cxf-fediz git commit: Remove ESAPI

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

cxf-fediz git commit: Remove ESAPI

coheigea
Administrator
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.3.x-fixes ed807b309 -> 386f41b3a


Remove ESAPI


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/386f41b3
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/386f41b3
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/386f41b3

Branch: refs/heads/1.3.x-fixes
Commit: 386f41b3a6b940629ca5b0fbbd795c2cbeb90ccb
Parents: ed807b3
Author: Colm O hEigeartaigh <[hidden email]>
Authored: Wed May 17 17:29:57 2017 +0100
Committer: Colm O hEigeartaigh <[hidden email]>
Committed: Wed May 17 17:30:30 2017 +0100

----------------------------------------------------------------------
 apache-fediz/src/main/release/NOTICE                  | 14 --------------
 pom.xml                                               |  1 -
 services/oidc/pom.xml                                 |  6 +++---
 services/oidc/src/main/resources/ESAPI.properties     |  1 -
 .../oidc/src/main/webapp/WEB-INF/views/client.jsp     |  4 ++--
 .../main/webapp/WEB-INF/views/clientCodeGrants.jsp    |  4 ++--
 .../src/main/webapp/WEB-INF/views/clientTokens.jsp    |  4 ++--
 .../webapp/WEB-INF/views/oAuthAuthorizationData.jsp   |  4 ++--
 .../main/webapp/WEB-INF/views/registeredClients.jsp   |  4 ++--
 9 files changed, 13 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/apache-fediz/src/main/release/NOTICE
----------------------------------------------------------------------
diff --git a/apache-fediz/src/main/release/NOTICE b/apache-fediz/src/main/release/NOTICE
index 94dc41e..a40b89d 100644
--- a/apache-fediz/src/main/release/NOTICE
+++ b/apache-fediz/src/main/release/NOTICE
@@ -35,17 +35,3 @@ The source code is available at:
 
 OpenJPA includes software written by Miroslav Nachev
 
-This project bundles Batik, which contains code from the World Wide Web
-Consortium (W3C) for the Document Object Model API (DOM API) and SVG Document
-Type Definition (DTD).
-
-This project bundles Batik which contains code from the International
-Organisation for Standardization for the definition of character entities used
-in the software's documentation.
-
-This project bundles Batik which includes images from the Tango Desktop Project
-(http://tango.freedesktop.org/).
-
-This product bundles Batik which includes images from the Pasodoble Icon Theme
-(http://www.jesusda.com/projects/pasodoble).
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index b98298e..510e6e7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,6 @@
         <easymock.version>3.4</easymock.version>
         <ecj.version>4.6.1</ecj.version>
         <ehcache.version>2.10.3</ehcache.version>
-        <esapi.version>2.1.0.1</esapi.version>
         <httpclient.version>4.3.5</httpclient.version>
         <hsqldb.version>2.3.4</hsqldb.version>
         <htmlunit.version>2.24</htmlunit.version>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/services/oidc/pom.xml
----------------------------------------------------------------------
diff --git a/services/oidc/pom.xml b/services/oidc/pom.xml
index 5c1012d..73b8c5d 100644
--- a/services/oidc/pom.xml
+++ b/services/oidc/pom.xml
@@ -78,9 +78,9 @@
             <version>${commons.validator.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.owasp.esapi</groupId>
-            <artifactId>esapi</artifactId>
-            <version>${esapi.version}</version>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang.version}</version>
         </dependency>
         <!--
         <dependency>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/services/oidc/src/main/resources/ESAPI.properties
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/resources/ESAPI.properties b/services/oidc/src/main/resources/ESAPI.properties
deleted file mode 100644
index 077737c..0000000
--- a/services/oidc/src/main/resources/ESAPI.properties
+++ /dev/null
@@ -1 +0,0 @@
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/services/oidc/src/main/webapp/WEB-INF/views/client.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/client.jsp b/services/oidc/src/main/webapp/WEB-INF/views/client.jsp
index 0c00395..2285566 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/client.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/client.jsp
@@ -5,7 +5,7 @@
 <%@ page import="java.util.TimeZone"%>
 <%@ page import="javax.servlet.http.HttpServletRequest" %>
 <%@ page import="org.apache.cxf.fediz.service.oidc.CSRFUtils" %>
-<%@ page import="org.owasp.esapi.ESAPI" %>
+<%@ page import="org.apache.commons.lang3.StringEscapeUtils" %>
 
