Skip to content

Commit

Permalink
[NCITERM-644] Reduce SQL injection AppScan delays.
Browse files Browse the repository at this point in the history
  • Loading branch information
kimong committed Feb 20, 2015
1 parent 50efb2d commit 46e5c7c
Showing 1 changed file with 13 additions and 5 deletions.
18 changes: 13 additions & 5 deletions software/ncitbrowser/src/java/gov/nih/nci/evs/browser/utils/HTTPUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,25 +393,33 @@ public static boolean validateRequestParameters(HttpServletRequest request) {
String value = (String) request.getParameter(name);
Boolean bool_obj = validateRadioButtonNameAndValue(name, value);
if (bool_obj != null && bool_obj.equals(Boolean.FALSE)) {
request.getSession().setAttribute("error_msg", "WARNING: Invalid parameter value encountered - '" + value + "'.");
String error_msg = "WARNING: Invalid parameter value encountered - '" + value +
" (name: " + name + ").";
request.getSession().setAttribute("error_msg", error_msg);
return false;
}

bool_obj = containsPercentSign(name, value);
if (bool_obj != null && bool_obj.equals(Boolean.FALSE)) {
request.getSession().setAttribute("error_msg", "WARNING: Invalid parameter value encountered - '" + value + "'.");
String error_msg = "WARNING: Invalid parameter value encountered - '" + value +
" (name: " + name + ").";
request.getSession().setAttribute("error_msg", error_msg);
return false;
}

bool_obj = validateValueSetCheckBox(name, value);
if (bool_obj != null && bool_obj.equals(Boolean.FALSE)) {
request.getSession().setAttribute("error_msg", "WARNING: Invalid parameter value encountered - '" + value + "'.");
String error_msg = "WARNING: Invalid parameter value encountered - '" + value +
" (name: " + name + ").";
request.getSession().setAttribute("error_msg", error_msg);
return false;
}

bool_obj = containsHarzardCharacters(value);
if (bool_obj != null && bool_obj.equals(Boolean.TRUE)) {
request.getSession().setAttribute("error_msg", "WARNING: Hazard characters found in parameter value - '" + value + "'.");
String error_msg = "WARNING: Invalid parameter value encountered - '" + value +
" (name: " + name + ").";
request.getSession().setAttribute("error_msg", error_msg);
return false;
}
}
Expand All @@ -427,7 +435,7 @@ public static boolean validateRequestParameters(HttpServletRequest request) {


public static Boolean validateRadioButtonNameAndValue(String name, String value) {
if (name == null || value == null) return null;
if (name == null || value == null || value.length() == 0) return null;
if (name.compareTo("adv_search_algorithm") == 0) {
if (HTTPParameterConstants.adv_search_algorithm_value_list.contains(value)) {
return Boolean.TRUE;
Expand Down

0 comments on commit 46e5c7c

Please sign in to comment.