${model.id}"><i class="fa fa-database"></i>&nbsp;${model.id}</span>&nbsp;<span class="NPfs badge badge-secondary " title="Requisition: ${model.foreignSource}"><i class="fa fa-list-alt"></i>&nbsp;${model.foreignSource}</span>&nbsp;<span class="NPfid badge badge-secondary " title="Foreign ID: ${model.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${model.foreignId}</span>&nbsp;<span class="NPloc badge badge-secondary " title="Location: ${model.location}"><i class="fa fa-map-marker"></i>&nbsp;${model.location}</span> <c:if test="${model.node.hasFlows}"><span class="NPflows badge badge-secondary " title="Flows: flow data available"><i class="fa fa-exchange"></i> flow data</span></c:if></div>
<div class="NPnode">Node: <strong>${model.label}</strong>&nbsp;&nbsp;&nbsp;<span class="NPdbid badge badge-secondary " title="Database ID: ${model.id}"><i class="fa fa-database"></i>&nbsp;${model.id}</span>&nbsp;<span class="NPfs badge badge-secondary " title="Requisition: ${fn:escapeXml(model.foreignSource)}"><i class="fa fa-list-alt"></i>&nbsp;${fn:escapeXml(model.foreignSource)}</span>&nbsp;<span class="NPfid badge badge-secondary " title="Foreign ID: ${model.foreignId}"><i class="fa fa-qrcode"></i>&nbsp;${model.foreignId}</span>&nbsp;<span class="NPloc badge badge-secondary " title="Location: ${model.location}"><i class="fa fa-map-marker"></i>&nbsp;${model.location}</span> <c:if test="${model.node.hasFlows}"><span class="NPflows badge badge-secondary " title="Flows: flow data available"><i class="fa fa-exchange"></i> flow data</span></c:if></div>
</c:if>
<c:if test="${model.foreignSource == null}">
<div class="NPnode">Node: <strong>${model.label}</strong>&nbsp;&nbsp;&nbsp;<span class="NPdbid badge badge-secondary " title="Database ID: ${model.id}"><i class="fa fa-database"></i>&nbsp;${model.id}</span>&nbsp;<span class="NPloc badge badge-secondary " title="Location: ${model.location}"><i class="fa fa-map-marker"></i>&nbsp;${model.location}</span> <c:if test="${model.node.hasFlows}"><span class="NPflows badge badge-secondary " title="Flows: flow data available"><i class="fa fa-exchange"></i> flow data</span></c:if></div>
Expand Down

0 comments on commit 101e3aa

Please sign in to comment.