 <%
  Client client = (Client)request.getAttribute("data");
@@ -77,7 +77,7 @@
 </head>
 <body>
 <div class="padded">
-<h1><%= ESAPI.encoder().encodeForHTML(client.getApplicationName()) %></h1>
+<h1><%= StringEscapeUtils.escapeHtml4(client.getApplicationName()) %></h1>
 <br/>
 <table border="1" id=client>
     <%

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp b/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
index 8254c50..b8fd3d1 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
@@ -8,7 +8,7 @@
 <%@ page import="javax.servlet.http.HttpServletRequest" %>
 <%@ page import="org.apache.cxf.fediz.service.oidc.CSRFUtils" %>
 <%@ page import="org.apache.cxf.fediz.service.oidc.clients.ClientCodeGrants" %>
-<%@ page import="org.owasp.esapi.ESAPI" %>
+<%@ page import="org.apache.commons.lang3.StringEscapeUtils" %>
 
 <%
  ClientCodeGrants tokens = (ClientCodeGrants)request.getAttribute("data");
@@ -46,7 +46,7 @@
 </head>
 <body>
 <div class="padded">
-<h1>Code Grants issued to <%= ESAPI.encoder().encodeForHTML(client.getApplicationName()) + " (" + client.getClientId() + ")"%></h1>
+<h1>Code Grants issued to <%= StringEscapeUtils.escapeHtml4(client.getApplicationName()) + " (" + client.getClientId() + ")"%></h1>
 <br/>
 <table border="1">
     <tr><th>ID</th><th>Issue Date</th><th>Expiry Date</th><th>Action</th></tr>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp b/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
index ed96511..b5a76fc 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
@@ -9,7 +9,7 @@
 <%@ page import="javax.servlet.http.HttpServletRequest" %>
 <%@ page import="org.apache.cxf.fediz.service.oidc.CSRFUtils" %>
 <%@ page import="org.apache.cxf.fediz.service.oidc.clients.ClientTokens" %>
-<%@ page import="org.owasp.esapi.ESAPI" %>
+<%@ page import="org.apache.commons.lang3.StringEscapeUtils" %>
 
 <%
  ClientTokens tokens = (ClientTokens)request.getAttribute("data");
@@ -48,7 +48,7 @@
  </STYLE>
 </head>
 <body>
-<h1>Tokens issued to <%= ESAPI.encoder().encodeForHTML(client.getApplicationName()) + " (" + client.getClientId() + ")"%></h1>
+<h1>Tokens issued to <%= StringEscapeUtils.escapeHtml4(client.getApplicationName()) + " (" + client.getClientId() + ")"%></h1>
 <br/>
 <div class="padded">
 <h2>Access Tokens</h2>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp b/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
index e498248..4f634bd 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
@@ -2,7 +2,7 @@
 <%@ page import="java.util.List" %>
 <%@ page import="org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData" %>
 <%@ page import="org.apache.cxf.rs.security.oauth2.common.OAuthPermission" %>
-<%@ page import="org.owasp.esapi.ESAPI" %>
+<%@ page import="org.apache.commons.lang3.StringEscapeUtils" %>
 
 
 <%
@@ -77,7 +77,7 @@
                             }
                         %>
 
-                        <h2>Would you like to grant <%= ESAPI.encoder().encodeForHTML(data.getApplicationName()) %><br />the following permissions:</h2>
+                        <h2>Would you like to grant <%= StringEscapeUtils.escapeHtml4(data.getApplicationName()) %><br />the following permissions:</h2>
 
                         <table>
                             <%

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/386f41b3/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp b/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
index 009cccf..4fa7600 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
@@ -6,7 +6,7 @@
 <%@ page import="java.util.TimeZone"%>
 <%@ page import="javax.servlet.http.HttpServletRequest" %>
 <%@ page import="org.apache.cxf.fediz.service.oidc.clients.RegisteredClients" %>
-<%@ page import="org.owasp.esapi.ESAPI" %>
+<%@ page import="org.apache.commons.lang3.StringEscapeUtils" %>
 
 <%
  Collection<Client> regs = ((RegisteredClients)request.getAttribute("data")).getClients();
@@ -52,7 +52,7 @@
     %>
        <tr>
            <td><a href="<%= basePath + "console/clients/" + client.getClientId() %>"><%=
-               ESAPI.encoder().encodeForHTML(client.getApplicationName()) %></a></td>
+               StringEscapeUtils.escapeHtml4(client.getApplicationName()) %></a></td>
            <td>
               <%= client.getClientId() %>
            </td>